INSERT SURNAME HERE 1
Cyber Security
Institutional Affiliation
Date
Social engineering attack is when the person who performs the attack uses social skills to
get information about an institution or its computer systems. The attacker might appear as a
normal person working within the organization or temporarily hired by the organization
unknowingly and might even produce credentials to support his or her identity. Though by
asking questions from a single or multiple sources, the attacker might piece together information
he or she needs to get into an organization’s network (Irani 55-74).
A phishing attack is like a form of social engineering attack though the person doing the
attack does not use social skills; rather he or she uses harmful websites or an individual’s email
to get personal data from the victim by pretending to be a trustworthy organization. An example
is when the attacker sends an email from a well-known credit company or financial institution
requesting for the victim’s bank account information, often suggesting the account has some
issues that need verification. When the unsuspecting users reply with this information, attackers
use this to access the accounts. These attackers may also take advantage of certain calamities
such as hurricanes by posing as charities to extort unsuspecting victims (Irani 55-74).
These are some of the ways one avoids being a victim of either social engineering attack
or phishing attack. One should always be suspicious of random visits, phone calls or emails
asking about other employees or an organization’s internal info. In case a stranger claims to be
from a certain organization, one should first try to contact the said organization so as to confirm
INSERT SURNAME HERE 2
if the person is legitimate or not. Another way is one should never provide information of any
kind whether personal or the organization’s information to any person unless you are completely
sure one has the relevant authority to access the said information. Also one should never reveal
personal or financial info through the email and in case you receive strange messages soliciting
for either information one is advised to never respond to these emails. Also, links sent through
emails should be ignored and sensitive information should never be sent via the internet until one
is able to confirm the website’s security. People should pay more attention to website’s URL just
to make sure the website is original and not a malicious one. One should also install antivirus
software, email filters, and firewalls and ensure they are regularly updated so as to reduce
internet traffic on your computer. If you feel unsure about a request sent via email, one should
contact the company directly and never use the contact information provided on the website
connected to the email (Irani 55-74).
Here are some of the ways one can know if his or her identity has been stolen. One
should always be aware of the changes occurring in one’s account. These are some of the
examples that could show someone has got access to your personal information. They include;
new, strange accounts showing on your financial reports, sudden cancellation or denial of your
credit cards, bills that usually appear regularly suddenly stop showing, a sudden appearance of
unusual bills or bills that cannot be explained, and bills for accounts, product or services that you
have never had (Liu 981-997).
These are some of the ways one can minimize being a victim of identity theft though it is
not always a guarantee that you can never be a victim. First, you should stop publicizing personal
information on public platforms like social media since attackers can put together information
from various sources and can use this to steal your identity. One should also ensure to take
INSERT SURNAME HERE 3
advantage of security features such as passwords as this also add protection if used in the best
ways possible. One should pay keen attention to bank statements and credit reports. One is
entitled to a copy of his or her credit report once every twelve months from each of the main
credit reporting companies and it is absolutely free. One should also ensure that he or she does
business with reputable companies before submitting any personal or financial information.
Though some attackers may also try con one into submitting their vital information by creating
malicious websites, one should ensure to verify if it is the same company as the one shown
before giving out any information (Liu 981-997).
One should always take precautions when giving out info and ensure to read carefully
published privacy policies to check how the company uses or distributes the information (Irani
55-74).
Email attachments can be dangerous in the sense that some of the traits that make it more
popular also make it vulnerable. Viruses can be forwarded as emails since emails are easily
circulated thus affecting many machines. Most viruses and malware do not even need the users
to forward their emails, attackers can just scan a user’s computer for email addresses and send to
them viruses in the form of emails. Attackers rely on the advantage that people tend to open
emails from people they know without question. Also, some emails have the option to allow
attachments download automatically once they are received and this exposes one’s computer to
any malware that could be in the attachment (Uma 390-396).
Any type of file can be sent through emails and this allows attackers to have more
freedom in terms of the type of virus they can send.
