In a world where everyone is using a smart device, there are many tricks used by scammers to steal information. One of those methods is social engineering, a situation where a scammer manipulates device users with the intention of stealing their information.
Social engineering has been used by attackers to commit fraudulent activities, gain unauthorized access to systems and to do any other kind of harmful activities. Social engineering attacks were once reported to rise by 500% in 2021. There have been many attacks linked to social engineering in the information age. The following are the top social engineering attacks in history.
1. Associated Press Twitter Posts
April 2013 saw the AP news agency Twitter account being targeted by social engineers. With a fake email that requested login details, attackers of the news agency’s account were able to gain access to the platform. They proceeded to post that the white house had been attacked and that President Barack Obama was injured. This tweet affected the markets where the DOW plummeted by 150 points. The attack was discovered and repaired, but not before the damage had been already done.
2. DNC Hack
There are many instances where VPN Protocols can offer security to the network from attackers. The various tunneling and security protocols that come with Freedome VPN for example can be used to detect fake messages and prevent attacks (some services such as Windscribe not connecting properly). One case that proved to be the simplest but undetected form of social engineering happened in 2016 when the Democratic National Committee was targeted. Russian intelligence hackers were able to obtain email information from members of the committee by pretending to be associated with Google. By using a simple spear phishing link, they were able to obtain information from members of the committee and the information was leaked to WikiLeaks, leading to the resignation of multiple personalities.
3. Yahoo! Security Breaches
Various tech companies have been attacked over the years. Yahoo! famously came out to report the spear-phishing attack that had taken place in their company in 2014. Regardless of the good gesture, the company made false revelations about the nature of the attack by trying to lessen its scale. In reality, the attacks that happened in the company had led to the loss of billions of user data which was sold on the dark web. Because of the attacks, the company’s value plummeted.
4. Kane Gamble attack on CIA
Kane Gamble, a 15-year-old at the time of his attack on the CIA, managed to impersonate the CIA boss John Brennan. He used a simple vishing tactic that allowed him to gain access to sensitive information about the agency. He then proceeded to attack several targets including the FBI, the US Department of Justice, the Homeland Security and various other targets. The teenager was caught in 2018 and he was given a 2-year sentence for his crimes.
5. RSA Attack
RSA was the target of a successful SecurID attack in 2011. The company was targeted by attackers who managed to fool the employees by using a simply spam email. The email contained a spreadsheet which was laced with a zero-day Flash exploit. Four employees opened this email and the systems were compromised. It is reported that the breach involved the stealing of RSA database mapping token serial numbers. The company claimed that no information was stolen but still urged its users to protect their serial numbers.
6. Target Data Breach
2013 saw an attack on Target that led to the loss of sensitive customer information. It is reported that up to 70 million accounts were compromised in the attack that revealed Target’s weak cybersecurity system. The company had given access to its network to an HVAC vendor. Attackers used this loophole to get into the network and initiate a PoS attack. The company suffered financially as a result of the breaches.
7. The Sony Pictures Hack
Another major attack to occur in recent history is the Sony Pictures hack. This hack happened in 2014 when a group calling itself Guardians of Peace gained access to the company’s networks. The group had many demands which included that Sony should not release its movie The Interview. Sony, unfortunately, missed an email that contained the information about the various demands and the hacker group released details about the company that harmed its reputation.