Social Engineering & Ransomware PDF

Summary

This document is a learner's guide on Social Engineering and Ransomware from NTUC Learning Hub and Cybint Solutions. It covers topics including how hackers exploit human behavior, different ways hackers can take advantage of the human element, and various methods of malicious social engineering like phishing, vishing, pretexting and clickjacking. It discusses important safety measures and avoidance techniques.

Full Transcript

NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

SECTION 6:

SOCIAL ENGINEERING AND RANSOMWARE

Many hackers exploit technical capabilities, but in fact the biggest
cyber security breach is human behaviour. This presentation will
focus on the different ways in which a hacker can take advantage
of the human element.
How to safely use a WiFi network
Vishing, clickjacking, spoofing and phishing
Ransomware
Safe browsing practices

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 99 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

SOCIAL ENGINEERING

The social engineering attack vector is based on psychological
manipulation of people into performing actions or divulging
confidential information.

The techniques are based on specific attributes of human
decision-making known as cognitive biases, or "bugs in the
human hardware".

Why bother developing and planning a sophisticated technical
hack when you could just trick someone into giving you access
to anything you want?

When receiving a mail titled “Your bank account has been
breached” with a bank signature, most people believe that this
scenario is for real. However, this kind of message can be
deceiving.

Pay attention to the sender, the language and the formatting.
We are easily intimidated. A massage written in an urgent or
threatening language may convince people to obey.

Social Engineering Methodologies

We will discuss four top methodologies of malicious social
engineering:
Phishing - the practice of sending emails appearing to be
from reputable sources with the goal of influencing or
gaining personal information.
Voice Phishing or Vishing - the practice of eliciting
information or attempting to influence action via the
telephone.
Pretexting - the practice of impersonation of another person
with the goal of obtaining information or access to a person,
company, or computer system.
Clickjacking - a malicious technique of tricking a web user
into clicking on something different from what the user
perceives they are clicking on.

Phishing

Phishing is the attempt to obtain information such as
usernames, passwords and credit card details, by
masquerading as a trustworthy entity. Typically, the phisher
sends an email that appears legitimate requesting information.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 100 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

The email usually contains a link to a fraudulent web page Notes
requesting everything from a home address to an ATM card's
PIN. Often, it presents a warning of some dire consequence if
the asked information is not provided

Vishing – Voice Phishing

The goal of vishing is to obtain valuable information by
exploiting people’s willingness to help. Attackers can “spoof”
their phone number and pose as an authority figure or fellow
employee to obtain information.

One example of a tech support vishing-attack is when an
impersonator calls targets in reference to an imagined issue
such as network speed. The attacker uses technical jargon to
explain why they need the employee to answer questions
including personal information.

Clickjacking

Clickjacking is a technique of tricking a web user into clicking
on something without knowing it. For example, a user might
receive an email with a link to a video about a news item, but
another webpage, say a product page on Amazon.com, can be
"hidden" on top or underneath the "PLAY" button of the news
video. The user tries to play the video but performs a different
action.

Autofill Jacking

Autofill is one of the most convenient ways of saving time
when willing forms, but websites can use this to take data
you don't know you're giving them.
This can provide hackers with email addresses, home
addresses, and even credit card information. Be careful with
that information you have stored in autofill settings.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 101 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

The following websites demonstrates this attack type:
https://robinlinus.github.io/autofill-phishing/
Notes
Spoofing

Caller ID and email spoofing are the most common methods to
deceive people into giving their private credentials. Let’s learn
about these.

Caller ID was a game changer when it was first put to use.
Since those days, the technology evolved, and Caller ID has
become a source for scams.
The phone number that passes through to the caller ID display
can be changed, regardless as to the true source of the call.
This is called “Caller ID Spoofing” and it has become a
common method used to deceive naïve people into giving their
private

The basic “Caller ID spoofing” wraps the sender’s
phone number with the false number, so that the
mobile provider passes the false number as the source
number.
The false number can be someone’s actual number, and this
person doesn’t know his number is being used.
In fact, if the call receiver tries to return to the original caller,
they would reach the rightfully owner of the phone number and
not the one who called them.

The Internal Revenue Service Scam

Imagine you receive a call, and the display shows the IRS
number. The callers claim they are with the IRS and you must
pay back taxes or penalties immediately to avoid arrest.
The victims of this scam are asked to immediately give their
credit card details, which is exactly what the criminals are after.

Email Spoofing

Email sender’s spoofing is as easy to fake as physical mail is.
When we send mail, we write the return address on the
envelope, and we refer to it as the “From” address, but
actually, we can write whatever address we want.
It is the same with emails – there are many tools that make
email sender spoofing very easy to do, without the need for
any technical knowledge.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 102 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

Social Engineering Avoidance Notes

Much of avoiding social engineering scams has to do with the
exact thing the attackers are trying to exploit – human
psychology. So first thing first – Don't Panic.
When you get a notification, email, warning or call, stop before
you act. Take a look at your screen, and pay attention to
what's there. Now we can begin.

