Social Security

-

SOCIAL ENGINEERING

According to wikipedia social engineering is a art of human hacking , where hackersdont use technology. Social engineering , in context of information security,refers to psychological manipulation of people into performing actions or divulging confidential information.



Some Facts :
  • people are the weakest link in a security chain lifecycle
  • companies critical data could still remain vulnerable to old-fashioned human manipulation
  • Most people think that hacking is mostly technical, utilizing the technical flaws in the system that the hacker is able to exploit.
  • Social engineering is a non-technical kind of attack that tricks people into performing malicious actions or giving away confidential data.Simply hacker uses organisations employees to get the credentials

Effects :
  •  gain unauthorized access to critical information and systems.
  •  identity theft
  •  disrupt the service








Causes :
  •  people are not aware of the value of the data they have.
  •  advantage of our willingness to trust and help others.  
  •  convinced people to give hackers what they wanted.



 The Process :
  • Gather Information - Learns as much as he can about the victim.
  • Plan Attack - the attacker  preplans the execution plan.
  • Acquire Tools - These are the pre owned tools through which they will execute the plan by exloiting the weaknesses of the target persons/person's system using acquired knowledge.







 


Creativity :

  • Phishing – Tricks a user to click/download a malicious link.
  • Spear phishing – Targeting a specific organization and/or individual.
  •  
  • Whale phishing – Targets specifically individuals such as CEOs.
  • Vishing – Targeting individuals over the phone.
  • Pretexting – Presents oneself as someone else.
  • Tailgating (piggybacking) – Unauthorized person gains access to restricted area by following an authorized person. 
  • Water-holing – Hacker compromises a third party website in order to compromise a person who visits that website to deliver a malware.
  • Dumpster diving – Collects information about a company and/or individual by going through the trash.
  • Reverse social engineering – It’s not a hacker who initiates a contact, but a potential victim themselves.
  • Baiting –  The hacker might drop a portable USB drive in the company parking lot or elevator on the chance that an employee will plug it into a work computer.
  • Quid pro quo – Hacker requests private information such as username and password in exchange for gift such as a gift card.
  • Scareware – To scare/manipulate a person to buy unwanted software and/or to download a software (which is malicious) to fix a problem.
  • Malvertising – Spread malware by online advertising on popular websites.  
----------------------------------------XXXXXXX-----------------------------------------------------

Comments

Post a Comment

Popular Posts

The Nigerian Prince Scam

-
Image
The Nigerian Prince Scam Internet fraud  is a type of  fraud  which makes use of the  Internet . This type of fraud varies greatly and appears in many forms. It ranges from Email spam to online scams. Internet fraud can occur even if partly based on the use of internet services and is mostly or completely based on the use of the internet. An  advance-fee scam  is a form of  fraud  and one of the most common types of  confidence trick . The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the fraudster requires in order to obtain the large sum. If a victim makes the payment, the fraudster either invents a series of further fees for the victim or simply disappears. According to the Federal Bureau of Investigation (FBI), "An advance fee scheme occurs when the victim pays money to someone in anticipation of receiving something of greater value—such as...
Read more

ACCESSING TASK MANAGER

-
Image
Accessing the Taskmanager What is Task-manager ? Windows Task Manager is used to view details about processes running on your computer. Since it can be used to terminate programs that are misbehaving or are viruses disguised in the form of harmless programs, most spyware and viruses disable it to prevent themselves from being closed through it. Some administrators also disable Task Manager to prevent users from closing important security programs like antiviruses and anti-malwares. The most irritating problem ever  " Task Manager has been disabled by Administrator " : well this may be because of admin or some sort of viruses , However, there are some techniques you can use to re-enable task manager and close those harmful programs manually. 1.  Enable using Windows registry :   Registry Editor is an inbuilt Windows tool that is used to modify registry keys which tell Windows how it should work. A simple registry modification can be used...
Read more

PC Security For Noobies !!!

-
Image
How to be Safe This blog is completely for those who are technically not sound in this field.They should go through this blog and then they will have some general idea about security. Anti-virus 1. Never, ever turn off the resident protection of your antivirus even if it decreases performance. Upgrade if necessary. 2. Keep your virus definitions up-to-date. Use the automatic update feature of your anti-virus and try not to ignore the "Do you want to update now" message however often it might pop up. 3. Even if you update regularly and you have not seen any suspicious activity on your PC, do a deep scan at least once a month. 4. Always create an emergency boot disk and keep it in a safe place. Internet-Security.jpg 5. Run a deep scan in safe mode at least once every two months to kill viruses that would otherwise remain hidden. Firewalls 1. If you are unsure about the alert displayed by your firewall, try searching it on the internet. 2. ...
Read more

Understanding the Computer Errors

-
Image
The Computer Errors Error messages are displayed on a Windows computer when a condition occurs that is not recognized by your computer or a hardware or software running on it. When an error occurs, you usually receive an error box informing you about the problem. Error messages are usually displayed when user intervention is required to resolve a particular problem. Ideally, an error message should comprise the following information: MessageID or the Error Code: An error code or message identification information is included with the error message. You can use this code or message ID to search for a solution to your problem in an online resources and software help documentation. Date and Time Stamp: This information is usually included with error messages or related log files to help users or computer technicians to try and identify the event that might have caused the error. Severity of the Error: An ideal error message informs users about the severity of the error. This...
Read more