Add to collection(s) Add to saved
  1. No category
Uploaded by saivivekbal

Chapter 1 Social Engineering Techniques

advertisement 
DOMAIN 1
THREATS, ATTACKS & VULNERABILITY
FTA4100
Instructor – Meenaxi Dave
CHAPTER 1
Social Engineering Techniques
FTA4100
Instructor – Meenaxi Dave
Agenda
• What is Social Engineering Attack?
• Types of Social Engineering attacks
• Why Social Engineering Attacks are successful?
FTA4100
Instructor – Meenaxi Dave
1.1 Social
Engineering
Social engineering is the technique
that is used to
◦ manipulate a user into revealing
confidential information.
◦ manipulate a user to perform
certain actions.
FTA4100
Instructor – Meenaxi Dave
Social Engineering
FTA4100
Instructor – Meenaxi Dave
Type of Social Engineering attacks
•
•
•
•
•
•
•
•
•
•
•
•
•
•
FTA4100
Phishing
Spear Phishing
Whaling
Smishing
Vishing
Pretending
Spam
Spim
Dumpster diving
Pharming
Shoulder surfing
Tailgating
Piggy backing
Eliciting information
•
•
•
•
•
•
•
•
•
•
•
•
•
Identity fraud
Invoice scam
Credential harvesting
Recon
Hoax
Impersonation
3rd party authorization
Contractors / outside parties
Online attacks
Defenses
Watering hole attack
Typosquatting
Pretexting
Instructor – Meenaxi Dave
phishing, spear phishing, whaling
• Phishing is a type of social engineering in which an attacker attempts to obtain sensitive information
from users by masquerading as a trusted entity in an email or instant message sent to a large group of
often random people.
• Spear phishing is a phishing attack that targets a specific person or group of people with something in
common.
• Whaling is a phishing attack that targets high-value person, such as CEO and CFO
FTA4100
Instructor – Meenaxi Dave
Smishing, Vishing
• Smishing: send malicious SMS to steal user’s credentials or deliver
malware.
• Vishing takes advantage of voice communication technology (Voice over IP)
to establish trust from users and steal information.
FTA4100
Instructor – Meenaxi Dave
Prepending
Prepending is the act of supplying information
that another will act upon, frequently before they
ask for it, in an attempt to legitimize the actual
request.
Example: An attacker will add information to a
subject line of an email to make it look as if has
been scanned by the mail system before it arrives.
FTA4100
Instructor – Meenaxi Dave
Dumpster Diving Attack
A dumpster diving attack is a type of cyber attack made possible by searching
through the victim’s trash.
FTA4100
Instructor – Meenaxi Dave
Pharming
Pharming is a type of social
engineering cyberattack in
which criminals redirect
internet users trying to reach a
specific website to a different,
fake site.
Example: DNS poisoning
FTA4100
Instructor – Meenaxi Dave
Shoulder surfing, Tailgating and Piggy backing
Shoulder surfing: directly observe
individuals entering sensitive
information.
Tailgating: person with fake ID follow
other people who just used their own
identity to gain physical access to a
room or a building.
Piggy Backing: follow other people
without any ID to gain physical access
to a room or a building.
FTA4100
Instructor – Meenaxi Dave
Credential Harvesting Attack
Credential harvesting, also known as password
harvesting, is the process of gathering valid
usernames, passwords, private emails, and email
addresses through infrastructure breaches.
Increasingly, cybercriminals are able to gather
usernames and passwords en masse in so-called
credential harvesting attacks, via email phishing,
and other exploits. An attacker may leverage the
credentials for their own exploits, trade them on
the dark web — or both.
FTA4100
Instructor – Meenaxi Dave
Watering Hole Attack
Watering hole attack: Watering
hole is a computer attack
strategy in which an attacker
guesses or observes which
websites an organization often
uses and infects one or more of
them with malware.
FTA4100
Instructor – Meenaxi Dave
Typosquatting attack
Typosquatting is an attack that
involves capitalizing upon
common typographical errors,
such as Facrbook.com,
bakofamerica.com, gooogle.com
FTA4100
Instructor – Meenaxi Dave
Hoax
Hoax: it is the attack that the
hacker manipulates the user to
take some action to downgrade
the system security or delete an
important system’s file.
FTA4100
Instructor – Meenaxi Dave
Why Social Engineering attacks works
• Authority
• Intimidation
• Consensus
• Scarcity
• Familiarity
• Trust
• urgency
FTA4100
Instructor – Meenaxi Dave
Related documents
InstuctorNotification
InstuctorNotification
demonstration lesson planning and reflection sheet
demonstration lesson planning and reflection sheet
Download
advertisement