Twitter Updates

    follow me on Twitter

    List for 4.5% and get 1% cash back on your purchase


    How much is your home worth?
    Receive Home Listings By Email

    Thursday, January 25, 2024

    CEH: Fundamentals Of Social Engineering


    Social engineering is a nontechnical method of breaking into a system or network. It's the process of deceiving users of a system and convincing them to perform acts useful to the hacker, such as giving out information that can be used to defeat or bypass security mechanisms. Social engineering is important to understand because hackers can use it to attack the human element of a system and circumvent technical security measures. This method can be used to gather information before or during an attack.

    A social engineer commonly uses the telephone or Internet to trick people into revealing sensitive information or to get them to do something that is against the security policies of the organization. By this method, social engineers exploit the natural tendency of a person to trust their word, rather than exploiting computer security holes. It's generally agreed that users are the weak link in security; this principle is what makes social engineering possible.

    The most dangerous part of social engineering is that companies with authentication processes, firewalls, virtual private networks, and network monitoring software are still wide open to attacks, because social engineering doesn't assault the security measures directly. Instead, a social-engineering attack bypasses the security measures and goes after the human element in an organization.

    Types of Social Engineering-Attacks

    There are two types of Social Engineering attacks

    Human-Based 

    Human-based social engineering refers to person-to-person interaction to retrieve the desired information. An example is calling the help desk and trying to find out a password.

    Computer-Based 

    ​Computer-based social engineering refers to having computer software that attempts to retrieve the desired information. An example is sending a user an email and asking them to reenter a password in a web page to confirm it. This social-engineering attack is also known as phishing.

    Human-Based Social Engineering

    Human-Based further categorized as follow:

    Impersonating an Employee or Valid User

    In this type of social-engineering attack, the hacker pretends to be an employee or valid user on the system. A hacker can gain physical access by pretending to be a janitor, employee, or contractor. Once inside the facility, the hacker gathers information from trashcans, desktops, or computer systems.

    Posing as an Important User

    In this type of attack, the hacker pretends to be an important user such as an executive or high-level manager who needs immediate assistance to gain access to a computer system or files. The hacker uses intimidation so that a lower-level employee such as a help desk worker will assist them in gaining access to the system. Most low-level employees won't question someone who appears to be in a position of authority.

    Using a Third Person

    Using the third-person approach, a hacker pretends to have permission from an authorized source to use a system. This attack is especially effective if the supposed authorized source is on vacation or can't be contacted for verification.

    Calling Technical Support

    Calling tech support for assistance is a classic social-engineering technique. Help desk and technical support personnel are trained to help users, which makes them good prey for social-engineering attacks.

    Shoulder Surfing 

    Shoulder surfing is a technique of gathering passwords by watching over a person's shoulder while they log in to the system. A hacker can watch a valid user log in and then use that password to gain access to the system.

    Dumpster Diving

    Dumpster diving involves looking in the trash for information written on pieces of paper or computer printouts. The hacker can often find passwords, filenames, or other pieces of confidential information.

    Computer-Based Social Engineering

    Computer-based social-engineering attacks can include the following:
    • Email attachments
    • Fake websites
    • Pop-up windows


    Insider Attacks

    If a hacker can't find any other way to hack an organization, the next best option is to infiltrate the organization by getting hired as an employee or finding a disgruntled employee to assist in the attack. Insider attacks can be powerful because employees have physical access and are able to move freely about the organization. An example might be someone posing as a delivery person by wearing a uniform and gaining access to a delivery room or loading dock. Another possibility is someone posing as a member of the cleaning crew who has access to the inside of the building and is usually able to move about the offices. As a last resort, a hacker might bribe or otherwise coerce an employee to participate in the attack by providing information such as passwords.

    Identity Theft

    A hacker can pose as an employee or steal the employee's identity to perpetrate an attack. Information gathered in dumpster diving or shoulder surfing in combination with creating fake ID badges can gain the hacker entry into an organization. Creating a persona that can enter the building unchallenged is the goal of identity theft.

    Phishing Attacks

    Phishing involves sending an email, usually posing as a bank, credit card company, or other financial organization. The email requests that the recipient confirm banking information or reset passwords or PINs. The user clicks the link in the email and is redirected to a fake website. The hacker is then able to capture this information and use it for financial gain or to perpetrate other attacks. Emails that claim the senders have a great amount of money but need your help getting it out of the country are examples of phishing attacks. These attacks prey on the common person and are aimed at getting them to provide bank account access codes or other confidential information to the hacker.

