Social Engineering Attacks PDF

Social Engineering Attacks What is Social Engineering? Social Engineering is the art of convincing people to reveal confidential information. Common targets of social engineering include help desk personnel, technical support executives, system administrators, etc. Social engineers depend on the fact that people are unaware of their valuable information and are careless about protecting it. Impact of Attack on Organization Economic losses Damage of goodwill Loss of privacy Temporary or permanent closure 1 All Rights Reserved. Copyrights © by MRWEBSECURE. Phases of Social Engineering Attack Research on Target Company Dumpster diving , websites, employees, tour company, etc Select Victim Identify the frustrated employees of the target company Develop Relationship Develop relationship with the selected employees Exploit the Relationship Collect sensitive account and financial information, and current technologies Types of Social Engineering Human-based Social Engineering Computer-based Social Engineering Mobile-based Social Engineering Human-based Social Engineering Gather Sensitive information by interaction Impersonation Vishing Shoulder Surfing Dumpster Diving Eavesdropping Tailgating Piggybacking 2 All Rights Reserved. Copyrights © by MRWEBSECURE. Computer-based Social Engineering This social Engineering is carried out with the help of computers Phishing Pop-up-Windows Attacks Spam mail Instant Chat Messenger Mobile-based Social Engineering It is carried out with the help of mobile applications Publishing Malicious Apps Repackaging Legitimate Apps SMS Phishing Human-based Social Engineering Impersonation: It is the most common human-based social engineering technique where the attacker pretends to be someone legitimate or an authorized person. Example: call as technical support staff and request id and password. 3 All Rights Reserved. Copyrights © by MRWEBSECURE. Vishing: Vishing is an impersonation technique in which the attacker tricks individuals to reveal personal and financial information using voice technology such as telephone. Example: attacker pretends to be technical support staff of targeted org. He claims the user id and password. 4 All Rights Reserved. Copyrights © by MRWEBSECURE. Eavesdropping: Eavesdropping, unauthorized listening of conversations, or reading of messages. Shoulder Surfing: Shoulder Surfing uses direct observation techniques such as looking over someone’s shoulder to get information such as passwords, pins, account number etc. Shoulder Surfing can also be done from a longer distance. 5 All Rights Reserved. Copyrights © by MRWEBSECURE. Dumpster Diving: Dumpster diving is looking for treasure in someone else’s trash It involves collection of phone bills, contact information, and financial information. Tailgating: Here, an unauthorized person, wearing a fake id badge, enters a secured area by closely following an authorized person through a door requiring key access. 6 All Rights Reserved. Copyrights © by MRWEBSECURE. Piggybacking: I forgot my id badge at home. Please help me.An authorized person allows an unauthorized person to pass through a secure door. Computer-based Social Engineering Pop-up Windows: These are windows that suddenly pop up while surfing the internet and asking for users. 7 All Rights Reserved. Copyrights © by MRWEBSECURE. Instant Chat: Gathering personal information by chatting with a selected online user to get information such as birth dates and maiden names. Phishing: Phishing is a cyber-attack method used by malicious actors to deceive individuals into revealing sensitive information, such as login credentials, personal details, or financial data. Types of Phishing Email phishing Whaling Spear phishing Malware phishing SEO phishing Whaling: Whaling is a specialized form of spear phishing that targets high-profile individuals, such as company executives or high- ranking officials. The aim is to obtain sensitive corporate information or gain access to privileged accounts. 8 All Rights Reserved. Copyrights © by MRWEBSECURE. Spear Phishing: Spear phishing targets specific individuals or organizations. Attackers conduct thorough research to personalize their messages, making them appear more credible. Malware-Based Phishing: Phishing emails may also include attachments infected with malware. When recipients open these attachments, their devices become infected with malicious software. Search Engine Phishing: Attackers manipulate search engine results to lead users to malicious websites instead of legitimate ones They were searching for it. 9 All Rights Reserved. Copyrights © by MRWEBSECURE. Email Phishing: This is the most common type of phishing attack. Attackers send emails that appear to come from reputable sources, such as banks, government agencies, or well-known companies. The emails often contain urgent or enticing messages, directing recipients to click on malicious links or provide personal information. Practical Zphisher : https://github.com/htr-tech/zphisher Camphish : https://github.com/techchipnet/CamPhish Identity Theft What is Identity Theft? Identity theft occurs when someone steals your personally identifiable information for fraudulent purposes. Attackers can use identity theft to impersonate employees of a target organization and physically access the facility. 10 All Rights Reserved. Copyrights © by MRWEBSECURE. Types of Identity Theft Child Identity theft Medical identity theft Financial identity theft Tax identity theft Driver’s license identity theft Insider Threat / Insider Attack An insider is any employee (trusted person on person) having access to critical assets of an organization. Insider Attacks are generally performed by privileged users, disgruntled employees, terminated employees, and third-party staff. 11 All Rights Reserved. Copyrights © by MRWEBSECURE.

Social Engineering Attacks PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue