OB 2.2 SOCIAL ENGINEERING

Social Engineering

range of malicious activities

accomplished through human

interactions.

It involves tricking people into breaking

normal security procedures and best

practices to gain unauthorized access to

systems, networks, or physical locations,

or for financial gain.

Phishing attacks typically have one or more

of the following objectives:

Credential Theft

◦ Financial Fraud

◦ Malware Distribution

◦ Identity Theft

Here are several steps and measures that are

typically taken:

◦ User Education

◦ Email Filtering

◦ Two-Factor Authentication (2FA)

◦ Incident Response

Vishing

phone calls to

impersonate trusted entities or organizations

with the primary goal of manipulating

individuals into disclosing sensitive

information or taking actions that

compromise security.

Voice Communication:

◦ Unlike traditional phishing, vishing relies on

spoken communication through phone calls.

Vishing:

Key Characteristics

Urgent or Coercive Language: Vishing calls

often employ urgency, fear, or intimidation to

manipulate victims into immediate

compliance.

◦ Spoofed Caller IDs: Attackers may manipulate

caller IDs to display legitimate-sounding

numbers or organizations, increasing their

credibility.

◦ Requests for Sensitive Information: Vishing

calls frequently involve requests for personal

identification numbers (PINs), passwords,

credit card details, or other sensitive data

Vishing: Mitigation

Education and Awareness: Train individuals

to be cautious of unsolicited phone calls,

recognize vishing attempts, and refrain from

sharing sensitive information over the

phone.

◦ Verification: Encourage recipients of phone

calls to independently verify the caller's

identity by calling back on a known and

trusted phone number or contact the

organization through official channels.

◦ Use of Authentication: Implement multifactor

authentication (MFA) or PIN-based

authentication for sensitive transactions over

the phone, adding an extra layer of security

Smishing

SMS phishing," is a

cyberattack technique where malicious

actors use text messages to impersonate

trusted entities or organizations with the

primary goal of manipulating individuals into

disclosing sensitive information or taking

actions that compromise security.

Smishing:

Key Characteristics

◦ Deceptive Messages: Smishing messages are

designed to appear as if they are from

legitimate sources, and often contain urgent

or enticing content to elicit a quick response

from the recipient.

◦ Requests for Information: Smishing messages

typically request sensitive information, such

as personal identification numbers (PINs),

passwords, credit card details, or other

confidential data.

◦ Spoofed Sender Information: Attackers can

manipulate the sender information to make

it appear as if the message is coming from a

trusted source, increasing the likelihood that

recipients will fall for the scam.

Smishing: Mitigation

Education and Awareness: Training

individuals to be cautious of unsolicited text

messages, recognize smishing attempts, and

avoid clicking on links or sharing sensitive

information in response to such messages is

a crucial defense.

◦ Verification: Encourage recipients of

suspicious text messages to independently

verify the sender's identity by contacting the

organization or individual through official

channels, such as a known and trusted

phone number or website.

◦ Use of Security Software: Employ mobile

security apps that can detect and block

smishing messages. These apps often include

features like message filtering and link

scanning to protect users from malicious

content.

Spear Phishing

targeted form of phishing where the

attacker customizes their attack emails,

messages, or communications to appeal

to specific victims.

Unlike general phishing attacks, spear

phishing is tailored to particular

individuals, often using personal or

organizational information to appear

more legitimate.

Misinformation

dissemination

of false or inaccurate information, often

unintentionally, without malicious intent.

disinformation

deliberate spreading of false or

misleading information with the intent to

deceive, manipulate, or harm.

Misinformation:

Key Characteristics

Accidental: Misinformation typically occurs

inadvertently and may result from errors,

misunderstandings, or misinformation

campaigns.

◦ Non-Malicious: Individuals or entities

spreading misinformation are usually not

acting with harmful intent.

◦ Unintentional Consequences: While not

deliberate, misinformation can still lead to

security vulnerabilities if false information is

acted upon, potentially causing data breaches

or system compromises.

Disinformation:

Key Characteristics

Deliberate: Disinformation campaigns are

carried out with the intention to deceive or

manipulate, often for political, financial, or

competitive gains.

◦ Malicious Intent: Perpetrators of

disinformation seek to harm, sow discord, or

gain an unfair advantage by spreading false or

misleading information.

◦ Targeted and Coordinated: Disinformation

campaigns are often well-planned, involving

multiple actors and strategies to amplify the

false information's impact.

