5. Social Engineering Flashcards
what is social engineering
human aspect of the security. Before actual hacking, start with social engineering as people are the weakest link
phishing
extract credentials by pretending to be from a legitimate organisation
- username passwords
- credit card credentials
- bank account number
spear phishing
same as phishing but targeted towards high networth people
- need to know target before attack
pharming
redirect user to another fake site
- conducted by changing host file (DNS poisoning)
- type in real address but redirected to fake site
non tech attacks
- authority
- charm
- pretext
- baiting
- reciprocation
authority
people respect authority such as uniform
- legal (lawyer, public service)
- organisational (boss)
- social
charm
make people sympathise with you
pretext
create a good scenario and prepare for expected questions
baiting
tempt victim’s greed or curiosity then steal their information
physical: drive containing malware
online: enticing advertisement which leads to download of malicious files
reciprocation
do something for people so that they feel inclined to do something back. Manipulation of feelings
mitigations
tech
- check url
- check for spelling mistakes
- hover over links before clicking
- open attachment using VM to isolate
- check phish tanks that contains submitted malicious links
non tech
- education
- training
- awareness