    Online Scams

    Some websites that make free offers or other special deals can lure a victim to enter a username and password that may be the same as those they use to access their work system.
    The hacker can use this valid username and password once the user enters the information in the website form. Mail attachments can be used to send malicious code to a victim's system, which could automatically execute something like a software keylogger to capture passwords. Viruses, Trojans, and worms can be included in cleverly crafted emails to entice a victim to open the attachment. Mail attachments are considered a computer-based social-engineering attack.
    Read more

    1. Hacker Hardware Tools
    2. Hacking Tools For Pc
    3. Pentest Tools Github
    4. Pentest Tools Framework
    5. Pentest Tools Kali Linux
    6. Hacking Tools For Windows
    7. Hack Tools For Games
    8. Hacking Apps
    9. Pentest Tools Download
    10. Hack Tools For Ubuntu
    11. Pentest Tools For Ubuntu
    12. Pentest Tools Framework
    13. Hacking Tools
    14. Hacker Search Tools
    15. Pentest Tools Linux
    16. Hack Rom Tools
    17. Hacker Tools Apk Download
    18. Hacking Tools
    19. Easy Hack Tools
    20. Hacking Tools And Software
    21. Best Hacking Tools 2020
    22. Hacker Tools 2019
    23. Hak5 Tools
    24. Hacking Apps
    25. Ethical Hacker Tools
    26. Hack Tools For Pc
    27. Hacker Tools Hardware
    28. Hacker
    29. Hacking Tools
    30. Hacking Tools For Windows 7
    31. Pentest Reporting Tools
    32. Pentest Tools Framework
    33. Pentest Tools Website
    34. Hacking Tools Windows
    35. World No 1 Hacker Software
    36. Hack Tools For Windows
    37. Hacking Tools Software
    38. Hacker Techniques Tools And Incident Handling
    39. Bluetooth Hacking Tools Kali
    40. Hack Tools Online
    41. Hacker Tools For Mac
    42. Hacker Techniques Tools And Incident Handling
    43. Hacking Tools Usb
    44. New Hack Tools
    45. Usb Pentest Tools
    46. Pentest Tools Framework
    47. Pentest Tools Apk
    48. Hacking Tools For Windows
    49. Hack Website Online Tool
    50. Hacking Tools Download
    51. Bluetooth Hacking Tools Kali
    52. Blackhat Hacker Tools
    53. Pentest Tools Subdomain
    54. Pentest Tools Online
    55. Kik Hack Tools
    56. Hacker Tool Kit
    57. Hacking Tools For Pc
    58. Hacking Tools For Pc
    59. Hacking Tools
    60. Hacking Tools Hardware
    61. Android Hack Tools Github
    62. Install Pentest Tools Ubuntu
    63. Hack Tools Mac
    64. Hacker Tools Linux
    65. Hacker Tools Github
    66. Easy Hack Tools
    67. Pentest Tools Tcp Port Scanner
    68. Hack Tools Online
    69. Pentest Reporting Tools
    70. Pentest Box Tools Download
    71. Hack Tools Github
    72. Hacking App
    73. Pentest Automation Tools
    74. Hacking Tools Mac
    75. Hacking Tools Software
    76. Hack Tools Download
    77. Kik Hack Tools
    78. Hacker Tools Linux
    79. Hacking Tools Github
    80. Pentest Tools Linux
    81. Blackhat Hacker Tools
    82. Nsa Hacker Tools
    83. Hack Tools Pc
    84. Pentest Tools List
    85. Hack App
    86. Github Hacking Tools
    87. Pentest Tools
    88. Hack Website Online Tool
    89. Hacker Tools Apk Download
    90. Underground Hacker Sites
    91. Pentest Tools For Android
    92. Hacking Tools For Mac
    93. Hacker Tools For Mac
    94. Hacking Tools For Kali Linux
    95. Hacker Tool Kit
    96. How To Install Pentest Tools In Ubuntu
    97. Hackrf Tools
    98. Tools 4 Hack
    99. Black Hat Hacker Tools
    100. Hack Tools For Ubuntu
    101. Best Hacking Tools 2020
    102. Hacking Tools For Beginners
    103. Free Pentest Tools For Windows
    104. Hacking App
    105. Underground Hacker Sites
    106. World No 1 Hacker Software
    107. Hacking Tools Github
    108. Hacking Tools Hardware
    109. Hacker Tools Github
    110. Pentest Tools Review
    111. Hacker Tools Online
    112. Hacking Tools For Mac
    113. Hack Tools Github
    114. Hack Tools For Ubuntu
    115. Pentest Tools Android
    116. Hacking Tools Github
    117. Hacker Tools Online
    118. Pentest Tools For Android
    119. Pentest Tools Bluekeep
    120. Hacker Tools Windows
    121. Hack Tools For Windows
    122. Tools Used For Hacking
    123. Hacking Tools For Windows 7
    124. Hacker Tools For Windows
    125. Hacker Search Tools
    126. Pentest Tools Free
    127. Hacking Tools For Mac
    128. Hacking Tools Windows 10
    129. Beginner Hacker Tools
    130. Termux Hacking Tools 2019
    131. Blackhat Hacker Tools
    132. What Is Hacking Tools
    133. Pentest Tools For Mac
    134. Pentest Tools Framework
    135. Hacker Tools Windows
    136. Hacking Tools For Mac
    137. Hacking Tools Software
    138. Hacking Tools Kit
    139. Black Hat Hacker Tools
    140. Underground Hacker Sites
    141. Pentest Tools For Android
    142. Hacking Tools For Games
    143. Hacker Tools Linux
    144. Tools For Hacker
    145. Hackers Toolbox
    146. Hacking Tools For Beginners
    147. Pentest Tools Alternative
    148. Computer Hacker
    149. Hacking Tools Online
    150. Pentest Tools Review
    151. Pentest Tools Subdomain
    152. Growth Hacker Tools
    153. Tools Used For Hacking
    154. Hacking Tools For Windows 7
    155. Hacking Tools For Windows 7
    156. Hacking Tools Download
    157. Hack Website Online Tool
    158. Hacker Tools List
    159. Hacker Tools 2020
    160. Hack Website Online Tool
    161. Hacking Tools For Pc
    162. Bluetooth Hacking Tools Kali
    163. Top Pentest Tools
    164. Pentest Tools For Mac
    Posted by at

