Social Engineering Attacks

social engineering attacks

An attack or a hack through which the attacker users social skills via human interaction to obtain or compromise information about an organization or its computer systems is known as a social engineering attacks. Your data is at risk everyday through social engineering attacks because hacking a human is much easier than hacking a business.

What motivates social engineers?

  • Obtaining personal information.
  • Gaining unauthorized access.
  • Circumventing established procedures.
  • Because they can.




Common Attacks

Personal Approach :- In personal approaches, the social engineering may directly ask for approach in general meeting or gathering and get personal or critical information directly or indirectly about you.

Telephone :- Request information usually through the imitation of a legitimate bank/company through system to get critical information such as bank/credit card data.

Online :- Internet connectivity enables attackers to approach individuals or employee an anonymous internet source and convince them to provide information through a believable user.

Ransomware a Nightmare for Businesses

Ransomeware
Ransomware is an attack that installs covertly on a company’s computer

Ransomware is an attack that installs covertly on a company’s computer, blocking or limiting user access and demanding a ransom payment to restore it. This is one of the fastest growing cyber threats and is expected to increase 400% every years.

The state of ransomware

  • 25% of organizations had to cease business operations immediately because of ransomware.
  • 81% of business have experienced a cyber attack.
  • 66% have suffered a data breach
  • 35% were victims of ransomware
  • 72% of companies affected by ransomware that could not access data for at least 2 days following the attack.
  • 32% that lost access to their data for
  • $10-$50 million estimated monthly income for cyber criminals from ransomware

Ways to Stop Social Engineering Attack

  • Walk through company and make sure employees are not leaving personal or sensitive information in plain view of passing people such as e-mail accounts, login information, passwords etc.
  • Use dummy accounts to monitor networks, and also use the admin account as a dummy as well and monitor who attempts to access it and trap them in the act.
  • Make a security policy that enforces that passwords must contain a certain combination of words,numbers and characters.
  • Never allow an employee to leave their terminal or desk without first logging out of their respected machine or workstation

Tips for Avoiding a Social Engineering Attack

  • Limit public information:- Limit the amount of personal information that you share online.
  • Be a skeptical:- Always question requests for sensitive information.
  • Trust but verify:- Don’t share information with people you don’t know unless you can verify their identity.
  • Call them back:- Through the main switchboard if possible.
  • No password over the phone:- Never share your password with anyone over the phone

Spot Fake E-mails and Stay Safe

In June 2015, famous company Ubiquiti networks Inc. willing wired $46.7 million to fake bank accounts in china. Why? Because the company CEO asked them to an email. Of course, the actual CEO never made any such request a group of hackers did.

  • Contact information:- The email contains a generic salutation or lacks any contact information for the recipient to use if they have questions.
  • Spelling and grammar errors:- The email contains clear spelling or grammatical errors or emails from legitimate companies are normally proof read extensively before sending.
  • Requests personal information:- The email requests that you follow a link to log in, or request personal information such as a credit card pin number or password.
  • High urgency or threats:- The email creates a high sense of urgency, or threatens consequences for inaction.
  • Fake web links:- The sender’s displayed name and email address do not match the purported company the email represents, or the links send the recipient to other websites not associated with the purported company

Notes : 80% of attacks are phishing




Cyber Scams

Social engineering exploits the goodwill of unwitting victims. Here’s how….

  • Website Spoofing:- Bogus websites masquerade as the real thing, tricking victims into sharing sensitive information.
  • Phishing :- Emails impersonate legitimate businesses to acquire information. This websites will request information through forms ad offer downloads containing malware.
  • Social Media Phishing :- In social media phishing is when attackers use social networking sites like Facebook, Twitter and Instagram instead of email to obtain your sensitive personal information or click on malicious links.
  • Baiting :- In baiting, the attacker dangles something enticing to move his victim to action. Physical media sources loaded with malware infect computers and steal information.
  • Impersonation :- Scammer impersonates a trusted sources online or in person to obtain valuable information
  • Poser :- Attackers poses as a vendor, client or employee and sends email from what links like a reputable source.

How to Spot a Phishing

Phishing is a technique used to fraudulently obtain usernames, passwords, credit card numbers and other sensitive information.

Fraudulent emails typically ask you to:

  • Open an attachment
  • Click on link, redirecting you to a malicious website.
  • You may be prompted to enter personal information.

