Social Engineering Attack types and Precautions

Social Engineering Attack

Social engineering attacks are a form of psychological manipulation that exploits human behavior to trick individuals into giving away confidential information. These attacks can be carried out through various channels, including email, phone, social media, and in-person interactions. There are different types of social engineering attacks and how to protect ourselves from falling victim to them.

Types of Social Engineering Attacks

Phishing Attacks

Phishing attacks are the most common type of social engineering attack, and they involve the use of fraudulent emails or websites to trick individuals into giving away sensitive information, such as login credentials or credit card details. These emails or websites are designed to look like legitimate ones, often by replicating the logos and designs of well-known companies. Phishing attacks can also be carried out through phone calls or text messages.

Pretexting Attacks

Pretexting attacks involve the use of a fabricated story to convince an individual to disclose sensitive information. The attacker might pose as someone in authority, such as a bank employee or a company executive, and use the fabricated story to convince the victim to share confidential information.

Baiting Attacks

Baiting attacks involve the use of physical or digital media to lure individuals into disclosing sensitive information. For example, an attacker might leave a USB drive lying around in a public place, hoping that someone will pick it up and plug it into their computer. The USB drive might contain malware that can steal sensitive information from the victim's computer.

Spear Phishing Attacks

Spear phishing attacks are similar to phishing attacks, but they are targeted at specific individuals or groups. The attacker will research their target and craft a personalized email or message to make it seem more convincing. The goal is to trick the victim into divulging sensitive information or clicking on a malicious link.

Tailgating Attacks

Tailgating attacks involve the physical manipulation of individuals to gain access to restricted areas. The attacker might pose as an employee or a delivery person and follow someone into a restricted area. Once inside, they can steal sensitive information or carry out other malicious activities.

How to Protect Ourself from Social Engineering Attacks

Be cautious of unsolicited emails or messages. If an email or message seems too good to be true or asks for sensitive information, it is probably a social engineering attack.

Verify the identity of the person or organization before giving away any sensitive information. If you receive a phone call or message from someone claiming to be from your bank, for example, call the bank directly to verify their identity.

Install and regularly update anti-virus and anti-malware software on your devices.

Use strong passwords and enable two-factor authentication on your accounts.

Be mindful of what you post on social media. Avoid sharing personal information that could be used by attackers to carry out social engineering attacks.

Educate yourself and your employees about social engineering attacks. Awareness and training are key to preventing social engineering attacks.

In conclusion, social engineering attacks are a real threat in today's digital age. The best way to protect yourself is to be aware of the different types of social engineering attacks and to take proactive measures to prevent them.

What is Cross Site Scripting?

Cross-Site Scripting Attacker inserts malicious code into an application, when regular users request the webpage it returns the malicious page and the attacker gains control over user data via code he injects.

Countermeasure

Safely validating untrusted HTML input

Cookie security

Disabling scripts

What is Dictionary Attacks?

 

A dictionary attack is a brute-force technique where attackers run through common words and phrases, such as those from a dictionary, to guess passwords. It is also known as dictionary password attack. 

Most people use real words as passwords.

Trying all dictionary words and makes the attack much faster.

Hackers and spammers attempt to log in to a computer system by trying all possible passwords until the correct one is found.

Countermeasures

Lockout a user after X no of  failed login attempts

Not using Dictionary words as passwords

What is Fraggle Attacks?

 

A Fraggle attack is exactly the same as a smurf attack, except that it uses the user datagram protocol, or UDP, rather than the more common transmission control protocol, or TCP. Fraggle attacks, like smurf attacks, are starting to become outdated and are commonly stopped by most firewalls or routers.

The attacker sends UDP packets to the random ports of the victim host. The victim will check for application listening on the port and reply with the "ICMP destination unreachable" packet.

The attacker can spoof the IP address of the UDP packets so that no one can trace it back.

Countermeasures

Close all unused ports.

What is Smurf Attack?

 

A smurf attack is a form of a distributed denial-of-service attack that renders computer networks inoperable

The Smurf program accomplishes this by exploiting vulnerabilities of the Internet Protocol (IP) and Internet Control Message Protocols (ICMP).

Huge numbers of ICMP requests are sent to the victim's IP address.

The source and destination IP address is spoofed. The hosts on the victim's network respond to the ICMP requests.

