Social Engineering Types - Amazon Web Services
Social EngineeringSocial engineering is a technique which relies on human interaction in order to obtain sensitive information. Attackers use social engineering to extract important information about their targets. This mostly involves interacting with the target’s employees who are in possession of such information. Some employees are more vulnerable to social engineering attacks than others. Employees that are common targets of a social engineer include:ReceptionistsHelp-desk personnelTech supportSystem administratorsClientsOrganizations are vulnerable to social engineering attacks due to the lack of security training and employee education in regard to social engineering attacks. Social engineering attack consists of the following steps:Gather enough information about the target companyChoose a target employeeGain the target employee’s trustExtract information from the target employeeSocial Engineering TypesSocial engineering has three types:Human-based social engineeringComputer-based social engineeringMobile-based social engineeringEach type uses different techniques of obtaining information.Human-based Social EngineeringHuman-based social engineering involves interaction with people related to the organization with a goal to extract sensitive and important information about the target organization. Techniques used in this type of social engineering include:ImpersonationEavesdroppingShoulder SurfingDumpster DivingReverse Social EngineeringPiggybackingTailgatingVishingImpersonationImpersonation is a technique in which the attacker pretends to be someone else in order to learn the information they need. Usually, attackers pretend to be the target system’s end user, or a technical support member pretending to be working on something important for which they need the target’s information.VishingVishing is an impersonation technique in which the attacker uses voice technology such as phones or VoIP to extract information from their targets. Vishing usually involves using pre-recorded messages or SMS messages, urging the target to act.EavesdroppingEavesdropping is a technique in which the attacker listens to other people’s conversation or reads messages they are not supposed to read.Shoulder SurfingShoulder surfing is a technique in which the attacker gathers sensitive information such as passwords and codes by looking at the keyboard/keypad as the target types the data in.Dumpster DivingDumpster diving is a technique in which the attacker collects information from the target’s trash bins by looking for bills, financial information, sticky notes, manuals, and so on.Reverse Social EngineeringReverse social engineering is a technique in which the attacker poses as an authority figure and in such way extracts information from employees. In this technique, the attacker usually first creates a problem for an employee and then presents themselves as someone who is able to fix the problem. This way, the attacker establishes their authority and gains the employee’s trust, leading them to reveal sensitive information.PiggybackingPiggybacking is a technique in which the attacker gains access to the target organization’s building or secured area by convincing an authorized employee to let them in. TailgatingTailgating is a technique in which the attacker gains access to the target organization’s building or secured area by closely following an employee with the authorization and relying on the employee’s politeness like opening or holding the door for the attacker to let them puter-based Social EngineeringComputer-based social engineering involves using computers and information systems for collecting sensitive and important information. Techniques used in this type of social engineering include:PhishingSpam mailChat messengerPop-up window attacksPhishingPhishing is a technique in which the attacker sets up a malicious website and then mails the link of the website to their target. The website usually looks like a legitimate one and asks for the target to submit sensitive information.Spam MailAttackers send spam mail with malicious links and attachments in order to obtain sensitive information from the target or infect the target’s machine.Chat MessengerAttackers use chat messengers to interact with their target and learn personal information which they can later use for the attack on the target’s accounts.Pop-up window AttacksAttackers use pop-ups to urge the target into clicking on links to malicious websites or downloading malware.Mobile-based Social EngineeringMobile-based social engineering involves using malicious mobile apps to collect sensitive and important information. Techniques used in this type of social engineering include:Malicious appsRepackaging legitimate appsFake security appsSMS phishingMalicious AppsAttackers create and publish malicious apps to get users to install them and thus infect their phones with malware which is designed to send the victim’s credentials to the attackers.Repackaging Legitimate AppsAttackers repackage legitimate apps with malware and upload the repackaged app to a third-party app store. When a user downloads the malicious app, their phone gets infected allowing the attacker to obtain the user’s credentials. Fake Security AppsAttacker uses this technique to trick users into downloading the app that the attacker had created and use that app to securely log on to their bank accounts, thus providing the attacker with the account credentials.SMS PhishingAttackers use SMS phishing to send malicious links through SMS messages and urge their targets to act, which leads to the target giving their personal and sensitive information to the attacker.Insider AttacksInsider attack is an attack in which an authorized person unintentionally or intentionally compromises the security of a system. Insider attacks are usually performed by privileged users, former employees, dissatisfied employees, and uneducated employees who have access to sensitive information.Insiders are categorized into:Malicious insiders (dissatisfied or former employees)Negligent insiders (uneducated employees)Professional insiders (employees who purposefully steal sensitive information)Compromised insiders (employees who have access to sensitive information and are compromised by the attacker to reveal the information)Identity TheftIdentity theft refers to using someone else’s identity and posing as that person. This includes stealing someone’s personal information to commit some sort of a criminal act. Information stolen usually includes first and last name, date of birth, address, social security number, bank accounts, id card and passport numbers, and other important information. Attackers commit identity theft to open new credit card accounts on the victim’s name, sell identity information, or use the stolen information for fake IDs and passports. ................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- administration administration services for intermediate 2
- position title amazon s3
- chapter 1 marketing in the 21st century
- current uses of internet
- a novel application of web services in computer science
- social engineering types amazon web services
- amazon web services
- putting one to one marketing to work personalization
Related searches
- amazon web services revenue
- amazon web services revenue 2018
- amazon web services profitability 2018
- amazon web services revenue history
- amazon web services financials
- amazon web services annual report
- amazon web services revenue 2019
- amazon web services strategic plan
- amazon web services cloud
- amazon web services growth
- amazon web services history
- amazon web services cloud platform