Types of Phishing Attacks

  • Spear Phishing: A highly targeted form of phishing that hones in on a specific group of individuals or organization.
  • Whaling: A form of phishing, targeted at executive level individuals.
  • Cloning: Whereby a legitimate email is duplicated but, the content is replaced with malicious links or attachments.



Please follow and like us:
error

27 thoughts on “Social Engineering Attacks”

  1. I have been browsing online more than 2 hours today, yet I never found any interesting article
    like yours. It’s pretty worth enough for me. Personally, if all web owners
    and bloggers made good content as you did, the web will
    be much more useful than ever before.

  2. It is appropriate time to make some plans for the future and it’s time to be happy.

    I’ve read this publish and if I may I want to recommend you few attention-grabbing issues or advice.
    Perhaps you can write subsequent articles regarding this article.

    I desire to learn even more things approximately it!

  3. Fantastic beat ! I would like to apprentiice at the same time
    as you amend your site, how can i subscribe for a weblogg site?

    The account helped me a acceptable deal. I were
    a little bit familiar of this your broadcast provided
    vivid transparent idea.

  4. I’ve been surfing online greater than three hours as of late,
    but I never discovered any fascinating article like yours.
    It is pretty value enough for me. Personally, if all web owners and bloggers made excellent content material as you did,
    the net will likely be a lot more helpful than ever before.

  5. I’ve been browsing on-line more than 3 hours lately, but I never discovered any interesting article like yours.

    It is beautiful price sufficient for me. In my opinion, if all
    website owners and bloggers made just right content material as you probably
    did, the web can be a lot more helpful than ever before.

  6. hello there and thank you for your information – I’ve certainly picked up anything new from right here. I did however expertise some technical points using this site, since I experienced to reload the site a lot of times previous to I could get it to load correctly. I had been wondering if your web hosting is OK? Not that I am complaining, but sluggish loading instances times will sometimes affect your placement in google and could damage your high quality score if ads and marketing with Adwords. Anyway I’m adding this RSS to my email and could look out for a lot more of your respective exciting content. Ensure that you update this again very soon..

  7. I’ve been browsing online more than 3 hours today, yet I never
    found any interesting article like yours. It is pretty worth enough
    for me. In my view, if all site owners and bloggers made good content as you did,
    the internet will be much more useful than ever before.

  8. I’ve been browsing online more than three hours today, yet I
    never found any interesting article like yours. It is lovely price enough for me.
    In my opinion, if all webmasters and bloggers made good content as you probably did, the net will likely be much more
    useful than ever before.

  9. I’ll immediately take hold of your rss as I can not in finding your email subscription link or e-newsletter service.

    Do you’ve any? Kindly permit me understand so that I could subscribe.
    Thanks.

  10. I will right away grasp your rss feed as I can’t to find your e-mail subscription link or e-newsletter service.
    Do you’ve any? Please let me recognise so that I may subscribe.
    Thanks.

  11. I would like to thank you for the efforts you’ve
    put in penning this site. I am hoping to view the same high-grade
    content from you later on as well. In truth, your creative writing abilities has
    motivated me to get my very own website now 😉

  12. I’ve been surfing online more than 3 hours today, yet
    I never found any interesting article like yours.

    It’s pretty worth enough for me. In my opinion, if all website owners and
    bloggers made good content as you did, the internet will be a lot more useful than ever before.

  13. I’ll right away grasp your rss as I can not in finding
    your e-mail subscription link or e-newsletter service. Do
    you’ve any? Kindly let me understand so that I may subscribe.

    Thanks.

  14. It’s appropriate time to make some plans for the long run and it
    is time to be happy. I’ve learn this publish and if I
    may I desire to suggest you few fascinating things or advice.

    Perhaps you can write subsequent articles referring to this article.
    I want to read even more things about it!

  15. I have seen that car insurance companies know the vehicles which are vulnerable to accidents and various risks. Additionally they know what sort of cars are susceptible to higher risk and the higher risk they’ve already the higher a premium amount. Understanding the basic basics of car insurance can help you choose the right types of insurance policy that can take care of your preferences in case you become involved in an accident. Appreciate your sharing the ideas in your blog.

  16. I’ll right away grab your rss feed as I can not find your email subscription link or newsletter service.
    Do you have any? Please let me understand in order that I may just subscribe.
    Thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *