Introduction
Social engineering attacks present a significant threat to the security of modern organizations and businesses. While the issue has dire consequences in real life, the portrayal of social engineering attacks in movies and TV shows effectively attracts viewers by adding excitement to their entertainment. However, in glorifying the attackers’ intention to rob rich people and large organizations, the media overlooks the social engineering attacks’ effect on the victims. This essay will focus on one example of a social engineering attack, analyzing which factors led the victim to believe the attacker and whether it was possible to stop the attack.
Overview of Inventing Anna (Episode 4)
Inventing Anna is a drama television series produced by Shonda Rhimes for Netflix. The show was released in 2022 and quickly gained popularity due to its connection to real-life events. The drama focuses on the life story of a con artist known to the public as Anna Delvey. Delvey was found guilty of grand larceny and theft of services, forever leaving an imprint in history as one of the most famous fraud cases. Delvey’s portrayal in the TV show earned her a reputation as a “master manipulator” and a social engineering genius capable of crafting an image of a wealthy heiress and socialite (Suydam, 2022).
The fourth episode of the miniseries demonstrates how Anna deceived several large banks to secure funding for her art foundation. Analyzing the episode can yield important insights into social engineering attacks and their direction.
Social Engineering Attack Depicted in the Episode
Delvey’s primary victim in the episode is Alan Reed, a well-respected lawyer. Reed had the legal power to confirm Anna’s paying capacity, an extensive network of influential connections, and a good reputation, which led to his victimization. The lawyer was first introduced to Delvey through a mutual acquaintance who referred to her as a “European heiress” (Ajayi & Frankel, 2021). Thus, the first step in a successful social engineering attack often involves attempting to gain the victim’s trust through mutual acquaintances.
Next, after scanning the people in Reed’s office, Delvey concludes that her appearance does not match the environment. After receiving a consultation refusal from Reed due to a lack of Delvey’s business experience, she returns for a second attempt. This time, she comes prepared, and her outfit reflects the seriousness of the business meeting. One can conclude that a formal or familiar appearance, such as a work uniform or business attire, also fosters trust with the victim.
Furthermore, the show implies that Delvey learned more about Reed’s background and that Reed’s daughter was about the same age as Anna. Next, in establishing an association between herself and Reed’s daughter, Delvey continued to persuade the lawyer’s trust. Thus, learning about the victim’s background is essential to the attacker, as it provides them with more opportunities for manipulation.
After a partially successful meeting, Reed was invited to a dinner with other influential acquaintances whom Delvey had deceived earlier. The dinner experience gives Reed confidence in Delvey’s impeccable reputation. Motivated by his financial interests, Reed eventually confirms Delvey’s solvency, opening the door to financial investments from several large banks. Therefore, in social engineering, attackers can motivate victims to take the desired action by promising them a portion of the benefits.
Lessons on Preventing Social Engineering Attacks
The lawyer could take several measures to stop the social engineering attack. Reed’s first mistake was giving Delvey a second chance, which enabled her to better prepare for the attack. Next, the victim allowed the attacker to manipulate his personal feelings, which already signaled the client’s violation of mutual respect boundaries. Lastly, the victim failed to estimate possible consequences and risks due to personal investment and financial motivation.
Conclusion
In conclusion, the analysis draws two critical lessons about preventing social engineering attacks. Firstly, employees need to be aware of their responsibilities and the possible consequences of their actions. Furthermore, hasty decision-making can present a significant red flag because it always carries additional risks. Thus, it is essential to be careful and avoid hasty decisions to avoid becoming a victim of social engineering attacks.
References
Ajayi, A. (Writer), & Frankel, D. (Director). (2022). A wolf in chic clothing (Season 1, episode 4) [TV series episode]. In S. Rhimes (Executive Producer), Inventing Anna. Shondaland.
Suydam, H. A. (2022). Anna Delvey: The fake German heiress who conned her way to global infamy. Medium.