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)

    Home for sale- $2,000 rebate!

    Ready Real Estate slide show

    View sdutton's profile on slideshare

    Become a fan of my page

    Sheree Dutton, Reatlor, DFW, Texas on Facebook
    Powered By Blogger

    Pandora Faves

    Back on the market, price reduced, 1% cash back rebate offered

    Sheree Dutton | Ready Real Estate | 817-975-0461
    222 Birchwood, Azle, TX
    Back on the market, price reduced and 15 cash back rebate offered!
    3BR/2BA Single Family House
    offered at $102,500
    Year Built 2006
    Sq Footage 1,142
    Bedrooms 3
    Bathrooms 2 full, 0 partial
    Floors 1
    Parking 3 Covered spaces
    Lot Size .225 acres
    HOA/Maint $0 per month

    DESCRIPTION

    Wow, talk about pride of ownership! This house has too many upgrades to count, and is so well cared for. You must see it to believe it! A lot of value in this perfect starter home.

    OPEN HOUSE SUNDAY MAY 3RD 2+5 pm

    see additional photos below
    PROPERTY FEATURES
    - Central A/C - Central heat - Fireplace
    - High/Vaulted ceiling - Walk-in closet - Tile floor
    - Living room - Breakfast nook - Dishwasher
    - Refrigerator - Stove/Oven - Microwave
    - Laundry area - inside - Balcony, Deck, or Patio - Yard

    OTHER SPECIAL FEATURES
    - 1 car garage, covered carport for 2 cars
    - covered wood deck in backyard
    - gutters
    - storage shed
    - newly stained wood fence
    - electric fireplace added, with tile hearth
    - upgraded ceiling fans and light fixtures
    - island in kitchen
    ADDITIONAL PHOTOS

    Fantastic curb appeal

    covered wood deck in back

    living room

    kitchen with island

    breakfast nook

    master bedroom
    Contact info:
    Sheree Dutton
    Ready Real Estate
    817-975-0461
    For sale by agent/broker

    powered by postlets Equal Opportunity Housing
    Posted: Sep 11, 2009, 7:31am PDT

    Blog Archive