SOCIAL ENGINEERING
EXERCISE
CAUTION
Have you
ever received an email from the prince of Nigeria offering to pay you 10 lakh
rupees or have you ever been lucky enough to win an Audi car in a lucky draw to
which you never signed up for! After all the only thing needed to claim those
prizes was to submit you bank details.
Well, if
you have then you have been an exclusive part of social engineering. These are
some of the techniques hackers use to lure you into their trap and hack your
system. Let’s learn more on Social Engineering in the next video.
SOCIAL ENGINEERING
Have you ever
wondered if you could make someone perform a task subconsciously? Something
they would never do in a normal state of mind.
This is
what social engineering is all about. Think about it, a hacker can bait you to
click on a link and boom, he’s inside your computer. Able to do whatever he
desires.
Watch this
video to know all about social engineering; The four phases of social
engineering attacks as well as the various types of techniques used as baiting,
phishing, vishing, and more!
After all,
the least we can do to protect ourselves in this digital era is to educate
ourselves.
WHAT IS
“TAILGATING”?
It is the
practice of following other person closely to enter specific area without
proper authentication (Credentials, PIN…).
Attackers’
authentication often learns habits of victims, if Jane goes out from the company’s
building every day in the 3:00PM to smoke cigar, I will come at the same time,
I will gentle ask Jane to me in the building next to her, because I forgot my
card that is used for authentication on the desk in the building. In reality I
will always hold open door for handsome girl that has something in her hands.
This type
of attack is prevented with implementation of physical control-Mantraps, this
type of control represents buffer area that only one person at the time can
access, person need to close back door before front opens, before opening front
doors system demands some type of authentication material.
WHAT IS
“PHISHING”?
Phishing is
the practice of sending email to user, or group of users with intension to
trick them to click on the malicious link, or to reveal some sensitive personal
information.
There are 2
types of phishing
1. Spear Phishing represents email
spoofing attack where attacker target specific user – in other word attacker
would try to impersonate person that is high-ranked business head CEO. For
example, the attacker would try advantages he would try to trick specific user
to give him some valuable info.
2. Whaling is a form of Spear Phishing
where attacker instead of impersonate high- ranked head and trick low-ranked
head, impersonate someone high-ranked, or not impersonate at all, but in this scenario,
attacker tries to trick high-positioned persons in the company.
1. What is the practice of
impersonating someone high-ranked to trick a specific user for valuable details
called?
a. Whailing
b. Spear phishing
c. Mantraps
d. Baiting
Ans-b. Spear phishing
KEY TAKEAWAYS!
Understanding how hackers manipulate us on the
internet might me scary. Let’s revise a few points from the video to help us
browser safer.
·
Phishing
is the most common type of social engineering attack that occurs today. Beware
of those fraudulent emails you receive.
·
Pretexting
is another form of social engineering where attackers focus on creating a good
pretext, or a fabricated scenario, that they use to try and steal their
victim’s personal information.
·
Baiting
is in many ways similar to phishing attacks. However, what distinguishes them
from other types of social engineering is the promise of an item or good that
malicious actors use to entice victims.
·
Know
what you browse for any stay safe.
Posts
0 Comments