INSERT SURNAME HERE 4
These are the steps you can take to protect yourself and others in your address book. You
should be careful of unexpected attachments even if you know the sender. It does not mean that
if an attachment was sent from someone you know you should immediately open it. If possible,
one should check with the person who maybe sent the attachment just to confirm if it is legit then
you can open it. These also include email messages from supposedly ISP or software vendors
that claim to have in them some anti-virus software. These vendors do not send patches or
software via email (Liu 981-997).
One should always ensure that the software they are using is always up to date. Software
patches should be installed so that attackers cannot take advantage of the known difficulties and
vulnerabilities. Most operating systems have automatic updating features it is advisable to enable
such features (Irani 55-74).
If you feel an email is suspicious, it is better if you do not open it even if the antivirus
software shows that it is clean. Attackers constantly release new viruses and the anti-virus
software may not yet have the signature. In the case of forwarded messages, they might come
from a legitimate sender but still contain viruses. It is advisable not to let curiosity make you
open an email thus putting your computer at risk. Attachments should be saved and scanned
before opening them. Before opening an attachment, you should be sure the signatures on your
anti-virus software are up to date. One should also save the file on his or her computer then
manually scan the file using the anti-virus software to check if it is safe to open (Uma 390-396).
One should always ensure that the option to automatically download attachments is
always off so as to not accidentally open files containing malware. One should have multiple
accounts on his or her computer that do not have same privileges. New emails should be read on
INSERT SURNAME HERE 5
these accounts with limited privileges since some viruses require administrator privileges for
them to infect a computer. Additional security practices should be applied. Email software such
as Reducing Spam or firewalls should be used to filter certain varieties of attachments (Liu 981997).
Firewalls protect computers from attackers by guarding the computer or the network one
is using from harmful or unimportant network traffic. It also prevents malicious software from
being able to access the network. Firewalls can be configured to block information from certain
locations or apps and allowing information that is needed through (Liu 981-997).
Firewalls exist in different types. The difference is always in where they are located and
the type of activities they put in check. Though broadly they can be classified as hardware or
software. Though both have their advantages and disadvantages, one is advised to always ensure
he or she has a firewall installed on their computer (Liu 981-997).
Firewalls that are contained in the hardware of a computer are called network firewalls.
These firewalls are usually in place between one's computer and the internet. Most vendors and
Internet Service Providers (ISPs) offer assimilated small office or home offices (SOHO) routers
that also have firewall features. Hardware-based firewalls are important in making sure they
protect multiple computers while controlling the type of network activity passing through them.
Hardware-based firewalls provide an extra line of protection since they are separate devices that
run on their own operating systems unlike system or host-level protections (Liu 981-997).
Then there are the software-based firewalls. These are in built firewalls found in most
operating systems and even though one might have a hardware-based firewall, it is important to
still have software-based firewalls for added protection. Firewall software can be got from the
INSERT SURNAME HERE 6
internet, a local computer store, software vendor or even an Internet Service Provider. All
firewall software downloaded from the internet should be from a reliable and reputable source
(Liu 981-997).
An advantage of software firewalls is their capability to regulate specific network
performance of individual applications on a computer or network system. Even though relying
on a software firewall alone still provides security, one should know that having the firewall on
the same computer as the data one is trying to protect may make the firewall drop in its ability to
identify and stop harmful activities (Uma 390-396).
INSERT SURNAME HERE 7
Work Cited
Rowe, Dale C., Barry M. Lunt, and Joseph J. Ekstrom. "The role of cyber-security in information
technology education." Proceedings of the 2011 conference on Information technology
education. ACM, 2011.
Liu, Jing, et al. "Cyber security and privacy issues in smart grids." IEEE Communications
Surveys & Tutorials 14.4 (2012): 981-997.
Uma, M., and Ganapathi Padmavathi. "A Survey on Various Cyber Attacks and their
Classification." IJ Network Security 15.5 (2013): 390-396.
Irani, Danesh, et al. "Reverse social engineering attacks in online social networks." Detection of
intrusions and malware, and vulnerability assessment(2011): 55-74.
Purchase answer to see full
attachment