Friday, 26 August 2022

Impersonation Social Engineering Attacks

 

Impersonation Social Engineering Attacks


At Social-Engineer, we define impersonation as the “practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system.” Impersonation is a social engineering tactic that continues to threaten enterprises.



There are many ways to obtain information of person. Some of them are following,

Phishing

Phishing is an attack technique used through e-mail to trick the user into performing various actions, which may include clicking harmful links or even replying to an e-mail with a user’s personal information, such as a password, credit card information, and so on. Phishing is a form of social engineering that is simply executed through e-mail.
  • A phishing e-mail is typically designed to look exactly like a legitimate e-mail from a person or entity the user trusts. It may even contain embedded pictures or stationary that resembles a trusted organization, such as a bank or google. That request to user click on hyperlink
  • The hyperlink connect to malicious website and, when the user input his or her credentials, then attacker steals the user's credentials.   
  • Spear phishing attackers are similar to phishing attack, but more directed. The attacker email come from more trusted source (e.g. from management or or a trusted coworkers)

Pharming Attack

In Pharming the hackers misuse the DNS system to be used as the key weapon. While phishing is attempted using legitimate-looking websites that are actually spoofed, pharming happens at the server level of the DNS. 
  • The attacker uses DNS poisoning  to redirect traffic from legitimate suites to a different or malicious site

Vishing Attack

In Vishing attack the attacker use telephone to perform a phishing attack.
  • The attacker impersonate a trusted source ( or attempt to impersonate a trusted source)
  • The false attack  may also arrive by SMS initially, asking the person to call a number to resolve the issue.

Whaling Attack

Whaling attack also a for of phishing attack, that targets to high-profile, well-known, and wealthy individuals.
  • The attacker used business email to other for transfer funds or do other things as per attacker instruction,

Smashing Attack

in Smashing attack the attacker send SMS to perform or click on specific link. The attacker give charm to victim like win  a thing.
  • Hackers purchase spoofed phone numbers and blast out messages containing malicious link.

Baiting Attack

Baiting is also a type social engineering attack.  The attacker lure victims into providing sensitive information by promising them something valuable in return.
  • Attacker create pop-ads that offer free games, music, or movie downloads. If you click on the link, your device will be infected with malware and steal you data.

Tailgating  Attack

In Tailgating attacks , the user giving unauthorized access to users (like a coworker or child) of company devices. They may put your device at risk and spread malicious code throughout the rest of company.

No comments:

Post a Comment

Building Own SIEM Environment using Opensource Tools (Part 4)

  Building Own SIEM Environment using Opensource Tools (Part 4) Wazuh Server As per last blog, we are going to install Wazuh server and Wazu...