Social Engineering Attack types and Precautions

Social Engineering Attack

Social engineering attacks are a form of psychological manipulation that exploits human behavior to trick individuals into giving away confidential information. These attacks can be carried out through various channels, including email, phone, social media, and in-person interactions. There are different types of social engineering attacks and how to protect ourselves from falling victim to them.

Types of Social Engineering Attacks

Phishing Attacks

Phishing attacks are the most common type of social engineering attack, and they involve the use of fraudulent emails or websites to trick individuals into giving away sensitive information, such as login credentials or credit card details. These emails or websites are designed to look like legitimate ones, often by replicating the logos and designs of well-known companies. Phishing attacks can also be carried out through phone calls or text messages.

Pretexting Attacks

Pretexting attacks involve the use of a fabricated story to convince an individual to disclose sensitive information. The attacker might pose as someone in authority, such as a bank employee or a company executive, and use the fabricated story to convince the victim to share confidential information.

Baiting Attacks

Baiting attacks involve the use of physical or digital media to lure individuals into disclosing sensitive information. For example, an attacker might leave a USB drive lying around in a public place, hoping that someone will pick it up and plug it into their computer. The USB drive might contain malware that can steal sensitive information from the victim's computer.

Spear Phishing Attacks

Spear phishing attacks are similar to phishing attacks, but they are targeted at specific individuals or groups. The attacker will research their target and craft a personalized email or message to make it seem more convincing. The goal is to trick the victim into divulging sensitive information or clicking on a malicious link.

Tailgating Attacks

Tailgating attacks involve the physical manipulation of individuals to gain access to restricted areas. The attacker might pose as an employee or a delivery person and follow someone into a restricted area. Once inside, they can steal sensitive information or carry out other malicious activities.

How to Protect Ourself from Social Engineering Attacks

Be cautious of unsolicited emails or messages. If an email or message seems too good to be true or asks for sensitive information, it is probably a social engineering attack.

Verify the identity of the person or organization before giving away any sensitive information. If you receive a phone call or message from someone claiming to be from your bank, for example, call the bank directly to verify their identity.

Install and regularly update anti-virus and anti-malware software on your devices.

Use strong passwords and enable two-factor authentication on your accounts.

Be mindful of what you post on social media. Avoid sharing personal information that could be used by attackers to carry out social engineering attacks.

Educate yourself and your employees about social engineering attacks. Awareness and training are key to preventing social engineering attacks.

In conclusion, social engineering attacks are a real threat in today's digital age. The best way to protect yourself is to be aware of the different types of social engineering attacks and to take proactive measures to prevent them.

What is Fraggle Attacks?

 

A Fraggle attack is exactly the same as a smurf attack, except that it uses the user datagram protocol, or UDP, rather than the more common transmission control protocol, or TCP. Fraggle attacks, like smurf attacks, are starting to become outdated and are commonly stopped by most firewalls or routers.

The attacker sends UDP packets to the random ports of the victim host. The victim will check for application listening on the port and reply with the "ICMP destination unreachable" packet.

The attacker can spoof the IP address of the UDP packets so that no one can trace it back.

Countermeasures

Close all unused ports.

What is Smurf Attack?

 

A smurf attack is a form of a distributed denial-of-service attack that renders computer networks inoperable

The Smurf program accomplishes this by exploiting vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols (ICMP).

Huge numbers of ICMP requests are sent to the victim's IP address.

The source and destination IP address is spoofed. The hosts on the victim's network respond to the ICMP requests.

This creates a significant amount of traffic on the victim’s network, resulting in the consumption of bandwidth and ultimately causing the victim’s server to crash.

Countermeasures

Configure individual hosts and routers to not respond to ICMP requests or broadcasts; or

Configure routers to not forward packets directed to broadcast addresses.

What is Brute Force Attack?

Brute Force Attack

A brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly.

The attacker systematically checks all possible passwords and passphrases until the correct one is found.

When password guessing, this method is very fast when used to check all short passwords.

