Greeting Everyone! Today We are Going To Discuss On With human error mistakes is a top cause of data breaches. Why Social Engineering is Dangerous Nowadays, According to Verizon Social engineering is a commonly used tactic that was used in 33% of data breaches in 2018, , 2019 Data Breach Investigation Report which Comes with Huge Exploit.
What Is Social Engineering Attack?
In Simple Words, Social engineering is the art of manipulating target people & Human error mistakes cause Of data Theft. In Your Daily life, you’re Still See On Your Email or Phone To ask About it ( “Hey You won a Car” “Hey You won 10000” Click this Link )which is the best Example Of a Social Engineering attack.
Attacker & Scammer are usually trying to trick Victim into giving them passwords or bank information or accessing their computer to secretly install malicious software– Which Directly Lead to a Compromised Victim System By Victim Mistake whenever the Attacker Use Different Trick To Control the Victim.
Social engineering attack techniques which Increasing Day By day
Social engineering attacks come in different exploitation By an attacker Attacker Perform this attack against where human interaction is involved.
Phishing
Phishing is commonly used most dangerous Trick Of exploitation If the victim Cause Against phishing victim will lose his Confidential Data. phishing based On email, SMS, social media, and more, with email-based phishing increasing day by day.
All phishing tactics follow to trick the Victim that forcing Or compromising the victim into clicking on a malicious link that will take them to a website that may be controlled By an attacker who asks Victim for his credentials, injecting malware or viruses, or leads their target to a ransomware attack For Demanding Money To Victim. Phishing is one of the dangerous Social Engineering Attacks Which Never End.
Eg: I have created a Phishing page That Help to steal User’s password So as attacker will Trick the Victim To Enter Victim’s Password Whenever Victim Will Enter Attacker Will get Victim’s Password ,
Spear phishing:
Spear phishing is the trick Of exploitation & data theft by sending emails to specific and individuals or enterprise targets while purporting to be a trusted sender. Attacker Target To infect devices with malware or convince victims to hand over information As a password, Bank details etc. Which Actually Target Particular Employee Or Organization’s Stuff To compromise Their Data.
Here As an Example: The attacker target Organization staff attacker Send Email with an attached Phishing Link To One or More Employee And When the Victim Will Click the Crafted Link And Enter Their Credentials Victim Data Already Compromised.
Baiting:
Baiting attacks are not restricted to online Like Phishing . Attackers can also focus on exploiting human curiosity via the use of physical media. Supposed Attacker Create malicious Pendrive , harddrive Which Actually Contain Malware Trojan And Attacker will through where actually potential victims are certain to see them and Whenever Victim Will Used Check With PC at that time Victim Pc already Compromised . Always Keep In Mind Dont Use Different Pendrive , harddrive , if your No owner Maybe Which Will cause damage Your System .
Pretexting:
How attacker Could able to Inject & Steal user Data By pretexting this trick this involves creating a good pretext to steal victims’ personal information. Here Attacker maintain Critical Task To Let Victim convince this based on different attack vectors, including email, phone calls or even face-to-face communication. Here Attacker try to Impress someone known and trusted, it’s easy when Victim Trust On Attacker An attacker use Mind and Steal All sensitive Information about target .
Vishing:
Phishing Used by tricky to Click Link But in case of Vishing which attacker uses phone calls to trick people into giving away their private data. The attacker creates fake phone number, calls an individual posing as a bank or some other service provider, which ask for their Credentials Which Increasing Day by day .As Eg. Now A days Increasing Of Vishing attack which Could Big Damage Attacker & Scammer Trickly steal User data , Bank details By phone Call and convince Victim .
dumpster diving:
“Dumpster diving” which consist targeting trash or archive that mean Trash include in public or Some restricted area which required Authentication. It actually demands On human Error . dumpster attack carries e.g., CDs, DVDs, hard drives, company directories etc. It’s also helps how much personal and private information is thrown out for those to find. This could be cause breaching security which is so effective.
piggybacking:
In simple word piggybacking is unauthorized Access Of some one Wireless-LAN This cause is a physical security breach in which could enter by unauthorized users. So which could Best advantage For an attacker to perform Different types of attack against On it.
Eavesdropping:
Eavesdropping attacks Comes with secretly or stealthily listening to the private conversation or communications of parties with illegally . Is real time unauthorized accessing of Someone Private Conversation without their consent .As Eg. Supposed A And B Making Conversation that time attacker can spoof Their private Conversation there is different Techniques attacker used To Unauthorized access Of private Information. which basically comes with MITM Attack.
To Protect Against Yourself as social engineering victim:
To protect Against First Step You need Stand By Own , Phishing cause By Human Error so we need to Protect First Our Self to steal , Theft Your data ,
To Protect We need To Follow.
1.Don’t Open Suspect Email & Attachment From Some suspicious sources .
2.Always use 2fa On Your Social Media account Which Cant Be compromised .
3.Be Safe From tempting offers which May cause & Steal Your Data .
4.Keep You device Antivirus Software Update Regularly which May protect against Data Theft.
SO today We discuss How Social Engineering Comes With Different Types Of attack & How It dangerous Attack Now a days If Victim fall In Social Engineering Victim data could totally Compromise .
How Recently Hacker hack twitter accounts using Social Engineering Trick ,
Thank You
Author: Pallab Jyoti Borah (VAPT Analyst )