This creates a significant amount of traffic on the victim’s network, resulting in the consumption of bandwidth and ultimately causing the victim’s server to crash.

Countermeasures

Configure individual hosts and routers to not respond to ICMP requests or broadcasts; or

Configure routers to not forward packets directed to broadcast addresses.

What is Brute Force Attack?

Brute Force Attack

A brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly.

The attacker systematically checks all possible passwords and passphrases until the correct one is found.

When password guessing, this method is very fast when used to check all short passwords.

There is a computer program run automatically to get the password.

The most basic brute force attack is a dictionary attack, where the attacker works through a dictionary of possible passwords and tries them all.

Countermeasures

• Account Lockout - You Have Implemented Account Lockout With A Clipping Level Of 4

• Strong Passwords -  A strong password must be at least 12 characters long and should consist of a random collection of uppercase and lowercase letters, numbers, and special characters.

• Implement Captcha - It is used to differentiate between real users and automated users, such as bots.

What is Man-In-The-Middle Attack?

 

Man-In-The-Middle Attack AKA MITM

It is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

Countermeasures

• Digital Signature - A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents.

• Mutual authentication - Mutual authentication, also known as two-way authentication, is a security process in which entities authenticate each other before actual communication occurs.

What is the two kind of cyber attacks?

 

There is two kinds of attacks.

Active Attack - which listens

    An active attack is network exploitation in which a hacker attempts to make changes to data on the target or data en route to the target.

Passive Attack - which modifies

    A passive attack is a network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities. The purpose is solely to gain information about the target and no data is changed on the target.

What is an Cyber Attack?

Cyber Attack

A cyber attack is an attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. Without proper security measures and controls in place, our data might be subjected to an attack. 

Some attacks are passive, meaning information is monitored; others are active, meaning the information is altered with intent to corrupt or destroy the data or the network itself.

The attack is not only from the side of external individuals but, it is also from internal sources.

How to find the Android phone is Rooted Or Not Easily

Go to Google Play and download a terminal client app

I recommend getting “Terminal Emulator for Android” which is for free.

Launch the app and you should get the well-known terminal interface with a text entry prompt.

Now, check the character right before your entry prompt.

If there’s a pound sign (#) then you’re rooted

Is there a dollar sign? If so, type in su and hit enter.

Should the dollar sign change into a pound sign (#), then you’re rooted.

that’s it.

How to Set Password On Any Application In Pc

You have to download a software named Password Door for your pc

Now install it to your pc, while installing , it will ask you to enter a password which will be used to open the password protected softwares.

Now open Password Door with the help of password which you have entered while installing

Click on protect a program.

You’ll see a list of all program on which you can set password.

Select the app from the list and make it password protect.

Now whenever you or any other user open password protected app, app will ask for the password. if you know the password only then you can access the application.

You can remove password from apps anytime.

What does the color of the USB port signifies in Laptop?

Blue and Black

Blue symbolizes USB 3.0 enabled.

You can transfer at blazing faster rate.

Tip: Next time connect your external hard drive to it.  

Black symbolizes USB 2.0 and 1.1 compliant. 

It is Standard Ports.

Tip: Next time connect your Mouse or other related devices to it.

Yellow

Yellow symbolizes Always-On.

It supplies power to the gadget even while in sleep mode or off.

Tip: Next time you can charge your phone while on the go in the car.

How to Record Desktop Using VLC Player

Open the VLC Player

To enable desktop recording, go to Media > Convert / Save.

Go to the Capture Device tab and on the Capture mode drop down menu, select Desktop.

Select your frame rate under Desired frame rate for the capture And click Convert / Save.

Finally select your codec and the destination and click Start.

To stop recording, click the Stop button.

Now VLC Player acting as a Desktop screen recorder.

How to Download Youtube Videos Within a Minute

Go to www.youtube.com
Select your favorite or watch your favorite videos
Copy the URL of the Video
Go to Following URL to Download Youtube Videos
1.www.savevid.com
2.www.keepvid.com
3.www.clipconverter.cc
4.catchvideo.net
5.savemedia.com
Pate the URL in Above Website
It will ask Permission from Java Script to run select yes
It will automatically download.

How to play Awesome Youtube Missile Game

Open youtube and click on any video want to play.

Now pause the video.

Now type 1980 and see the magic.