There is a computer program run automatically to get the password.

The most basic brute force attack is a dictionary attack, where the attacker works through a dictionary of possible passwords and tries them all.

Countermeasures

• Account Lockout - You Have Implemented Account Lockout With A Clipping Level Of 4

• Strong Passwords -  A strong password must be at least 12 characters long and should consist of a random collection of uppercase and lowercase letters, numbers, and special characters.

• Implement Captcha - It is used to differentiate between real users and automated users, such as bots.

What is Man-In-The-Middle Attack?

 

Man-In-The-Middle Attack AKA MITM

It is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Countermeasures

• Digital Signature - A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents.

• Mutual authentication - Mutual authentication, also known as two-way authentication, is a security process in which entities authenticate each other before actual communication occurs.

What is the two kind of cyber attacks?

 

There is two kinds of attacks.

Active Attack - which listens

    An active attack is network exploitation in which a hacker attempts to make changes to data on the target or data en route to the target.

Passive Attack - which modifies

    A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities. The purpose is solely to gain information about the target and no data is changed on the target.

What is an Cyber Attack?

Cyber Attack

A cyber attack is an attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. Without proper security measures and controls in place, our data might be subjected to an attack. 

Some attacks are passive, meaning information is monitored; others are active, meaning the information is altered with intent to corrupt or destroy the data or the network itself.

The attack is not only from the side of external individuals but, it is also from internal sources.

How to Set Password On Any Application In Pc

You have to download a software named Password Door for your pc

Now install it to your pc, while installing , it will ask you to enter a password which will be used to open the password protected softwares.

Now open Password Door with the help of password which you have entered while installing

Click on protect a program.

You’ll see a list of all program on which you can set password.

Select the app from the list and make it password protect.

Now whenever you or any other user open password protected app, app will ask for the password. if you know the password only then you can access the application.

You can remove password from apps anytime.

What does the color of the USB port signifies in Laptop?

Blue and Black

Blue symbolizes USB 3.0 enabled.

You can transfer at blazing faster rate.

Tip: Next time connect your external hard drive to it.  

Black symbolizes USB 2.0 and 1.1 compliant. 

It is Standard Ports.

Tip: Next time connect your Mouse or other related devices to it.

Yellow

Yellow symbolizes Always-On.

It supplies power to the gadget even while in sleep mode or off.

Tip: Next time you can charge your phone while on the go in the car.

How to Record Desktop Using VLC Player

Open the VLC Player

To enable desktop recording, go to Media > Convert / Save.

Go to the Capture Device tab and on the Capture mode drop down menu, select Desktop.

Select your frame rate under Desired frame rate for the capture And click Convert / Save.

Finally select your codec and the destination and click Start.

To stop recording, click the Stop button.

Now VLC Player acting as a Desktop screen recorder.

18 Windows Hidden Tools You Seldom Use

To run any of these apps go to Start > Run and type the executable name and press Enter.

Character Map (charmap.exe) - Very useful for finding unusual characters.

Disk Cleanup (cleanmgr.exe) – The usual Disc cleanup.

DirectX diagnosis (dxdiag.exe) - Diagnose & test DirectX, video & sound cards.

Private character editor (eudcedit.exe) - Allows creation or modification of characters.

IExpress Wizard (iexpress.exe) - Create self-extracting / self-installing package.

Microsoft Synchronization Manager (mobsync.exe) - Appears to allow synchronization of files on the network for when working offline. Apparently undocumented.

ODBC Data Source Administrator (odbcad32.exe) – Database connection utility for support with external servers,create ODBC data sources,to administer remote databases or for supporting the ODBC database utility in Visual basic language.

System Monitor (perfmon.exe) - Very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for budding uber-geeks only.

Remote Access phone book (rasphone.exe) - Documentation is virtually non-existent.

Registry Editor (regedit.exe) – For making custom changes or hacking the Windows Registry.

Network shared folder wizard (shrpubw.exe) - Creates shared folders on network.

