Cyber Security Essay
IR379 Posting Social Engineering NEED TO KNOW
Social engineering defined: hacking the person; psychological manipulation to trick a person into doing something they probably wouldn’t otherwise do because its detrimental.
It works!!!!! Statistics vary, but currently, the majority of cyber attacks start with phishing or social engineering of some sort.
Uses human nature to work. Seeks to create stressful or emotional situation to provoke a response before victim thinks it through, using:
--trust: you can trust me
--power: do this because I’m in charge
--greed: something for mothing
--fear: something bad is about to happen, stop it now
--altruism: someone is in need
--flattery: this offer is select, just for you
--prurient interest: pornography, celebrities, snooping
--some specific need: based on target research
--general inattention to detail: looks right and familiar
Phishing: targets general users, usually seeking logon credentials but could also inject malware
Spear phishing: targets specific people who have access to things the phisher wants, using public or non-public information, but non-public information tends to increase trust, again seeking credentials or injecting malware
NOTE: Be prepared to define or explain any of the four underlined words below; are all defined in Beware the Malware class Wiki on blackboard.
Pshishing, spearphishing and whalephishing can activate a trojan horse execution in the e-mail and inject malware into the victim’s computer or can be a form of scareware .
Social engineering can take the form of a watering hole attack and/or a drive-by attack.