Thursday, July 4, 2019

Week 5: Social Engineering

This week we are going to discuss the social engineering attack and some standard methods and techniques used and how to safeguards ourselves from those attacks.

Social Engineering: Social engineering is a technique to trick someone emotionally to gain access to the confidentiality of the information or gaining access to the office building. A most common example would be calling the customer care by posing as the spouse of the account holder and gets confidential information by tricking care agents that they got into some kind of emergencies and need the password to unlock the account immediately. It's the most legacy technique that exists for a very long time and still used to be a successful trick for many attackers without much investment.

Let's see some common social engineering technique.

1. Vishing: Voice over phishing is called vishing. Its most frequently used social engineering method where the attackers call like trusted companies and attempts to gain confidential information or intention to earn some money from the customer.  For example, I used to get call often that my car warranty is about to expire and would I like to extend it or not although I brought a new car and its just two months old. I rejected several times and asked to remove my name from caller list but still, I'm getting calls at least four times in a week.

2. Social Networking sites: After the boom of social networking sites like facebook, linked-in, twitter, anyone can get personal and professional information about the persons and trick them in gaining confidential by knowing their likes or emotional weakness.

3. Email Hacking: Getting an email from hacked friend's email account with downloadable attachments that is malicious to our computer systems.

How do we prevent those attacks?

Self-awareness- Before opening up an email or responding to any calls, and providing confidential information, analyze the source and trust of it.

Limit uploading all the information to the social networking sites and have them protected instead of making it as public and available for everyone.

Have updated and latest antivirus installed in your system. It helps in identifying malicious attachment and downloads on the internet.

References:
George V. Hulme and Joan Goodchild ( 2017, August 17).What is social engineering? How criminals exploit human behavior. Retrieved from https://www.csoonline.com/article/2124681/what-is-social-engineering.html


No comments:

Post a Comment