Tuesday, July 14, 17:48
Home how To What is Social Engineering, what are its techniques and how to ...

What is Social Engineering, what are its techniques and how to protect yourself?

Social interaction Engineering is the term used for a wide range malicious activities which are accomplished through human interactions. It uses psychological manipulation to cheat users to make security mistakes or reveal sensitive information.

Social Attacks engineering occur in one or more ways. An actor first investigates the victim who intends to gather the necessary information, such as possible entry points and weak security protocols, required for the attack to proceed. Then, the hacker tries to gain victim's confidence and lead him to actions that will make him vulnerable, such as disclosing sensitive information or providing access to critical resources.

What makes social engineering especially dangerous is that it is based on human error and not on vulnerabilities software and operating systems. Errors made by legitimate users are much less predictable, making it harder to detect and prevent than a malware-based invasion.

Social Engineering

Attack techniques social engineering

Social engineering attacks come in many different forms and can executed wherever the human interaction is involved. The following are the five most common forms of digital social engineering attacks.

Baiting

As its name implies, the attacks Baiting they use a false promise to move the curiosity of the victim. They attract users to a trap that steals their personal information or infects their systems with malicious software.

The most dangerous form of Baiting uses physical means to distribute malicious software. For example, attackers send the bait (flash drivers with contaminated software) in prominent areas, where potential victims are certain to see it (eg bathrooms, lifts, parking space of a targeting company). The bait will have something that usually draws the attention of the victims, such as a label that says "company pay list".

Victims take the bait out of curiosity and import it to a work computer or home, resulting in the automatic installation of malware in the system.

Of course, baiting scams do not have to be done only in physical space. There are also online baiting forms made up of tempting advertisements that lead to malicious sites or that encourage users to download an application that is infected by malicious software.

Scareware

Scareware is the bombing of victims with false alarms and fictitious threats. Users are misled to think that their system is infected by malware, encouraging them to install software that has no real benefit. Scareware is also referred to as cheating software, rogue scanner software or fraudware.

A common example of scareware is the legally pop-up pop-up banners that appear on Browser during surfing, presenting such a text "Your computer may be infected by malicious spyware programs." It is either set up for you the necessary tool (often infected with malware) or will direct you to a malicious location where your computer will be infected.

Scareware is also distributed through spam email.

Pretexting

Here an attacker acquires information through a series of intelligently created lies. Fraud is often caused by an offender pretending to need sensitive information from a victim to perform a critical job.

The attacker usually starts by establishing trust with the victim representing colleagues, police officers, bankers and tax officers or other persons with legitimate authority. The pretexter poses questions that are apparently required to confirm the identity of the victim through which they collect important personal data.

All the necessary data and files are collected using this fraud, such as social security numbers, personal addresses and phone numbers, phone records, holiday dates, bank files and more.

Phishing

One of the most popular types of social engineering attack, the phishing scams are emails which are aimed at drawing the attention of the victims. They then lead to the disclosure of sensitive information by clicking links on malicious sites or by opening attachments that contain malware.

An exemplary example is the email sent to users of an online service that notifies them of a policy violation that requires immediate action on their part, such as a change Password. It includes a link to an illegal site - almost identical to its legitimate version - prompting the unsuspecting user to enter the current credentials and its new password. By submitting the form, the information is sent to the attacker.

Since the same or almost identical messages are sent to all users in phishing campaigns, detection and blocking are much easier for mail servers that have access to threat sharing platforms.

Spear phishing

This is a more targeted version of it phishing fraud with which an attacker selects specific individuals or businesses. They then customize their messages based on the features, jobs, and contacts that belong to their victims to make their attack less apparent. Spear Phishing requires a lot more effort on the part of the offender and it may take weeks and months to withdraw. They are much harder to identify and have better success rates if they are skillful.

A spear phishing scenario may include an attacker who, in the same way he mimics one IT consultant an organization sends an e-mail to one or more employees. It is drafted and signed exactly as a counselor would do, deceiving the recipients to believe it is an authentic message. The message asks recipients to change their password and provides them with a link that redirects them to a malicious page where the attacker now captures their credentials.

Social Engineering

Prevention of Social Engineering

Social engineers manipulate human feelings, such as curiosity or fear, to achieve their purpose. Therefore, be cautious whenever you receive an email, message the notice which seems a little strange to us.

Additionally, the following tips can help you improve your vigilance with regard to social engineering hacks.

  • Do not open emails and attachments from suspicious sources

If you do not know this sender, you do not have to reply to an email. Even if you know them and are suspicious of their message, check and confirm the news from other sources, such as by phone or directly from a service provider's website. Remember that all email addresses are being continually violated. Even an email that allegedly comes from a trusted source may come from a hacker.

  • Use multi-factor authentication

Using multiple-factor authentication helps protect your account in the event of a malicious system.

  • Be careful with the tempting offers

If a bid sounds very tempting, think twice before clicking the click.

Make sure you've turned on automatic updates. Check periodically to make sure that updates have been applied and to scan your system for possible infections.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

00:04:13

Find out if you have been hacked and what to do about it

Hacking attacks are a daily occurrence with many victims worldwide. Everyone is vulnerable to cyber hackers, but the threats do not ...

ISIS accounts continue Facebook propaganda

According to a new research, some accounts connected to the terrorist group ISIS, still exist on Facebook, without becoming ...

US and UK: Dealing with major cyber attacks

The United States, the United Kingdom, India and Germany have experienced many "significant" cyber attacks over the past 14 years, ...

Google Meet: New security settings for training meetings

New security features are coming into the Google Meet video chat app for education subscribers' teleconferencing.

Technology companies against the deportation of foreign students from the USA!

Technology giants such as Google, Microsoft and Facebook, as well as many other technology companies, have joined the US Chamber of Commerce, ...

Microsoft announces new features in ATP for Azure Storage!

Microsoft announced today that Advanced Threat Protection (ATP) for Azure Storage now enables customers to protect ...

The UK is on the alert for cyber attacks from China

The United Kingdom must be vigilant about possible cyber attacks by countries such as China, government ministers have said.

Linux 5.8-rc5: Will be released with terminology changes

On July 4, Dan Williams proposed changing the special terms of Linux, with new names ...

Belgium: Jackpotting attack on Argenta bank ATM

Argenta Bank, based in Antwerp, Belgium, has been the victim of a jackpotting attack. Is...

Apple's $ 25 compensation for "batterygate"

In March, Apple agreed to distribute up to $ 500 million to US users, as part of a settlement that came from the iPhone ...