Methods of Social Engineering
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card numbers, by disguising as a trustworthy entity in an electronic communication.
Vishing is telephone fraud similar to phishing, the difference is that Fraudsters are trying to obtain valuable information via the telephone. Vishing has proven to be one of the most successful methods of social engineering.
“Smishing” is SMS phishing where text messages are sent trying to encourage people to pay money out or click on suspicious links.
- Fake profiles in social sites.
In the last years there has been a spike in psychological manipulation through social media, with reported multibillion losses in global credit card fraud.
Someone is secretly listening to the private conversation of others without their consent by human or electronic ears.
- Dumpster Diving.
To get your EIN or your old hard drive from your electronic waste or just an old floppy disk with essential information in the dustbin.
- Shoulder surf.
Shoulder surfers try to steal confidential data such as personal identification number, password and other by looking over their victim’s shoulder. They can do that directly, or through mirrors, binoculars and hidden microphones and cams.
Tailgating is driving on a road too close to the vehicle in front. The same stands in cyber security terms. Tailgating in cyber-security is when someone sticks on the back of authorized personnel, in order to pass through a security door. So this could be a real person, or a malware, at the tail of a legitimate program.
- E-mail Spam. Unsolicited or “junk” e-mail is designed to attract your attention. It could be a message that a video you created or you are inside this video and it has got a very large number of views on Facebook. If you click the link it takes you to a fake page that tries to steal your account login details.
- Chat Spam. Chat can be spammy because you don’t see the person at the other side so it is easily to be cheated if you don’t know eachother.
- Reverse Social Engineering.
Human behavior is at the center of the security equation. In a reverse social engineering attack, the attacker does not contact the victim first, but the victim is tricked into contacting the attacker.
An unbelievable offer or outrageous fake news to make you click through or Pop Up windows blocking your page and say you won a million dollars. If you ‘d like to read some junk news exposed, just go to junkscience.com
Malware used in Cyber attacks
- CryptXXX ransomware.
CryptXXX’s exploit kit has the ability to evade security software and virtual machines. Legitimate websites when hit by a botnet, they redirect visitors to a malicious site where the ransomware CryptXXX is downloaded.
BadBIOS is a BIOS (Basic Input / Output System)-level Trojan, that affects Windows, Macintosh, Linux and BSD systems.
- Doxware – extortionware.
Doxware is an exploit in which the attacker accesses the target’s sensitive data threatening to release them publicly unless ransom is paid. It is also known as extortionware, because it extracts everything out so when there is no back up, ransom has to be paid. Doxware compromises the privacy of conversations, photos, and sensitive files, and holds computers as hostages, making it harder to avoid paying the ransom. Doxware is extortionware, plus with the threat of exposing sensitive personal data.
- SoakSoak botnet.
The SoakSoak botnet is a zombie bot net which scans for vendor vulnerabilities on the victim’s machines. To identify outdated plugins and components, it is checking known default URLs and port numbers. Compromised systems redirect to websites hosting the Neutrino exploit kit which automates the exploitation of client-side vulnerabilities. It installs on their endpoints by drive-by downloads, a RAT (Remote Access Tool or backdoor) and the Neutrino landing pages which lead to the CryptXXX ransomware, or to Trojan horse Cryptowall and similar.
To be continued