Sunday, August 30, 2020

Social Engineering

 Social Engineering is a technique used by hackers to gain private or confidential information.

Common Social Engineering Attacks to Be Aware Of | EC-Council Official Blog

Source of image: Google

Social engineering is an attack that attempts to manipulate individuals into performing actions or reveal confidential information.

The best example for social engineering is you get a call from an unknown person saying they work in IT department (Help desk) and  need your domain Id and password so that they can install/upgrade the software after working hours and tell you to can change the password tomorrow morning when you log in 

Types of social engineering attacks:

Pretexting - This is when an attacker calls an individual and lies to them in an attempt to gain access to privileged data. An example involves an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.

Something for Something - This is when an attacker requests personal information from a party in exchange for something, like a gift.


social engineering – GW Information Security Blog

Source of image: Google

Organizations should promote awareness of social engineering tactics and educate employees on prevention measures, such as the following

  • Never provide confidential information or credentials via email, chat sessions, in-person, or on the phone call to unknown parties.

  • Resist the urge to click on enticing emails and website links.

  • Keep an eye out for uninitiated or automatic downloads.

  • Establish policies and educate employees about those policies.

  • When it comes to security, give employees a sense of ownership.

  • Do not fall to pressure from unknown individuals.

Sniffing 

Sniffing is similar to eavesdropping on someone. It occurs when attackers examine all network traffic, independent of whether or not the traffic is addressed to them or not. hackers accomplish network sniffing with a software application, hardware device, or a combination of the two. Sniffing views all network traffic or it can target a specific protocol, service, or even string of characters such as a login or password.

One of the best tools used for sniffing is Wireshark. (Wireshark is a packet analyzer)


Punch The Clock - Networking Edition: How does packet sniffing work? - Latest Hacking News

Source of image: Google

A packet analyzer is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network.


Wireshark 3.2.2 - Neowin

Source of image: Google


Thanks for reading :)

at 1 comment:

Saturday, August 8, 2020

Best practices to be followed to keep your data secured

Nowadays we see many scams related to money and online fraudsters, how should we get rid of it?


  • The best thing to follow is never to click on a link sent by an unknown.
  • Do not share  OTP to any service providers or any application creators, because no services providers would ask for an OTP
  • Do not skip Microsoft updates or any android updates (You might wonder why updates are so important the reason for it is whenever Microsoft or apple finds a bug or vulnerability in their code they patch them with an update so that the hackers don't exploit their data so this is the main reason to keep out system and Mobile phones up to date)
  • Should have an antivirus or a firewall in your network
  • Virus definition should be updated frequently (deals with Antivirus software) 
  • Even a proxy server can help you in preventing your data
  • Keep a backup of your data so that it's useful when you get a Ransomware attack
Ransomware is a type of attack where the hacker encrypts your data and demands for cryptocurrencies(bitcoins).
The reason why they use cryptocurrencies is they can't be tracked.
  • In case if there is a ransomware attack on your network the first thing is you should disconnect all the computers from the Internet. (because if one system is infected it can infect all the computers on your network, Virus can spread)
  • You should frequently change your passwords.
  • Passwords should not be a word, but it should be a phrase.
  • Do not download any files sent by an unknown person or unknown domain.
  • Do not fall for some useless scheme which guarantees to double your money.
Now let's talk about the Carryminati's live channel on YouTube which was hacked.
Hackers ran a live video on which they demanded cryptocurrencies.


There are many scams performed over the globe in which the recent one is E-sim fraud.


  • Initially, the caller will call you and pretend to be from a service provider(Airtel, Jio, Vodafone) 
  • It started from a message saying your sim will be deactivated in 24 hours or please update your KYC verification
  • After which they would send a text message with a link (URL) so that you can update your KYC
  • But in reality that link would register their email id with your mobile number, so whenever there would be an OTP sent on their number it would also be sent on the email address which is registered 
  • Using this scam they can get all the money from your account 
  • Once the email address is registered then the attacker tells the victim to forward the E-sim request to them.
  • Once the E-sim is activated the physical sim which is active on the victims mobile gets deactivated and the E-sim is activated 
Using this scam recently 4 men lost 21 Lakhs rupees.

Hope this will help you and if you have any doubts regarding this do comment and let me know.
Thanks for reading :)





























at 1 comment:
Subscribe to: Posts (Atom)

Ransomware

In this article, we will be learning about Ransomware and best practises to get rid of it! Ransomware is a type of malware attack which is c...

What is Bug Bounty with real time example