Social engineering and reverse social engineering are types of techniques used by hackers to steal

valuable confidential information using different forms of manipulation. It involves human interaction
where the hacker entices the target to lure them into committing errors through which he gains access to
personal information for monetary purposes. There are several different types of such techniques such as
phishing, baiting, tailgating and so on.
These types of attacks are very common in the present world and most of us know about them, yet still
fall prey to such tactics as we do not pay much attention to detail. Several large scale companies around
the world have been targeted by hackers to gain confidential information. The targeted company
invariably is subjected to heavy financial losses and they end up losing the client and customer’s trust and
they find it very hard to recover from such attacks.
One such attack took place in 2013 on a major giant which was one of the largest data breaches to ever
occur. Yahoo was hacked by an individual who gained access to the servers when an unsuspecting
employee chose to click on one of the links attached in an email. This led to around 3 billion accounts
being compromised in the click of a button. Yahoo found it really hard to recover from the trust they lost
as valuable personal and account information was leaked.
It is imperative to prevent such attacks as it may cause irreparable damage. The following steps should be
taken in order to reduce the risks associated with these attacks:
1. The employees working for the company have to go through basic training which prevents them
from falling prey to such threats. The training must focus on the Do’s and Don’ts when it comes
to emails and calls received from unknown sources.
2. The company needs to establish some rules and regulations in order to grant users control over
domains they are involved with and keep a check on what access is granted to which user. The
accesses granted should be password protected and should follow two step authentication to
verify the user who is about to login and gain access to company information.
3. The company has to have certain measures in place to control the personal devices through which
employees gain access to the company network. Certain guidelines need to be followed and data
needs to be encrypted. The sites accessed and links visited should be monitored in order to
prevent these attacks.
4. Modern technology needs to be implemented so that it could filter out suspicious emails and
threats before it reaches the user so that it acts like a safety net. The technology will be able to
protect the users from the threats originating from known and unknown sources.

References:
Dobran, B. (2019, April 30). 17 Security Experts on Social Engineering Attacks: Techniques &
Prevention. Retrieved from https://phoenixnap.com/blog/prevent-social-engineering-attacks
Williams, M. (2017, October 04). Inside the Russian hack of Yahoo: How they did it. Retrieved from
https://www.csoonline.com/article/3180762/inside-the-russian-hack-of-yahoo-how-they-did-it.html