Greeting Everyone! Today We are Going To Discuss On With human error mistakes is top cause of data breaches. Why Social Engineering is dangerous Now a days , According to to Verizon Social engineering is a commonly used tactic that was used in 33% of data breaches in 2018, , 2019 Data Breach Investigation Report which Comes with Huge Exploit .
What Is Social Engineering Attack?
In Simple Word Social engineering is the art of manipulating which target people & Human error mistakes cause Of data Theft . As In Your Daily life your Still See On Your Email or Phone To asking About( “Hey You won Car” “Hey You won 10000” Click this Link )which is best Example Of social Engineering attack .
Attacker & Scammer are usually trying to trick Victim into giving them passwords or bank information, or access their computer to secretly install malicious software– Which Directly Lead to Compromised Victim System By Victim Mistake whenever Attacker Use Different Trick To Control Victim .
Social engineering attack techniques which Increasing Day By day
Social engineering attacks come in different exploitation By an attacker Attacker Perform this attack against where human interaction is involved.
Phishing
Phishing is commonly used most dangerous Trick Of exploitation If victim Cause Against phishing victim will lost his Confidential Data . phishing based On email, SMS, social media, and more, with email-based phishing Which increasing day by day .
All phishing tactics follow to trick Victim that force Or compromised victim into clicking on a malicious link that will take them to a website that may controlled By an attacker which asking Victim for his credentials, injecting malware or viruses or leading their target to a ransomware attack For Demanding Money To Victim . Phishing is one of dangerous Social Engineering Attack Which Never End .
Eg : I have Created Phishing page Which Help to steal User password So as attacker He will Trick Victim To Enter Victim Password Whenever Victim Will Enter Attacker Will get Victim Password ,
Spear phishing:
Spear phishing is the trick Of exploitation & data theft by sending emails to specific and individuals or enterprises targets while purporting to be a trusted sender. Attacker Target To infect devices with malware or convince victims to hand over information As password, Bank details etc. Which Actually Target Particular Employee Or Organization’s Stuff To compromised Their Data .
Here As Example : Attacker target Organization Stuff attacker Send Email with attached Phishing Link To One or More Employee And When Victim Will Click Crafted Link And Enter Their Credentials Victim Data Already Compromised .
Baiting:
Baiting attacks are not restricted to online Like Phishing . Attackers can also focus on exploiting human curiosity via the use of physical media. Supposed Attacker Create malicious Pendrive , harddrive Which Actually Contain Malware Trojan And Attacker will through where actually potential victims are certain to see them and Whenever Victim Will Used Check With PC at that time Victim Pc already Compromised . Always Keep In Mind Dont Use Different Pendrive , harddrive , if your No owner Maybe Which Will cause damage Your System .
Pretexting:
How attacker Could able to Inject & Steal user Data By pretexting this trick this involves creating a good pretext to steal victims’ personal information. Here Attacker maintain Critical Task To Let Victim convince this based on different attack vectors, including email, phone calls or even face-to-face communication. Here Attacker try to Impress someone known and trusted, it’s easy when Victim Trust On Attacker An attacker use Mind and Steal All sensitive Information about target .
Vishing
Phishing Used by tricky to Click Link But in case of Vishing which attacker uses phone calls to trick people into giving away their private data. The attacker creates fake phone number, calls an individual posing as a bank or some other service provider, which ask for their Credentials Which Increasing Day by day .
As Eg. Now A days Increasing Of Vishing attack which Could Big Damage Attacker & Scammer Trickly steal User data , Bank details By phone Call and convince Victim .
dumpster diving:
“Dumpster diving” which consist targeting trash or archive that mean Trash include in public or Some restricted area which required Authentication. It actually demands On human Error . dumpster attack carries e.g., CDs, DVDs, hard drives, company directories etc. It’s also helps how much personal and private information is thrown out for those to find. This could be cause breaching security which is so effective.
piggybacking
In simple word piggybacking is unauthorized Access Of some one Wireless-LAN This cause is a physical security breach in which could enter by unauthorized users. So which could Best advantage For an attacker to perform Different types of attack against On it.
Eavesdropping
Eavesdropping attacks Comes with secretly or stealthily listening to the private conversation or communications of parties with illegally . Is real time unauthorized accessing of Someone Private Conversation without their consent .As Eg. Supposed A And B Making Conversation that time attacker can spoof Their private Conversation there is different Techniques attacker used To Unauthorized access Of private Information. which basically comes with MITM Attack.
To Protect Against Yourself as social engineering victim:
To protect Against First Step You need Stand By Own , Phishing cause By Human Error so we need to Protect First Our Self to steal , Theft Your data ,
To Protect We need To Follow.
1.Don’t Open Suspect Email & Attachment From Some suspicious sources .
2.Always use 2fa On Your Social Media account Which Cant Be compromised .
3.Be Safe From tempting offers which May cause & Steal Your Data .
4.Keep You device Antivirus Software Update Regularly which May protect against Data Theft.
SO today We discuss How Social Engineering Comes With Different Types Of attack & How It dangerous Attack Now a days If Victim fall In Social Engineering Victim data could totally Compromise .
How Recently Hacker hack twitter accounts using Social Engineering Trick ,
Visit: https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html
Thank You
Author: Pallab Jyoti Borah (VAPT Analyst )
English
Arabic