File signature verification tool (sigverif.exe) - This tool will search the operating system and identify any unsigned device drivers installed on the system. It will also verify all signed device drivers.

Volume Control (sndvol.exe) - I've included this for those people that lose it from the System Notification area.

Syskey (syskey.exe) - Secures Windows Account database, use with care, it's virtually undocumented but it appears to encrypt all passwords, I'm not sure of the full implications.

Microsoft Telnet Client (telnet.exe) – Built in telnet client which can be used to connect to servers to sent emails or to hack. This is disabled in in vista but you can re-enable it by going to Control panel –> Programs and Features –> Click "Turn Windows features on or off" on left –> Scroll down and check "Telnet Client.

Driver Verifier Manager (verifier.exe) - Seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems.

System configuration (msconfig.exe) - Can use to control startup programs, make changes to startup of Windows 7.

Group Policy Editor (gpedit.msc) - Used to manage group policies, and permissions.Its an Administrator only tool.

How To Add Different Colors to Folders In Windows

Download and install Folder Colorizer to find the tool integrated to your right click context menu.

Browse over to any folder on your machine and select option Colorize  upon right-click.

Color your folder from the default set or head over to choose from more Colors.. that gets added to the list of default set.

How to Play Video As ASCII Characters in VLC Player

Open the Video you want to play as ASCII Character with VLC Player.

To enable this fun feature, go to Tools > Preference and click on Video.

Under the Output drop down box, choose Color ASCII art video output.

Your video will now be displayed entirely in ACSII. 

How to Change any folder to Recycle Bin for data security

Open the notepad.

And type these lines in notepad :

[.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E}

And save as: Desktop.ini  in your folder(which you want to change into recyle bin) to change recycle bin.

For example We save desktop.ini in d:\Photo folder and then we open dos prompt and type the command shown below, which will convert the Photo folder into recycle bin.

d:\> attrib +a +r +s Photo /s /d

It's done.

How to Add Subtitles in Windows Media Player

Go and download the plug-in for window media player from codecpack.com.

Install the plug-in.

Switch on the subtitle feature in the windows media player.

After that open the movie with the windows media player, here goes your movie with subtitles.

If not check the movie name and subtitle name or difference, if different rename the subtitle to the same name.

What is a Computer Worm?

A computer worm is a self-replicating computer program that penetrates an operating system with the intent of spreading malicious code. Worms utilize networks to send copies of the original code to other computers, causing harm by consuming bandwidth or possibly deleting files or sending documents via email. Worms can also install backdoors on computers.

Example:

• Melissa
• ILOVEYOU

Source: http://www.pctools.com/

What is Polymorphic Virus?

They encode or encrypt themselves in a different way every time they infect your computer. They use different encryption and algorithms. This makes it difficult for the antivirus software to locate them using signature or string searches (since they are very different in each encryption).

Example:

• Marburg
• tuareg
• Satan bug
• elkern

Source: http://typeslist.com/

How to Use Mobile Camera As A WebCam

Download SmartCam.exe on your PC and Install.

Install Smartcam on your Mobile (Symbian S60 2nd Edition [SIS], S60 2nd Edition, Windows Mobile [CAB], Android [APK]

Start up SmartCam on your PC and go to >>> File >>> Settings and check your connection and proceed >>> next step.

Start SmartCam on your phone and go to Options Connect and it will ask you for server name and you need to type your PC IP address or your system name.

If YOU don't know your IP address then,

go to RUN type CMD type ipconfig

OR
go to Google type "my ip address"

What is Companion Viruses?

These types of viruses infect files just like the direct action and the resident types. Once inside the computer, they ‘accompany’ other existing files.

Example:

• Asimov.1539
• stator and terrax.1069

Source: http://typeslist.com/

What is FAT Viruses?

These lardy viruses attack the file allocation table (FAT) which is the disc part used to store every information about the available space, location of files, unusable space etc.

Example:

• the link virus

Source: http://typeslist.com/