Social Engineering Attack types and Precautions

Social Engineering Attack

Social engineering attacks are a form of psychological manipulation that exploits human behavior to trick individuals into giving away confidential information. These attacks can be carried out through various channels, including email, phone, social media, and in-person interactions. There are different types of social engineering attacks and how to protect ourselves from falling victim to them.

Types of Social Engineering Attacks

Phishing Attacks

Phishing attacks are the most common type of social engineering attack, and they involve the use of fraudulent emails or websites to trick individuals into giving away sensitive information, such as login credentials or credit card details. These emails or websites are designed to look like legitimate ones, often by replicating the logos and designs of well-known companies. Phishing attacks can also be carried out through phone calls or text messages.

Pretexting Attacks

Pretexting attacks involve the use of a fabricated story to convince an individual to disclose sensitive information. The attacker might pose as someone in authority, such as a bank employee or a company executive, and use the fabricated story to convince the victim to share confidential information.

Baiting Attacks

Baiting attacks involve the use of physical or digital media to lure individuals into disclosing sensitive information. For example, an attacker might leave a USB drive lying around in a public place, hoping that someone will pick it up and plug it into their computer. The USB drive might contain malware that can steal sensitive information from the victim's computer.

Spear Phishing Attacks

Spear phishing attacks are similar to phishing attacks, but they are targeted at specific individuals or groups. The attacker will research their target and craft a personalized email or message to make it seem more convincing. The goal is to trick the victim into divulging sensitive information or clicking on a malicious link.

Tailgating Attacks

Tailgating attacks involve the physical manipulation of individuals to gain access to restricted areas. The attacker might pose as an employee or a delivery person and follow someone into a restricted area. Once inside, they can steal sensitive information or carry out other malicious activities.

How to Protect Ourself from Social Engineering Attacks

Be cautious of unsolicited emails or messages. If an email or message seems too good to be true or asks for sensitive information, it is probably a social engineering attack.

Verify the identity of the person or organization before giving away any sensitive information. If you receive a phone call or message from someone claiming to be from your bank, for example, call the bank directly to verify their identity.

Install and regularly update anti-virus and anti-malware software on your devices.

Use strong passwords and enable two-factor authentication on your accounts.

Be mindful of what you post on social media. Avoid sharing personal information that could be used by attackers to carry out social engineering attacks.

Educate yourself and your employees about social engineering attacks. Awareness and training are key to preventing social engineering attacks.

In conclusion, social engineering attacks are a real threat in today's digital age. The best way to protect yourself is to be aware of the different types of social engineering attacks and to take proactive measures to prevent them.

What is Cross Site Scripting?

Cross-Site Scripting Attacker inserts malicious code into an application, when regular users request the webpage it returns the malicious page and the attacker gains control over user data via code he injects.

Countermeasure

Safely validating untrusted HTML input

Cookie security

Disabling scripts

What is Dictionary Attacks?

 

A dictionary attack is a brute-force technique where attackers run through common words and phrases, such as those from a dictionary, to guess passwords. It is also known as dictionary password attack. 

Most people use real words as passwords.

Trying all dictionary words and makes the attack much faster.

Hackers and spammers attempt to log in to a computer system by trying all possible passwords until the correct one is found.

Countermeasures

Lockout a user after X no of  failed login attempts

Not using Dictionary words as passwords

What is Smurf Attack?

 

A smurf attack is a form of a distributed denial-of-service attack that renders computer networks inoperable

The Smurf program accomplishes this by exploiting vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols (ICMP).

Huge numbers of ICMP requests are sent to the victim's IP address.

The source and destination IP address is spoofed. The hosts on the victim's network respond to the ICMP requests.

This creates a significant amount of traffic on the victim’s network, resulting in the consumption of bandwidth and ultimately causing the victim’s server to crash.

Countermeasures

Configure individual hosts and routers to not respond to ICMP requests or broadcasts; or

Configure routers to not forward packets directed to broadcast addresses.

What is Brute Force Attack?

Brute Force Attack

A brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly.

The attacker systematically checks all possible passwords and passphrases until the correct one is found.

When password guessing, this method is very fast when used to check all short passwords.

There is a computer program run automatically to get the password.

The most basic brute force attack is a dictionary attack, where the attacker works through a dictionary of possible passwords and tries them all.

Countermeasures

• Account Lockout - You Have Implemented Account Lockout With A Clipping Level Of 4

• Strong Passwords -  A strong password must be at least 12 characters long and should consist of a random collection of uppercase and lowercase letters, numbers, and special characters.

• Implement Captcha - It is used to differentiate between real users and automated users, such as bots.

What is Man-In-The-Middle Attack?

 

Man-In-The-Middle Attack AKA MITM

It is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Countermeasures

• Digital Signature - A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents.

• Mutual authentication - Mutual authentication, also known as two-way authentication, is a security process in which entities authenticate each other before actual communication occurs.

What is an Cyber Attack?

Cyber Attack

A cyber attack is an attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. Without proper security measures and controls in place, our data might be subjected to an attack. 