Most of the time our email service would notify us of a
possibility of a fake email sender – so, look out for this
warning.

Another thing you can do is check the website link in the email.
It may look as the original website, but link to a fake website.
Try and write the link yourself to avoid fake web sites.

More ways is to check the email details:

Click on the top right corner of the email and check “Show
Original.”
Another web page will open with a lot of details about the
sender. That's where we can find the actual IP address of
the sender.
Now, copy this IP address and search for it in one of the
common sites that track IP addresses such
as https://domainbigdata.com.
If UOB is emailing you from the Czech Republic, it
might not really be UOB.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 103 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

Notes

Other Techniques

So now that we covered emails, let's go over some other
techniques.

First, keep your eyes open. If a Facebook page looks fake to
you – it might be a scam. If a website says you are their exact
1,000,000th visitor, it's probably a scam. Additionally, these
scams need you to do something for them to succeed.
Pay attention to what different web services are asking you to
do.

There are many ways to protect yourself from social
engineering scams, mostly by keeping your cool and not
panicking.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 104 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

Let’s take this fake “bank alert” for example. There are some
characteristics that identify an attack through an email. Can
you notice them?
Notes

Did you notice these?

The URL is odd
The website only asks for online ID and not the password
You can both sign in and you're in a 'secure area'
It's unclear if you're signing in or providing information

Did you notice anything else?

Ransomware

Ransomware is a type of malware that prevents or limits users
from accessing their system, either by locking the system's
screen or by locking the users' files until a ransom is paid.
Most ransomware is crypto-ransomware. They encrypt certain
file types on infected systems and force users to pay the
ransom online to get the decrypt key.

Ransomware can be accidentally downloaded when
unsuspecting users visit malicious websites.

Some Ransomwares are known to be delivered as
attachments from spammed email, downloaded from malicious
pages through malvertisements (malicious advertisements), or
dropped by exploit kits into vulnerable systems.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 105 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

Notes

Defending Against Ransomware

Since it takes some time for encryption to take place, if an
attack is suspected immediately remove the malware before it
has finished encrypting all the files. Make sure you turn off and
disconnect your work station before it infects others.
However, avoidance is the best defense - use an antivirus and
keep "offline" backups in safe locations, such as external
storage drives.

Should You Pay the Ransom?

There is no right answer, but you should consider the
following:
1. No one can guarantee that the hackers will
decrypt you data.
2. No one can guarantee that the hackers actually
have the ability to decrypt the data.
3. Paying the ransom might incentivize hackers to perform
more attacks.
4. Paying the ransom can be considered in some cases
illegal, especially if your payment might support groups
that are connected to terror organizations.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 106 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

SOCIAL ENGINEERING AND RANSOMEWARE QUIZ

Answer the following questions:

1. While working at your desk, you receive an email from the
IT department explaining that your password is out of date
and you must set a new one. The link within the email will
guide you through it. What step in ensuring the authenticity
of that email is not advised?
A. Call the IT department to make sure they sent the
message.
B. Check the expiration date of your password manually
through your account management menu.
C. Double check the domain and email address of the
sender to make sure it was sent from the IT
department.
D. Copy the link and paste it in the URL bar.

2. You receive a request from your bank concerning your
identification details. What is considered a measure in
which to ensure the email is not a phishing scam?
A. Double check to confirm the correct domain name.
B. Check to see if the bank’s logo is attached.
C. Log in manually to your online bank account and check
for more information about the request.
D. A and C

3. Which one of the next stories best describes the beginning
of a phishing scam?
A. Your bank account manager calls and asks you to
confirm your address to make sure she has the right

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 107 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

one.
B. Your spouse calls and asks if you know anything about Notes

participating in a certain lottery because you got a letter
saying you won.
C. Your insurance broker sends you an email with a PDF
file of your new insurance policy attached, as he
promised when you talked earlier.
D. A call centre representative calls your office to offer you
a new deal and asks for your cell phone number in
order to text you a link with the information.

4. Which of the following characterizes a phishing scam?
A. Personal information request
B. Contact was initiated by you
C. Website doesn't use https

D. Long URL address

5. What communication entities can be spoofed?
A. Phone number
B. Voice
C. Email address
D. All of the above

6. When you receive an email from the bank containing a link
to the bank's website, you:
A. Enter the address of the website on your own even if
you recognize it; the link can redirect you to another
site.
B. Change the username and password of your bank
account; it was most likely breached.

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 108 of 126
LHUB_ver1.1
 NICF - Cybersecurity Awareness
Programme (SF)
Learner’s Guide

C. Click on the link; you recognize the address of the
website, so it must be authentic.
D. Delete the email; the bank never sends links.

7. Mark the true statement about ransomware:
A. The most notorious families have proven to be
breakable
B. Paying the money is not a good option
C. If you pay, you can be sure your data will be restored
D. Successful recovery is always possible

Copyright © 2020 NTUC LearningHub Pte Ltd. © Cybint Solutions. All rights reserved
Page 109 of 126
LHUB_ver1.1