Chapter 2 - 05 - Understand Social Engineering Attacks - 04_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Reverse Social Engineering, Piggybacking, and Tailgating Reverse Social Engineering O The attacker presents him/herself as an authority and the target seeks his or her advice before or after offering the information that the attacker needs Piggybacking O An authorized person intentionally or unintentionally allows an unauthorized person to pass through a secure door e.g., “I forgot my ID badge at home. Please help me” Tailgating O The attacker, wearing a fake ID badge, enters a secured area by closely following an authorized person through a door that requires key access Copyright © by | L All Rights Reserved. Reproduction is Strictly Prohibited Reverse Social Engineering Generally, reverse social engineering is difficult to carry out. This is primarily because execution needs and a lot of preparation skills. In reverse social engineering, its a perpetrator assumes the role of a knowledgeable professional so that the organization’s employees ask them for information. The attacker usually manipulates questions to draw out the required information. First, the social engineer will cause an incident, creating a problem, and then present themself as the problem solver through general conversation, encouraging employees to ask questions. For example, an employee may ask how this problem has affected files, servers, or equipment. This provides pertinent information to the social engineer. Many different skills and experiences are required to carry out this tactic successfully. Provided below are some of the techniques involved in reverse social engineering: = Sabotage: Once the attacker gains access, they will corrupt the workstation or make it appear corrupted. Under such circumstances, users seek help as they face problems. = Marketing: To ensure that the user calls the attacker, the attacker must advertise. The attacker can do this either by leaving their business card in the target’s office or by placing their contact number on the error message itself. = Support: Even if the attacker has already acquired the desired information, they may continue to assist the users so that they remain ignorant of the hacker’s identity. A good example of a reverse social engineering virus is the “My Party” worm. This virus does not rely on sensational subject lines but rather makes use of inoffensive and realistic names for its attachments. By using realistic words, the attacker gains the user’s trust, confirms the user’s ignorance, and completes the task of information gathering. Module 02 Page 303 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Piggybacking Piggybacking usually implies entry into a building or security area with the consent of the authorized person. For example, an attacker might request an authorized person to unlock a security door, saying that they have forgotten their ID badge. In the interest of common courtesy, the authorized person will allow the attacker to pass through the door. Tailgating Tailgating implies accessing a building or secured area without the consent of the authorized person. It is the act of following an authorized person through a secure entrance, as a polite user would open and hold the door for those following them. An attacker, wearing a fake badge, might attempt to enter the secured area by closely following an authorized person through a door that requires key access. They then try to enter the restricted area while pretending to be an authorized person. Module 02 Page 304 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Hoax Letters, Instant Chat Messenger, and Spam Email 0:0.0.0.0:0.0.1 NN Q Emails that issue ; to the user about new viruses, Trojans, or worms that may harm the user’s system O PN N PN P \uu e Q —- Irrelevant, unwanted, and unsolicited emails that attempt to collect y & ars, and 1 Gathering \. with a selected user online to get information such as birth dates and maiden names Copyright © by EC-Council All Rights Reserved. Reproduction|s Strictly Prohibited. Hoax | Letters A hoax is a message warning its recipients of a non-existent computer virus threat. It relies on social engineering to spread its reach. Usually, hoaxes do not cause any physical damage or loss of information; but they cause a loss of productivity and use an organization’s valuable network resources. Instant Chat Messenger An attacker chats with selected online users via instant chat messengers and tries to gather their personal information such as date of birth or maiden name. They then use the acquired information to crack users’ accounts. Spam Email Spam is irrelevant, unwanted, and unsolicited emails designed to collect financial information such as social security numbers, and network information. Attackers send spam messages to the target to collect sensitive information, such as bank details. Attackers may also send email attachments with hidden malicious programs such as viruses and trojans. Social engineers try to hide the file extension by giving the attachment a long filename. Module 02 Page 305 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Information Security Attacks Exam 212-82 Phishing Phishing is the practice of sending an illegitimate email claiming to be from a legitimate site in an attempt to acquire a user’s personal or account information Phishing emails or pop-ups redirect users to fake webpages that mimic trustworthy sites, which ask them to submit their personal information J. D : - J A sig VA it a e BBBwer ) W@ _;J‘?. TUCL L ‘ 42 X_ R ST Bl | Z S d oot e (i g saie —— HM Revenue / & Customs * AMress IfOnmation - Mease enter your Nama 3nd 333023 33 yOu Nave It 13180 for your Credt cand ) Cue o e [ Doy ¥ Monh ¥ vewr¥ c Subject: Tax Refund Notice ! :::::: ) Hi, After the last annual calculationsof your fiscal activity, we have determined that you are eligible to receive a tax refund of $800. Please Submit the tax refund request and click here by having your tax refund sent 1o your bank account in due time. Please Click "Get Started” 1o have your tax refund sent to your bank account, your tax refund will be sént to your bank account in due time take your time to go through the bank we have on our list. Get Started Note: A refund can be delayed a variety of reasons, for example submitting invalid records or applying after deadline. Best Regards HM Revenue & Customs | Clicking the link directs youto a [} pagethat looks I similar to a genuine HMRC page e | Eprmsdy Ton Rt Cortermon | hetp//www. hmec.gov.uk Copyright © by L All Rights Reserved. Reproductionis Strictly Prohibited. Phishing Phishing is a technique in which an attacker sends an email or provides a link falsely claiming to be from a legitimate site to acquire a user’s personal or account information. The attacker registers a fake domain name, builds a lookalike website, and then mails the fake website’s link to users. When a user clicks on the email link, it redirects them to the fake webpage, where they are lured into sharing sensitive details such as their address and credit card information. Some of the reasons behind the success of phishing scams include users’ lack of knowledge, being visually deceived, and not paying attention to security indicators. The screenshot below is an example of an illegitimate email that claims to be from a legitimate sender. The email link redirects users to a fake webpage and asks them to submit their personal or financial details. -L) HM Revenue &Customs N » Address Information - Plesse enter your name and 33dress 35 you hawe it ksted for your credt cand Carthonter Name Oate of Beth. Mather Maden Nave cc Subject: Tax Refund Notice | Hi, S GetStarted the link directs youto a e cesarerers ns scsarsrsnsrs tstnenes nanen; fraudulent web page that looks Note: A refund can be delayed a variety of reasons, for example submitting invalid records or applying after deadline, e :.-;:. Best Regards HM Revenue & Customs similar to a genuine HMRC page ) | Monh ¥ Your ¥ TomnsCity After the last annual calculations of your fiscal activity, we have determined that you are eligible to receive a taxrefund of $800. Please submit the tax refund request and click here by having your tax refund sent to your bank account in due time. Please Click "Get Started™ to have your tax refund sent to your bank account, your tax refund willbe sent to your bank account in due time take your time to go through the bank we have on our list Clicking Doy ¥ Astress Postal Cote Frone hmter » Credit Card Information - Please enter your Credt or Detet Card where refunds wil be made Bave Mo Dobat / Cradt Card Number Cigranon Date: Month 1+++ > wu-= ¥ Year ¥ Card Verhcation Numter Sont Cote (1 Shoma On Cord) Slvel InfCrmaton Tan Mefund Confirmation Figure 2.53: Screenshot showing the phishing technique Module 02 Page 306 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.