As anti-malware tools improve, attackers look for other easy attack vectors. Social Engineering is
one of those attack vectors. Using Case Project 2-4 found in your text as a guide, create a scenario
that could be used to train an organization’s employees on this potential attack. Keep in mind this
is a wetware attack. Explain how your scenario will provide information that would be beneficial to
the attacker in future exploitation of the organization.
An example I would create to train my employees is a phishing attack. I would create an email
ad around this time of the year (Christmas time), and state that if you click on the link
attached to the email you can enter your name in a holiday gift draw. Once the link is clicked
"spyware" will be launched on the users computer. The spyware
that is launched on the
user's computer will be able to monitor their keystrokes, which logs passwords and
usernames. The information collected will show how many employees clicked on the link. This
information will be used to educate each user why it is important not to click on unfamiliar
links. It will also help them understand anything they are not 100% certain about, they should
ask questions to gain clarification.
