Skip to main content

Advanced Social Engineering: No tech hacking changed to tech

In this growing digitalization world, there is a requirement for information safety.  Moreover, IT organizations must take care of their information at most priority. In most of the places, how much secure the organization may be, how modern their products are, there is always a weak point in each area known as ‘Humans’. The ability to get sensitive information from a person is called social engineering.

Social Engineering surpasses a variation security risk as it has shown to be one of the most straightforward most economical, enthusiastic and significantly productive ways for attackers to achieve their completions. While thinking about security, clients are accepted to be the most vulnerable connection. In any case, numerous associations permit clients to have more than the needed advantages to play out their positions. Overcoming all the traditional social engineering attacks like eves dropping, dumpster diving has evolved into new advancements. As prominently known, a fake website is created with the same content with a different URL/IP address is the traditional phishing attack. Whereas now in the official website with the original URL/Ip address this phishing is made possible and by this people with some knowledge in tech and security are also tricked and are becoming victims to such attacks nowadays. It is possible by a vulnerability in the website of the official organization, a simple reflected cross-site scripting (XSS) can cause this. As XSS is a vulnerability that allows an attacker to inject malicious script into the webpage. Using this attacker will inject a malicious login page and details or the credentials entered in that attacker's injected login page will be sent to a malicious server and the attacker can get victim credentials and misuse them. Here attackers are escalating a simple reflected XSS vulnerability into a social engineering attack medium. To understand the severity of this advanced social engineering attack let’s assume an XYX bank is having XSS vulnerability.

Now attackers will use this vulnerability and inject a malicious login page and send the official URL to a victim via email and as it’s the official website there is more tendency for anyone to open the link directly, but now what they don’t know is, in that official web site the malicious code runs when they open the URL and a malicious login page shows up and the victim will enter his credentials and then the attacker at the other end will immediately log in with that credential and then an OTP (One time password) will be sent to the victim’s phone but here the attacker is the one who logged in and the victim enters the OTP in that malicious login page, attacker at the other end types that OTP and get complete access to the victim's bank account.

To overcome such advancements in attacks and need to safeguard ourselves by firstly just typing the complete URL manually rather than directly clicking on the URL or not using the drop-down suggestions. Secondly, try to enter any random or incorrect username and passwords in any login page you came across if it’s a fake one it shows nothing or accepts whatever you give. Else give the correct username and wrong password if it’s an authorized login page it must throw an error saying the user does not exist/ incorrect password but if it’s a fake one then it accepts the correct username and wrong password. So, by using these measurements we can fight against these advanced social engineering attacks and not be a cybercrime victim in this digital world.


References:

1) "Social Engineering Penetration Testing", Volume 9, Issue VI, International Journal for Research in Applied Science and Engineering Technology (IJRASET) Page No: 821-826, ISSN : 2321-9653, www.ijraset.com 

2) “Hacking  the  human  operating  system:  The  role  of  social  engineering  within cybersecurity”, Technical the report, Intel Security, 2015.


By: Vamshi Krishna Motru

(Pursuing BE, Chaitanya Bharti Institute)


To keep yourself updated, please "SUBSCRIBE" us!!

To stay connected, please visit: https://www.worldcybersecurities.com/ 



 

Comments

  1. Aarti R3:05 PM

    Social engineering is a serious threat in virtual communities which effectively attract information systems. Cyber hygiene, security awareness, antivirus and endpoint security tools can help preempt and prevent Social engineering.

    ReplyDelete

Post a Comment

Popular posts from this blog

UNESCO Guidelines on Generative AI in Schools

The advent of artificial intelligence has assumed prominence amongst all industries and various facets of people's personal lives. The integration of AI in education has been inevitable, given the significance and role of information, knowledge production and administration in the sector. This is especially so as its capabilities entail replicating higher-order thinking. Besides assisting in the education process, it also brings the element of real-life relevance, allowing education to be imparted against the backdrop of the evolving world due to the same AI. It tends to have implications on the subject matter that needs to be imparted, which tends to be something that constantly needs to answer the question of "Why and how is this particular subject matter relevant for learning?".  This induces policy-makers and educational institutions to rethink what they need to impart as knowledge, the area of matter, and the manner of thinking to be emphasised. This is because educa
Post a Comment
Read more

Dark Web: Safe or unsafe? Truth Revealed!

  The dark web is the part of the internet that is not visible to search engines. With the advancement in technology, digitization has resulted in different types of attacks. We can talk to anyone as long as we have an internet connection. The main concern is with privacy and anonymity in mind.  A team of computer scientists and mathematicians working for one branch of the US navy which is known as the Naval Research laboratory (NRL), developed a new technology known as Onion Routing. It allows anonymous communication where the source and destination cannot be determined by the third party. A network using the Onion Routing technique is classified as Darknet. The NRL released the Onion Routing Technique and it became The Onion Router, also known as TOR. Advantages of Dark Web  Humans are allowed to hold privacy and express their views freely. Privacy is considered to be critical for honest persons through the different criminals and stalkers.  The growing tendency of employers to track
4 comments
Read more

Need for Anti-Spam Laws in India: Comparative Analysis

  Introduction Spam is unsolicited, usually commercial messages (such as e-mails, text messages, or internet postings) sent to a large number of recipients or posted in a large number of places. The spamming activity is usually considered to cause a lot of nuisance and mental annoyance. Spamming is carried out with the help of an electronic mechanism to send unsolicited messages and advertisements. It can also be termed “An unsolicited e-mail” from which the sender attempts to gain an advantage. "India is the seventh biggest spammer in the world 7.8 billion spam e-mails sent in past 24 hours". It’s high time that India has to come up with its legislation to curb the activity.  The author will also argue the need for anti-spam legislation in India with a comparative analysis of various other jurisdictions. Why is it a concern? The term spam emerged due to the spread of unsolicited commercial messages in the internet space. The main challenge is that it has varied charact
1 comment
Read more