Social Engineering Attacks are faded concept yet not known by many. Some years ago phishing / spoofing was major issue on web. It was quiet complicated to control them. But today are we completely secure. Does Social Engineering have been depleted completely? The answer to some extent can yes and can be no. Because there are circumstances when security is compromised. Just recently we had heard a new about Yahoo password hack. Ignoring Yahoo, let’s discuss about something more series. About banking transaction. Today banking transaction is carried on web more frequently. This involves fund transfer, credit/debit card usage, online banking, etc. Somehow the bank assigns a powerful third party security service to initiate safe transfer. Consumers must not cheat on every term. But as technology expands, so the threats also. There can be chances that due to your ignorance you fell into trap. Bank clearly gives us guidelines what to follow when you are on web and making payment. Social Engineering attacks are bit different compared to hacks and virus. There are social practices which are carried on to fool users.
The person who designs attacks looks for easy catch. The most simple’s type of attack is web phishing. Phishing consist of fake websites which ask you to enter your sensitive login credential. People unknown of fact, provide the information and end in trouble. At this point does the Bank is responsible. To some extent no. Because this attacks appear randomly. No one is notified. You might receive an email in your inbox saying that you fill important information urgently. When you click the link you visit a spoof site ignoring the URL and other important hint. You can easily detect them. Social Engineering attacks are carried on the basis of laundering fund or information. The motive is capture data or sensitive information over the web. It same like putting a hook inside water and waiting for fish to eat the worm. Phishing attacks were popular once. But they are not completely gone.
There are chances that some of you are still receiving those spoof mails. In social engineering attack, the attacker designs a fake website exactly similar to the bank site or any other. It will also ask you information which the official bank will never ask. Like your account pin number. I had seen many incidents like this. Some year ago I had found a similar mail in my inbox which was having a unique URL. A regular URL goes with --www.somenameofbank.com-- whiles that URL very long and filled with different characters. The site was exact as it was of my bank. The link after click took me to a web page which asks me to enter my ATM number and its password. A bank never ever asks such confidential information. This secret password is computer generated and sealed. The same is applicable for PIN. I contacted the bank and inform them about the site. Later after seeing into the matter it was found a spoof site and ample of people has already filled their information.
So first thing do not click on any link that you find suspicious. If the link related to your bank check it properly verity it. You can call your bank and ask them about the email. Second do not give any information on web related to your secret login access. No service on web will tell you enter your account password. In case of Credit Card and Debit Card use the most secure payment gateway only. Social Engineering attacks can only be understood by senses for novice. Mostly social engineering attacks do not have any kind of virus or malware. They are plain website with forms or spoof pages. They are made to capture data mostly. These sites appear in your email in from of links or ecards or news, etc. The most common example is lottery mails. I had received on Gmail account this type of fake mails many times. They tell that you are the lucky one to win this amount and you need to deposit some money to claim the same.
The mail will also provide you a link, in which you have to enter your details like Name, Address, Contact, Designation, etc. In this attackers capture a huge amount of data. Still today people are facing this issue to some extent. These attacks are designed just to take advantage of innocent end user. Scam is still common web, but most of them does not came in news. Social Engineering attacks are never taken seriously. Because they do not put any threat in your system. The only malware thing people had faced is due to Flash Update or Active X component missing errors. This is commonly notice when you try to run a video on a site. When you click on update flash at that point a malware is inserted in your system. This is one of the most common threats on web. Now before preventing the threats first it is important to understand how this threat actually works.
This is yet a separate concept to discuss. We are more addictive to website like Twitter and Facebook. Social engineering scam is more possible on it. These attacks consist of distributing links of scams, surveys, etc. Let’s take example of Facebook. When you like an app, it asks you to post some content on your behalf. This is where you make mistake. Inshort you are giving the attacker an option to post on your behalf and he can manipulate the same. The only good only thing good on social networking platform is there is no monetary action. Some are done in games, but they are risky too on one side. Users are normally never responsible for such kind of attacks. It happens because of ignorance. The attackers try to find the best way they can scam people. One thing that I had faced recently was the messenger hack. I was chatting with my friends and they were receiving certain links that I had never sent. So this type of vulnerabilities is common and cannot be ignored.
Risk Involved in Social Engineering Attack :
This attack is somewhat called as white color crime. Now you might be wondering what risk is involved in this attack. We can differentiate the risk on two things. First end users where a individual uses a pc for personal usage and second at Enterprise level, where companies land on such stuff. A end user on one side uses this pc for many things. It can be a laptop or desktop. Assume that the dns server is being manifested with attack. The number of users who are accessing web pages through particular dns, will receive the spoof site. This spoof site which encourage to fill up forms, make payment, etc stuff. I had seen many people who first stay that they receive a lottery email and then make a small payment to claim the price. But nothing is received buy them. It is not necessary that you only get alert by facing a issue. At Enterprise level this attack works in different manner. It is like a clean guy enters your system collect your official papers and went out easily. Stopped by no one. There are no virus threats involved here, because of which this type of website are not controlled by antivirus or security software’s. They are smartly designed and spoofed. Somewhat like fake apple stores in china. To control them antivirus like Norton comes with a web suite pack. This web suite pack scans a website and gives you information whether it is genuine or not. It simply blocks any other site if tries to access your system.