Now one game missile will start coming from the top. The job of the missile is to destroy the video. You can protect the video by firing back from your mouse.

18 Windows Hidden Tools You Seldom Use

To run any of these apps go to Start > Run and type the executable name and press Enter.

Character Map (charmap.exe) - Very useful for finding unusual characters.

Disk Cleanup (cleanmgr.exe) – The usual Disc cleanup.

DirectX diagnosis (dxdiag.exe) - Diagnose & test DirectX, video & sound cards.

Private character editor (eudcedit.exe) - Allows creation or modification of characters.

IExpress Wizard (iexpress.exe) - Create self-extracting / self-installing package.

Microsoft Synchronization Manager (mobsync.exe) - Appears to allow synchronization of files on the network for when working offline. Apparently undocumented.

ODBC Data Source Administrator (odbcad32.exe) – Database connection utility for support with external servers,create ODBC data sources,to administer remote databases or for supporting the ODBC database utility in Visual basic language.

System Monitor (perfmon.exe) - Very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for budding uber-geeks only.

Remote Access phone book (rasphone.exe) - Documentation is virtually non-existent.

Registry Editor (regedit.exe) – For making custom changes or hacking the Windows Registry.

Network shared folder wizard (shrpubw.exe) - Creates shared folders on network.

File signature verification tool (sigverif.exe) - This tool will search the operating system and identify any unsigned device drivers installed on the system. It will also verify all signed device drivers.

Volume Control (sndvol.exe) - I've included this for those people that lose it from the System Notification area.

Syskey (syskey.exe) - Secures Windows Account database, use with care, it's virtually undocumented but it appears to encrypt all passwords, I'm not sure of the full implications.

Microsoft Telnet Client (telnet.exe) – Built in telnet client which can be used to connect to servers to sent emails or to hack. This is disabled in in vista but you can re-enable it by going to Control panel –> Programs and Features –> Click "Turn Windows features on or off" on left –> Scroll down and check "Telnet Client.

Driver Verifier Manager (verifier.exe) - Seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems.

System configuration (msconfig.exe) - Can use to control startup programs, make changes to startup of Windows 7.

Group Policy Editor (gpedit.msc) - Used to manage group policies, and permissions.Its an Administrator only tool.

How To Add Different Colors to Folders In Windows

Download and install Folder Colorizer to find the tool integrated to your right click context menu.

Browse over to any folder on your machine and select option Colorize  upon right-click.

Color your folder from the default set or head over to choose from more Colors.. that gets added to the list of default set.

How to Play Video As ASCII Characters in VLC Player

Open the Video you want to play as ASCII Character with VLC Player.

To enable this fun feature, go to Tools > Preference and click on Video.

Under the Output drop down box, choose Color ASCII art video output.

Your video will now be displayed entirely in ACSII. 

How to Back up your SMS and Phone Logs on Android Smartphone

Backup message & call to Email is an application from Lucky-Dog that backups your SMS, MMS and call logs and links them to your gmail account.

You have to download The app called Backup message & call to Email

It has following features

1). Backup/restore your SMS to/from Gmail.
2). Backup/restore your call log to/from Gmail.
3). Backup/restore your MMS to/from Gmail.
4). Support to login Gmail with XOAuth, you needn’t to provide your Gmail password.
5). Support to hide application icon.

Once the app is installed you need to set up both the app as well as configure your gmail account. Start by logging in with your gmail account. Follow up by configuring your gmail account.

 

1.   Backup message & call to Email requires IMAP access to your gmail account to work. You can accomplish this by following the steps below.

2.   Login to your Gmail account

3.   Navigate to Settings

4.   Scroll down to Forwarding and POP/IMAP.

5.   Check Enable IMAP.

6.   Scroll down and click Save Changes.

Go back to the app hit backup to backup or restore your data.

How to Change any folder to Recycle Bin for data security

Open the notepad.

And type these lines in notepad :

[.ShellClassInfo] CLSID={645FF040-5081-101B-9F08-00AA002F954E}

And save as: Desktop.ini  in your folder(which you want to change into recyle bin) to change recycle bin.

For example We save desktop.ini in d:\Photo folder and then we open dos prompt and type the command shown below, which will convert the Photo folder into recycle bin.

d:\> attrib +a +r +s Photo /s /d

It's done.