Task 1: Research Social Engineering Examples Social engineering, as it relates t

Question

Task 1: Research Social Engineering Examples

Social engineering, as it relates to information security, is used to describe the techniques used by a person (or persons) who manipulate people in order to access or compromise information about an organization or its computer systems. A social engineer is usually difficult to identify and may claim to be a new employee, a repairperson, or a researcher. The social engineer might even offer credentials to support that identity. By gaining trust and asking questions, he or she may be able to piece together enough information to infiltrate an organization's network.

Task 2:

Recognize the Signs of Social Engineering Social engineers are nothing more than thieves and spies. Instead of hacking their way into your network via the Internet, they attempt to gain access by relying on a person’s desire to be accommodating. Although not specific to network security, the scenario below illustrates how an unsuspecting person can unwittingly give away confidential information.

"The cafe was relatively quiet as I, dressed in a suit, sat at an empty table. I placed my briefcase on the table and waited for a suitable victim. Soon, just such a victim arrived with a friend and sat at the table next to mine. She placed her bag on the seat beside her, pulling the seat close and keeping her hand on the bag at all times.

After a few minutes, her friend left to find a restroom. The mark [target] was alone, so I gave Alex and Jess the signal. Playing a couple, Alex and Jess asked the mark if she would take a picture of them both. She was happy to do so. She removed her hand from her bag to take the camera and snap a picture of the “happy couple” and, while distracted, I reached over, took her bag, and locked it inside my briefcase. My victim had yet to notice her purse was missing as Alex and Jess left the café. Alex then went to a nearby parking garage.

It did not take long for her to realize her bag was gone. She began to panic, looking around frantically. This was exactly what we were hoping for so, I asked her if she needed help.

She asked me if I had seen anything. I told her I hadn’t but convinced her to sit down and think about what was in the bag. A phone. Make-up. A little cash. And her credit cards. Bingo! Students should perform the steps in this task individually.

I asked who she banked with and then told her that I worked for that bank. What a stroke of luck! I reassured her that everything would be fine, but she would need to cancel her credit card right away. I called the “help-desk” number, which was actually Alex, and handed my phone to her.

Alex was in a van in the parking garage. On the dashboard, a CD player was playing office noises. He assured the mark that her card could easily be canceled but, to verify her identity, she needed to enter her PIN on the keypad of the phone she was using. My phone and my keypad.

When we had her PIN, I left. If we were real thieves, we would have had access to her account via ATM withdrawals and PIN purchases. Fortunately for her, it was just a TV show."

“Hacking VS Social Engineering –by Christopher Hadnagy www.hackersgarage.com/hacking-vs-socialengineering.html

Remember: “Those who build walls think differently than those who seek to go over, under, around, or through them." Paul Wilson - The Real Hustle

Research ways to recognize social engineering. Describe three examples found in your research.

Task 3: Research Ways to Prevent Social Engineering

Does your company or school have procedures in place to help to prevent social engineering?

If so, what are some of those procedures?

Use the Internet to research procedures that other organizations use to prevent social engineers from gaining access to confidential information. List your findings.

Explanation / Answer

social engineering

it is away of con game which seeks information by manipulation any person,it is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software–that will give them access to your passwords and bank information as well as giving them control over your computer.

social engineering are of many types:-

1.phishing

2.baiting

3.scareware

4.pretexting

TASK 1:

examples of social engineering are:-

In 1849, Samuel Williams, the original "confidence man," as the newspapers named him, engineered gullible strangers out of their valuables simply by asking "Have you confidence in me to trust me with your watch until tomorrow?" Through the late 19th and early 20th century Joseph "Yellow Kid" Weil ran a variety of scams, including conning Benito Mussollini out of $2 million by selling him phony rights to mining lands in Colorado. And of course in the 1960s, Frank Abagnale, subject of the movie Catch Me If You Can, made a living faking identities and passing bad checks. While technology has made some kinds of fraud more difficult to commit, it's created all sorts of new opportunities for adaptable fraudsters. And even the very strongest security technology can be overcome by a clever social engineer. That's part of the reason security awareness training for end users is so essential.

task 2.:

Social Engineering: Methods of cyber criminals

1.combat social engineering

The dangers of social engineering make even experienced IT professionals.Although there is no standard antidote, it is primarily about understanding the methods of the attacker. Then the battle is already half won. We show seven perfidious ways through which social engineering to their data and want their money.

