Objectives
Research and identify social engineering attacks
Background / Scenario
Social engineering is an attack with the goal of getting a victim to enter personal or sensitive information, this type of attack can be performed by an attacker utilizing a keylogger, phishing email, or an in-person method. This lab requires the research of social engineering and the identification of ways to recognize and prevent it.
Required Resources
- PC or mobile device with Internet acces
Step 1: Read the following article.
Navigate to the following website and read it thoroughly to answer the following questions in step 2.
https://www.sans.org/reading-room/whitepapers/critical/methods-understanding-reducing-social-engineering-attacks-36972
a) Three methods used in social engineering to gain access to information :
1. Phising :
Phising is a very common way of social engeenering attacks. In this attacker tries to obtain personal information such as names, addresses and social security numbers. Attacker sends shortened or misleading links and when target clicks on it, that redirects target to phising webpages.
2. Pretexting :
Pretexting is another form of social engineering where attackers focus on creating a good pretext, or a fabricated scenario, that they use to try and steal their victims’ personal information.
3. Baiting :
Here attackers make promise of an item or good that malicious actors use to entice victims. Baiters may leverage the offer of free music or movie downloads, for example, to trick users into handing their login credentials.
b) Examples
1. Phising :
Attacker A duplicates target T's bank login page design and send an email to T that he has a problem in his bank account and he needs to click on the link to view his account.
Now T clicks on the link and gets fooled by the duplicated web page and types his id and password which then A gets all the information and gets access to the T's bank account.
2. Pretexting :
An attacker might impersonate an external IT services auditor so that they can talk a target company’s physical security team into letting them into the building.
c) Social networking is a threat of social engineering as social networking allows people to connect with each other and communicate and share stuffs. So, using social networking attackers can pretend as someone else and contact anyone and gain access to their personal information and cause threat to them.
Social media being social means no information shared there is private and one smart attacker can collect much infomration about his target from the social networking sites like his photo, address, number, hobby, likes, dislikes, interests, type of posts, mindset, political views and much more. These information can be used against the target hence making social networking a threat.
d) Organization can defend itself from social engineering attacks by,
Get Answers For Free
Most questions answered within 1 hours.