Question

Objectives Research and identify social engineering attacks Background / Scenario Social engineering is an attack with...

Objectives

Research and identify social engineering attacks

Background / Scenario

Social engineering is an attack with the goal of getting a victim to enter personal or sensitive information, this type of attack can be performed by an attacker utilizing a keylogger, phishing email, or an in-person method. This lab requires the research of social engineering and the identification of ways to recognize and prevent it.

Required Resources

- PC or mobile device with Internet acces

Step 1: Read the following article.

Navigate to the following website and read it thoroughly to answer the following questions in step 2.

https://www.sans.org/reading-room/whitepapers/critical/methods-understanding-reducing-social-engineering-attacks-36972

  1. Step 2: Answer the following questions.
  2. a. What are the three methods used in social engineering to gain access to information?

  1. What are three examples of social engineering attacks from the first two methods in step 2a?

  1. Why is social networking a social engineering threat?

  1. How can an organization defend itself from social engineering attacks?

  1. What is the SANS Institute, which authored this article?

Homework Answers

Answer #1

a) Three methods used in social engineering to gain access to information :

1. Phising :

Phising is a very common way of social engeenering attacks. In this attacker tries to obtain personal information such as names, addresses and social security numbers. Attacker sends shortened or misleading links and when target clicks on it, that redirects target to phising webpages.

2. Pretexting :

Pretexting is another form of social engineering where attackers focus on creating a good pretext, or a fabricated scenario, that they use to try and steal their victims’ personal information.

3. Baiting :

Here attackers make promise of an item or good that malicious actors use to entice victims. Baiters may leverage the offer of free music or movie downloads, for example, to trick users into handing their login credentials.

b) Examples

1. Phising :

Attacker A duplicates target T's bank login page design and send an email to T that he has a problem in his bank account and he needs to click on the link to view his account.

Now T clicks on the link and gets fooled by the duplicated web page and types his id and password which then A gets all the information and gets access to the T's bank account.

2. Pretexting :

An attacker might impersonate an external IT services auditor so that they can talk a target company’s physical security team into letting them into the building.

c) Social networking is a threat of social engineering as social networking allows people to connect with each other and communicate and share stuffs. So, using social networking attackers can pretend as someone else and contact anyone and gain access to their personal information and cause threat to them.

Social media being social means no information shared there is private and one smart attacker can collect much infomration about his target from the social networking sites like his photo, address, number, hobby, likes, dislikes, interests, type of posts, mindset, political views and much more. These information can be used against the target hence making social networking a threat.

d) Organization can defend itself from social engineering attacks by,

  • Educating employees about the the types of attacks and how to tackle such problems if faced. Making them aware about pretexters also.
  • Limiting the organisation's important infomration's access and making levels of access as in what people can access what level information
  • Never release important comapany information publicly and try to be as private as possible.
  • Be cautious and aware if anyone offers a deal for free or make an unexpected deal.
  • Invest in an identification system that not only limits access to offices but also tracks an employee’s time in and out.
  • Install automatic locks on computers so that whenever there is no activity on them, they automatically enter sleep mode and cannot be accessed again without a password.
Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions