Social Engineering: Lecture 5 Flashcards

1
Q

Technological Aspects

A

1) Phishing
+ Attempts to steal credentials by pretending to from a legitimate company or individual
+ Pointers of phishing emails:
- Usually legitimate organisations will not reveal information through emails, usually will ask to log in to the professional website to view the report and not use attachments.
- Typos and languages used are signs too
- Poor usage of language
- Use VirusTotal to scan documents
- Hover over links to check for link shorteners (Use link checkers to check)
- Prof enterprise will not ask to do authentication based task through emails for example.
- Look at header and email is it consistent.
- Message source, look at their servers
- Creates sense of urgency
- Ask for private personal or financial info

2) Spear Phishing
- Targeted phishing
- Similar telltale signs as phishing

3) Pharming
- ‘Poisoning’ the DNS to redirect the user to a malicious site that might be loaded with trojans instead of their usual ones.
- Can be used with fake website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Human Aspects

A
1) Authority
\+ Legal
\+ Organisational
\+ Social
- Mitigation: Education, send employees for training so they are aware of policies and best practices, what to do and what not to.

2) Charm (Empathy)
- Using crying baby to get empathy etc.
- Calling to get help.
- XSRF

3) Pretext
- Most times works with charm, provides a pretext

4) Baiting
- Tempt victim with greed or curiosity
- Eg. Getting an Apple phone for 2 dollars

5) Reciprocation (Quid Pro Quo)
- If I do something for you, the other party feels obligated to return the favour.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly