social engineering attacks

Introduction to social Engineering:-

·       What is Social Engineering?

Social Engineering refers to psychological manipulation of people into either performing action or giving out confidential information.

·       Pretexting is to create an individual scenario to engage a target victim wherein he would give out information or perform actions that would be unlikely in ordinary circumstances.

·       Diversion theft  In this type of attack, the social engineers trick a delivery or courier company into going to the wrong pickup or drop-off location, thus intercepting the transaction.

·       Phishing is a technique of obtaining private information using fraud. Typically, the phisher sends an e-mail that appears to gain confidential information.

·       IVR OR Phone Phishing uses a false interactive voice response(IVR) system to recreate copy of an IVR System.

·       Baiting is like a Trojan horse that uses physical media and depends in people’s curiosity, Using a CD ROM or Flash Drive the attacker leaves it around someplace it can be found by an unsuspecting person. Being curious the person will by default load it to check it. And by doing so install malware on his system.

·       Quid pro quo in this attacker pretend t be someone from IT and makes random calls asking if there are any issues, finally finding someone who needs help, the attacker gets them to type commands giving access to the hacker to launch his malware. 

Computer base Social engineering:-

·       Email attachments that can dupe a user into either opening or executing a malware.

·       Fake websites that look like the original site can be used to gain information that is confidential.

·       Pop-up windows that advertise expertise can be used to send malware to the user.

Social Networking sites – Impersonation Platform/Medium:-

            An individual can create an account “Impersonating”  or  pretending to be someone else on social media. This is common especially in the cases of celebrities or higher value organization.

Some Quick Tips to Remember:

Think before you click. Assailants utilize a feeling of criticalness to make you act first and think later in phishing assaults. When you get an exceptionally dire, high-weight message, make certain to pause for a minute to check if the source is dependable first. The most ideal path is to use another strategy for correspondence not the same as where the message is from - like messaging the individual to check whether they messaged you a pressing message or that was from an assailant. Should be sheltered than sorry!

Research the sources. Continuously be cautious about any spontaneous messages. Check the space connects to check whether they are genuine, and the individual sending you the email on the off chance that they are real individuals from the association. As a rule, a grammatical mistake/spelling blunder is obvious. Use a web search tool, go to the organization's site, check their telephone registry. These are on the whole basic, simple approach to abstain from getting satirize. Drifting your cursor on a connection before you really click on it will uncover the connection at the base, and is another approach to ensure you are being diverted to the right organization's site.

Email ridiculing is omnipresent. Programmers, spammers, and social specialists are out to get your data, and they are assuming control over control of individuals' records. When they obtain entrance, they will go after your contacts. Notwithstanding when the sender gives off an impression of being somebody you know about, it is still best practice to check with them on the off chance that you aren't expecting any email connections or records from them.

Try not to download records you don't have the foggiest idea. On the off chance that you (a) don't have the foggiest idea about the sender, (b) don't anticipate anything from the sender and (c) don't have the foggiest idea in the event that you should see the document they simply send you with "Earnest" on the email feature, it's protected not to open the message by any stretch of the imagination. You wipe out your hazard to be an insider danger thusly.

Five Ways to Protect Yourself:

     1.Erase any solicitation for individual data or passwords. No one ought to get in touch with you for your own data through email unsolicited. On the off chance that you get requested it, it's a trick.

    2.Reject demands for assistance or offers of assistance. Social specialists can and will either demand your assistance with data or offer to support you (i.e acting like technical support). In the event that you didn't demand any help from the sender, consider any solicitations or offers a trick. Do your own examination about the sender before focusing on sending them anything.

     3.Set your spam channels to high. Your email programming has spam channels. Check your settings, and set them to high to dodge dangerous messages flooding into your inbox. Simply make sure to check them occasionally as it is conceivable genuine messages could be caught there every now and then.

   4.Secure your gadgets. Introduce, keep up and update normally your enemy of infection programming, firewalls, and email channels. Set your programmed reports on the off chance that you can, and just access verified sites. Consider VPN.

     5.Continuously be aware of dangers. Twofold check, triple check any solicitation you get for the right data. Pay special mind to cybersecurity news to take quick activities in the event that you are influenced by an ongoing break. I prescribe buying in to two or three morning pamphlet to stay up with the latest with the most recent in InfoSec like Cyware or BetterCloud Monitor. In the event that you are a web recording individual, Decrypted by Bloomberg, DIY Cyber Guy and Reply All offer simple to process data and news that is very easy to use.