Misinformation and

Disinformation:

Mitigation

Media Literacy and Education: Promote

media literacy among individuals and

organizations to help them critically evaluate

information sources, identify false

information, and differentiate between

credible and unreliable content.

◦ Fact-Checking and Verification: Encourage

the use of fact-checking tools and services to

verify information before sharing or acting

upon it. This can help prevent the spread of

false information.

◦ Cyber Hygiene and Security Awareness:

Educate users about the potential

cybersecurity risks associated with

misinformation and disinformation, including

the importance of verifying the sources of

information and avoiding clicking on

suspicious links or downloading unverified

files.

Impersonation: Definition

legitimate user to access a system or

network.

This can be done through various means

such as stealing login credentials, using

spoofed email addresses, or mimicking voice

or biometric identifiers.

Impersonation:

Key Characteristics

Use of Stolen Credentials: Often involves the

use of credentials obtained through phishing

attacks, keyloggers, or social engineering.

◦ Deception and Manipulation: Attackers may

use social engineering tactics to trick

individuals into revealing sensitive

information or credentials.

◦ Targets a Range of Systems: Can be aimed at

any platform where user authentication is

required.

◦ Difficult to Detect: Since the attacker appears

as a legitimate user, it can be challenging to

detect such intrusions.

Impersonation:

Mitigation

Strong Authentication Measures:

Implementing multi-factor authentication

(MFA) which requires more than one method

of verification.

◦ Password Changes and Password

Complexity: Change passwords regularly and

use complex, hard-to-guess passwords.

◦ User Education and Awareness Training:

Training users to recognize phishing

attempts and other social engineering

tactics.

◦ Monitoring and Logging: Keeping detailed

logs and monitoring systems for unusual

access patterns or login attempts.

◦ Incident Response Planning: Having a clear

plan for responding to detected

impersonation attempts, including isolating

affected systems and changing

compromised credentials.

Business Email

Compromise: Definition

attacker gains access to a corporate

email account and impersonates the owner

to defraud the company, its employees,

customers, or partners.

Typically, the attacker requests transfers of

funds or sensitive data.

Business Email

Compromise:

Key Characteristics

Targeted Email Spoofing: The attacker often

spoofs or hijacks corporate email accounts to

appear legitimate.

◦ Sophisticated Social Engineering: These

attacks usually involve carefully crafted

phishing emails and advanced social

engineering tactics to manipulate employees.

◦ Financial Motive: BEC attacks are primarily

financially motivated, often leading to

unauthorized fund transfers.

◦ High Level of Customization: Emails are

usually highly customized and targeted, using

information specific to the business or

individual being targeted.

◦ Lack of Malware: Unlike other cyber attacks,

BEC often doesn't involve malware, making it

harder to detect with conventional security

tools.

Business Email

Compromise: Mitigation

Employee Education and Awareness: Regular

training for employees on recognizing

phishing attempts and suspicious email

content.

◦ Email Authentication Protocols:

Implementing email authentication methods

like SPF (Sender Policy Framework), DKIM

(DomainKeys Identified Mail), and DMARC

(Domain-based Message Authentication,

Reporting, and Conformance).

Pretexting: Definition

creating a fabricated story or

scenario (the pretext) to deceive a target

into divulging sensitive information. The

attacker often conducts extensive research

to make the story as convincing as possible.

Pretexting often involves the attacker

pretending to be someone they are not, like

a trusted authority figure, to gain the

victim's trust.

Pretexting:

Key Characteristics

Use of Elaborate False Scenarios: Attackers

create believable stories or pretexts to justify

their requests for information.

◦ Targeting Personal or Sensitive Information:

The information sought often includes

passwords, financial records, or personal

identification data.

◦ Manipulating Trust: Attackers often pose as

trusted individuals or authorities, such as

bank officials, police, or corporate IT staff.

◦ High Level of Customization: The scenarios

are usually tailored to the specific target to

increase their effectiveness

Pretexting

involves more interaction

between the attacker and the victim, with

the attacker playing a role that suits the

pretext.

Impersonation

directly assumes the identity

of another person, often using stolen

credentials or identities. It's less about

building a story and more about leveraging

the existing trust associated with the

assumed identity.

Pretexting: Mitigation

Employee Education and Training: Regular

training sessions for employees to recognize

and respond to pretexting attempts.

