Sunday, August 30, 2020

Social Engineering

 Social Engineering is a technique used by hackers to gain private or confidential information.

Common Social Engineering Attacks to Be Aware Of | EC-Council Official Blog

Source of image: Google

Social engineering is an attack that attempts to manipulate individuals into performing actions or reveal confidential information.

The best example for social engineering is you get a call from an unknown person saying they work in IT department (Help desk) and  need your domain Id and password so that they can install/upgrade the software after working hours and tell you to can change the password tomorrow morning when you log in 

Types of social engineering attacks:

Pretexting - This is when an attacker calls an individual and lies to them in an attempt to gain access to privileged data. An example involves an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.

Something for Something - This is when an attacker requests personal information from a party in exchange for something, like a gift.


social engineering – GW Information Security Blog

Source of image: Google

Organizations should promote awareness of social engineering tactics and educate employees on prevention measures, such as the following

  • Never provide confidential information or credentials via email, chat sessions, in-person, or on the phone call to unknown parties.

  • Resist the urge to click on enticing emails and website links.

  • Keep an eye out for uninitiated or automatic downloads.

  • Establish policies and educate employees about those policies.

  • When it comes to security, give employees a sense of ownership.

  • Do not fall to pressure from unknown individuals.

Sniffing 

Sniffing is similar to eavesdropping on someone. It occurs when attackers examine all network traffic, independent of whether or not the traffic is addressed to them or not. hackers accomplish network sniffing with a software application, hardware device, or a combination of the two. Sniffing views all network traffic or it can target a specific protocol, service, or even string of characters such as a login or password.

One of the best tools used for sniffing is Wireshark. (Wireshark is a packet analyzer)


Punch The Clock - Networking Edition: How does packet sniffing work? - Latest Hacking News

Source of image: Google

A packet analyzer is a computer program or piece of computer hardware that can intercept and log traffic that passes over a digital network or part of a network.


Wireshark 3.2.2 - Neowin

Source of image: Google


Thanks for reading :)

at

1 comment:

Subscribe to: Post Comments (Atom)

Ransomware

In this article, we will be learning about Ransomware and best practises to get rid of it! Ransomware is a type of malware attack which is c...

What is Bug Bounty with real time example