Some attacks are passive, meaning information is monitored; others are active, meaning the information is altered with intent to corrupt or destroy the data or the network itself.

The attack is not only from the side of external individuals but, it is also from internal sources.

How to Download Youtube Videos Within a Minute

Go to www.youtube.com
Select your favorite or watch your favorite videos
Copy the URL of the Video
Go to Following URL to Download Youtube Videos
1.www.savevid.com
2.www.keepvid.com
3.www.clipconverter.cc
4.catchvideo.net
5.savemedia.com
Pate the URL in Above Website
It will ask Permission from Java Script to run select yes
It will automatically download.

How to play Awesome Youtube Missile Game

Open youtube and click on any video want to play.

Now pause the video.

Now type 1980 and see the magic.

Now one game missile will start coming from the top. The job of the missile is to destroy the video. You can protect the video by firing back from your mouse.

How to Back up your SMS and Phone Logs on Android Smartphone

Backup message & call to Email is an application from Lucky-Dog that backups your SMS, MMS and call logs and links them to your gmail account.

You have to download The app called Backup message & call to Email

It has following features

1). Backup/restore your SMS to/from Gmail.
2). Backup/restore your call log to/from Gmail.
3). Backup/restore your MMS to/from Gmail.
4). Support to login Gmail with XOAuth, you needn’t to provide your Gmail password.
5). Support to hide application icon.

Once the app is installed you need to set up both the app as well as configure your gmail account. Start by logging in with your gmail account. Follow up by configuring your gmail account.

 

1.   Backup message & call to Email requires IMAP access to your gmail account to work. You can accomplish this by following the steps below.

2.   Login to your Gmail account

3.   Navigate to Settings

4.   Scroll down to Forwarding and POP/IMAP.

5.   Check Enable IMAP.

6.   Scroll down and click Save Changes.

Go back to the app hit backup to backup or restore your data.

What is a Computer Worm?

A computer worm is a self-replicating computer program that penetrates an operating system with the intent of spreading malicious code. Worms utilize networks to send copies of the original code to other computers, causing harm by consuming bandwidth or possibly deleting files or sending documents via email. Worms can also install backdoors on computers.

Example:

• Melissa
• ILOVEYOU

Source: http://www.pctools.com/

How to Use Mobile Camera As A WebCam

Download SmartCam.exe on your PC and Install.

Install Smartcam on your Mobile (Symbian S60 2nd Edition [SIS], S60 2nd Edition, Windows Mobile [CAB], Android [APK]

Start up SmartCam on your PC and go to >>> File >>> Settings and check your connection and proceed >>> next step.

Start SmartCam on your phone and go to Options Connect and it will ask you for server name and you need to type your PC IP address or your system name.

If YOU don't know your IP address then,

go to RUN type CMD type ipconfig

OR
go to Google type "my ip address"

What is Companion Viruses?

These types of viruses infect files just like the direct action and the resident types. Once inside the computer, they ‘accompany’ other existing files.

Example:

• Asimov.1539
• stator and terrax.1069

Source: http://typeslist.com/

What is Memory Resident Viruses

They usually fix themselves inside the computer memory. They get activated every time the OS runs and end up infecting other opened files. They hide in RAM.

Example:

• CMJ
• meve
• randex
• mrklunky

Source: http://typeslist.com/

How to Remove Page Elements in Websites in Firefox

You have to install the add-on named Remove Temporarily.

After installing, simply right-click on page element that you want to remove.

Select Inspect Element option from the right-click context menu.

As you do this, the inspector tool will appear at the bottom of the page with the Remove Element button.

Click the Remove Element conveniently allows you to remove parts of a webpage of your own choice.

Remove Temporarily can be used to remove parts or items on WebPages before printing or for reading purposes.

You should note that only one element can be removed at a time.

What is Directory Viruses?

Also known as cluster virus or file system virus. They infect the computer’s directory by changing the path indicating file location. They are usually located in the disk but affect the entire directory.

Example:

• dir-2 virus

Source: http://typeslist.com/

What is Direct Action Viruses?

These viruses mainly replicate or take action once they are executed. When a certain condition is met, the viruses will act by infecting the files in the directory or the folder specified in the AUTOEXEC.BAT. The viruses are generally found in the hard disk’s root directory, but they keep on changing location.

Example:

• Vienna virus

Source: http://typeslist.com/

What is Macro Viruses?

These viruses infect the files created using some applications or programs that contain macros such as doc, pps, xls and mdb. They automatically infect the files with macros and also templates and documents that are contained in the file. They hide in documents shared through e-mail and networks.

Example:

• Relax
• bablas
• Melissa.A
• 097M/Y2K

source: http://typeslist.com/

Types of Computer Viruses

• Macro Viruses
• Memory Resident Viruses
• Overwrite Viruses
• Direct Action Viruses
• Directory Virus
• Web Scripting Virus
• Multipartite Virus
• FAT Viruses
• Companion Viruses
• Polymorphic Virus
• Worm
• Trojans
• Email Virus
• Browser Hijacker
• Boot Infectors

source: http://typeslist.com

What is Computer Virus

A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

Source: http://www.webopedia.com