2.The "forgotten" USB stick

Oops, there was smooth but someone left lying a stick. Well, let's quickly look who it belongs to - so best just plugged to the computer ... This old farmhouse trick is still one of the most successful attacks on companies. Although Microsoft example suppresses the automatic launch applications on USB drives under Windows, help creative, curiosity awakening filename enormously to move careless employee to click. Companies remains to block only USB ports completely or - more meaningful - to train their employees accordingly.

3.Perfect Fake phishing emails

Most phishing emails sees its origin: Poor formatted cruel expression, cheap To-Click-prompting. Nevertheless, there are always specimens that pretend to come from the bank, the insurance company, the insurance company or the HR department and the anxious employees quickly hooked. Then just click, un the entire corporate network is infected. It is not difficult to recognize phishing emails - be they ever so well done. Once the objective of the mail is to click a link to verify personal data or enter the mail should quickly end up in storage.

4.Mails from "friends" and "colleagues"

Unlike the generic phishing is spear phishing directed specifically at individuals or a small group of people. Popular among attackers to keep in social networks for victims out, they spy on her hobbies and activities is. Subsequently customized phishing emails are designed and shipped - here determines the title, name of the addressed company and often the Annex, which is disguised as a letter from a colleague or casual acquaintance. The success of this action is of course higher than the generic phishing. What helps? Consistent distrust, personal demands the sender alleged and ignoring all e-mail attachments,

5.Don't Fall for "Act NOW!" False Urgency Requests

One thing that social engineers and scammers will do in order to bypass your rational thought process is to create a false sense of urgency.

The pressure to act quickly may override your ability to stop and think about what is really happening. Never make quick decisions because someone you don't know is pressuring you too. Tell them they will have to come back later when you can vet their story, or tell them you will call them back after you have verified their story with a third party.

5.Webmail

Webmail accounts are so exciting because they often serve as a document archive. Once cracked, attackers have access to year-old correspondence and can steal a large piece of a digital identity. The "Forgot Password?" along with Security check is a popular gateway, but can be guessed only with social WebResearch many answers to this query. And if that does not work, the staff of the webmail provider with popular social engineering tricks are brought to surrender certain user information. Smaller companies not running your own mail server and rely on webmail providers should, therefore, consider carefully who select them. Who is responsible for its mail server itself, should see that address Ownerchange and DNS changes can not go so easily from equip.

6.Physical security of the office

Drag the typical clothes of a company to, you pretend you belonged to it and smuggle yourself in the employee group, the buggers just from smoking break back inside the corporate building. Zack, you're in it! Because the technique can not be so sure, against such intrusion especially large companies are often poorly filed, because there just is not everyone knows each other. . Blueing your (receive) a staff that they look for fake identification badge out and look straight unknown persons accurately

7. If Tech Support Calls YOU It Might be a Social Engineering Attack

How many times have you called tech support and waited on hold for like an hour? 10? 15? How many times has tech support called you wanting to help you fix a problem? The answer is probably zero.

task 3:

ways to prevent social engineering are:

1.Check the Domain on Your Phone and Desktop

Many phishing attacks originate with hackers trying to pretend that their phishing website is an original corporate website. For example, if you are on the Chase website, the URL is going to be www.chase.com. A phishing website will do something like www.chase.bankonlinenow.com.

2.Look for the SSL on Desktop and Mobile

Always look to make sure the site is transmitting in SSL. There will be a green lock in the URL where you can click or tap the lock and see the security certificate for the website, and make sure it matches the name of the company you are visiting.

3.When Using Social Media, Limit Surveys and Games

Unless you are sure the source is reliable, do not take a survey or play any games on social. Many phishing attempts are disguised as games or surveys that require you to log in with Facebook.

3.NEVER provide confidential information or, for that matter, even non-confidential data and credentials via email, chat messenger, phone or in person to unknown or suspicious sources.

4.When clicking on links sent via email or on websites, always keep a watch out for uninitiated or automatic downloads. It could be a malware piggybacking on to your system. All such activity should be reported IMMEDIATELY to your security manager.

5.BLOCK USB devices in order to reduce the risk of Baiting. Baiting is the digital equivalent of a real-world Trojan Horse, where the attacker tempts users with free or found physical media (USB drives) and relies on the curiosity or greed of the victim – if they plug it in, they are hacked!

6.USE 2-factor authentication in order to make it more difficult for hackers to enter your organization.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.