Social Engineering: Lecture 5 Flashcards
Technological Aspects
1) Phishing
+ Attempts to steal credentials by pretending to from a legitimate company or individual
+ Pointers of phishing emails:
- Usually legitimate organisations will not reveal information through emails, usually will ask to log in to the professional website to view the report and not use attachments.
- Typos and languages used are signs too
- Poor usage of language
- Use VirusTotal to scan documents
- Hover over links to check for link shorteners (Use link checkers to check)
- Prof enterprise will not ask to do authentication based task through emails for example.
- Look at header and email is it consistent.
- Message source, look at their servers
- Creates sense of urgency
- Ask for private personal or financial info
2) Spear Phishing
- Targeted phishing
- Similar telltale signs as phishing
3) Pharming
- ‘Poisoning’ the DNS to redirect the user to a malicious site that might be loaded with trojans instead of their usual ones.
- Can be used with fake website
Human Aspects
1) Authority \+ Legal \+ Organisational \+ Social - Mitigation: Education, send employees for training so they are aware of policies and best practices, what to do and what not to.
2) Charm (Empathy)
- Using crying baby to get empathy etc.
- Calling to get help.
- XSRF
3) Pretext
- Most times works with charm, provides a pretext
4) Baiting
- Tempt victim with greed or curiosity
- Eg. Getting an Apple phone for 2 dollars
5) Reciprocation (Quid Pro Quo)
- If I do something for you, the other party feels obligated to return the favour.