◦ Verification Procedures: Implementing strict

procedures for verifying the identity of

individuals requesting sensitive information.

◦ Limiting Information Disclosure: Educating

employees about the dangers of oversharing

information, especially in unsolicited calls or

emails.

◦ Incident Reporting Mechanisms: Establishing

clear protocols for reporting suspected

pretexting incidents.

Watering Hole: Definition

targeted cyber attack strategy where the

attacker seeks to compromise a specific

group of end users by infecting websites

they are known to frequently visit.

The goal is to infect a user's computer and

gain access to the network at the user's

place of employment.

Watering Hole:

Key Characteristics

Targeting Specific User Groups: The attacker

chooses websites that are popular among a

particular group, often related to their work,

interests, or geographical location.

◦ Exploiting Website Vulnerabilities: The

attacker infects these websites with malware,

often by exploiting security weaknesses.

Watering Hole: Mitigation

Regular Website Security Audits: For

organizations, ensuring that their own

websites do not become watering holes

through regular security audits.

◦ Employee Awareness and Training: Educating

employees about the risks of visiting

untrusted websites and the signs of a

potential compromise.

◦ Up-to-date Security Software: Ensuring all

systems and software are up-to-date with

the latest security patches and antivirus

definitions.

◦ Network Segmentation and Monitoring:

Implementing network segmentation to

limit the spread of an attack and continuous

monitoring for unusual network activities.

◦ Drive-by Downloads or Malicious Redirects:

attack is often executed through drive-by

downloads or redirecting users to a

malicious site, which then installs malware

on their device without their knowledge.

Brand Impersonation:

Definition

type of cyber attack where an

attacker mimics or impersonates the brand

identity of a reputable company to deceive

victims, usually for the purpose of stealing

sensitive information or spreading malware.

This can occur via emails, websites, social

media, or other digital platforms.

Brand Impersonation:

Key Characteristics

Use of Counterfeit Brand Elements: Attackers

often use logos, branding styles, and other

visual elements that closely resemble those

of a legitimate brand.

◦ Phishing Emails and Fake Websites: A

common tactic involves sending phishing

emails that appear to be from a trusted

brand or creating fake websites that mimic

real ones.

◦ Exploiting Trust in Established Brands: The

success of these attacks largely depends on

the victim's trust in the impersonated brand.

◦ Targets a Broad Audience: Unlike targeted

phishing attacks, brand impersonation can

target a large and diverse group of

individuals who trust or recognize the brand

Brand Impersonation:

Mitigation

Brand Monitoring: Regularly monitor the

internet for unauthorized uses of the

brand’s identity, including domain

registrations and social media accounts.

◦ Public Awareness and Education: Inform

customers and the public about how to

identify legitimate communications and

websites.

◦ Robust Internal Security Measures:

Implementing strong security protocols

within the organization to prevent data

breaches that could lend credibility to

impersonators.

◦ Incident Response Plan: Having a plan in

place to quickly respond to instances of

brand impersonation, including legal action if

necessary.

Typosquatting: Definition

form of cyber attack where attackers

register domain names that are misspellings

of popular websites or mimic well-known

domain names.

The aim is to deceive internet users who

make typographical errors when entering a

URL into their browser, leading them to a

malicious or deceptive website.

Typosquatting:

Key Characteristics

Similar or Misspelled Domain Names: The

core of typosquatting is the use of domain

names that are slight misspellings or

variations of legitimate domain names (e.g.,

'googgle.com' instead of 'google.com').

◦ Exploiting User Mistakes: The strategy relies

on users making common typing errors or

misremembering exact URLs.

◦ Variety of Malicious Intentions: These sites

may host malware, phishing scams, or may be

used to sell counterfeit goods or steal

personal information.

◦ Fake Websites or Redirects: Typosquatted

domains often host websites that mimic the

design of the intended site or redirect users

to other malicious sites.

Typosquatting: Mitigation

Awareness and Training: Educating

employees and users about the risks of

typosquatting and the importance of

carefully entering URLs.

◦ Use of Bookmarks for Important Sites:

Encouraging the use of bookmarks for

frequently visited and critical websites to

avoid typing URLs.

◦ Advanced Web Browsers and Security Tools:

Utilizing web browsers and security tools

that can detect and alert users about

suspicious websites.

◦ Defensive Domain Registration:

Organizations should consider registering

common misspellings of their own domain

names to prevent typosquatting.