Results 1 to 2 of 2

Thread: How to Prevent Social Engineering Attacks

  1. #1
    Join Date
    May 2008

    How to Prevent Social Engineering Attacks

    Social Engineering Attacks are faded concept yet not known by many. Some years ago phishing / spoofing was major issue on web. It was quiet complicated to control them. But today are we completely secure. Does Social Engineering have been depleted completely? The answer to some extent can yes and can be no. Because there are circumstances when security is compromised. Just recently we had heard a new about Yahoo password hack. Ignoring Yahoo, let’s discuss about something more series. About banking transaction. Today banking transaction is carried on web more frequently. This involves fund transfer, credit/debit card usage, online banking, etc. Somehow the bank assigns a powerful third party security service to initiate safe transfer. Consumers must not cheat on every term. But as technology expands, so the threats also. There can be chances that due to your ignorance you fell into trap. Bank clearly gives us guidelines what to follow when you are on web and making payment. Social Engineering attacks are bit different compared to hacks and virus. There are social practices which are carried on to fool users.

    The person who designs attacks looks for easy catch. The most simple’s type of attack is web phishing. Phishing consist of fake websites which ask you to enter your sensitive login credential. People unknown of fact, provide the information and end in trouble. At this point does the Bank is responsible. To some extent no. Because this attacks appear randomly. No one is notified. You might receive an email in your inbox saying that you fill important information urgently. When you click the link you visit a spoof site ignoring the URL and other important hint. You can easily detect them. Social Engineering attacks are carried on the basis of laundering fund or information. The motive is capture data or sensitive information over the web. It same like putting a hook inside water and waiting for fish to eat the worm. Phishing attacks were popular once. But they are not completely gone.

    There are chances that some of you are still receiving those spoof mails. In social engineering attack, the attacker designs a fake website exactly similar to the bank site or any other. It will also ask you information which the official bank will never ask. Like your account pin number. I had seen many incidents like this. Some year ago I had found a similar mail in my inbox which was having a unique URL. A regular URL goes with whiles that URL very long and filled with different characters. The site was exact as it was of my bank. The link after click took me to a web page which asks me to enter my ATM number and its password. A bank never ever asks such confidential information. This secret password is computer generated and sealed. The same is applicable for PIN. I contacted the bank and inform them about the site. Later after seeing into the matter it was found a spoof site and ample of people has already filled their information.

    So first thing do not click on any link that you find suspicious. If the link related to your bank check it properly verity it. You can call your bank and ask them about the email. Second do not give any information on web related to your secret login access. No service on web will tell you enter your account password. In case of Credit Card and Debit Card use the most secure payment gateway only. Social Engineering attacks can only be understood by senses for novice. Mostly social engineering attacks do not have any kind of virus or malware. They are plain website with forms or spoof pages. They are made to capture data mostly. These sites appear in your email in from of links or ecards or news, etc. The most common example is lottery mails. I had received on Gmail account this type of fake mails many times. They tell that you are the lucky one to win this amount and you need to deposit some money to claim the same.

    The mail will also provide you a link, in which you have to enter your details like Name, Address, Contact, Designation, etc. In this attackers capture a huge amount of data. Still today people are facing this issue to some extent. These attacks are designed just to take advantage of innocent end user. Scam is still common web, but most of them does not came in news. Social Engineering attacks are never taken seriously. Because they do not put any threat in your system. The only malware thing people had faced is due to Flash Update or Active X component missing errors. This is commonly notice when you try to run a video on a site. When you click on update flash at that point a malware is inserted in your system. This is one of the most common threats on web. Now before preventing the threats first it is important to understand how this threat actually works.

    Social Networking:

    This is yet a separate concept to discuss. We are more addictive to website like Twitter and Facebook. Social engineering scam is more possible on it. These attacks consist of distributing links of scams, surveys, etc. Let’s take example of Facebook. When you like an app, it asks you to post some content on your behalf. This is where you make mistake. Inshort you are giving the attacker an option to post on your behalf and he can manipulate the same. The only good only thing good on social networking platform is there is no monetary action. Some are done in games, but they are risky too on one side. Users are normally never responsible for such kind of attacks. It happens because of ignorance. The attackers try to find the best way they can scam people. One thing that I had faced recently was the messenger hack. I was chatting with my friends and they were receiving certain links that I had never sent. So this type of vulnerabilities is common and cannot be ignored.

    Risk Involved in Social Engineering Attack :

    This attack is somewhat called as white color crime. Now you might be wondering what risk is involved in this attack. We can differentiate the risk on two things. First end users where a individual uses a pc for personal usage and second at Enterprise level, where companies land on such stuff. A end user on one side uses this pc for many things. It can be a laptop or desktop. Assume that the dns server is being manifested with attack. The number of users who are accessing web pages through particular dns, will receive the spoof site. This spoof site which encourage to fill up forms, make payment, etc stuff. I had seen many people who first stay that they receive a lottery email and then make a small payment to claim the price. But nothing is received buy them. It is not necessary that you only get alert by facing a issue. At Enterprise level this attack works in different manner. It is like a clean guy enters your system collect your official papers and went out easily. Stopped by no one. There are no virus threats involved here, because of which this type of website are not controlled by antivirus or security software’s. They are smartly designed and spoofed. Somewhat like fake apple stores in china. To control them antivirus like Norton comes with a web suite pack. This web suite pack scans a website and gives you information whether it is genuine or not. It simply blocks any other site if tries to access your system.

  2. #2
    Join Date
    May 2008

    Re: How to Prevent Social Engineering Attacks

    Some Prevention Tips: Here are some basic steps that can help you to understand the tips to avoid such attack.


    It is very important that you must keep an eye on such type of news. Because news guide you about the best prevention method for protecting yourself from this attack. People must be aware. If you are dealing with online transaction then to keep yourself secure you must read the new, blogs and important updates send by banks related to security. There are many websites on web which publish important articles on the same. Awareness helps you to understand the concept of threats. There were times when people do not know what a virus is. So some smart people try to take benefit of the same and chagrining people a good amount to remove the same. For example you might have seen boost your pc performance type add on some website or on your desktop screen. Do you think that really boost your system performance. No they are fake tools. Popularly called as rogue software.

    They will provide you a fake result showing that your system is quiet infected with lots of antivirus. And there will be a large button to fix it. After clicking on it, the tool will ask you to make payment to buy the pro version. This is how an entire scam is designed. I am sure there are hundreds of people who had bought that fake tool. It does nothing. Information related to social engineering attack on web is low, but there are prevention guidelines which can help you. Try not to run active x component update when you are certain free or x rated website. Do not allow any kind of toolbar download. Social engineering has taken a new look today. This is called as surveys. So be wise before adding any information in any website.

    Keeping an eye on Information you are providing:

    This is another best way to ensure that you are not scammed. Somehow if you landed on website which ask for confidential information read the columns properly what they are asking for. Let’s talk about banks here. When you make a payment through online banking system, the payment gateway is the one which initiate the process. You are first redirected to the bank site or the payment gateway to authenticate your login credential. Once it is authenticated you receive a mail or message about the transaction. There are rare incident, when information between this processes is leaked. But if you find it suspicions do not make payment. While making a payment, your banking information is asked by the banking site only. Not by the shopping website. I hope you can understand what I am trying to tell here. Do not provide information like your credit card pin number, account password, ssn, etc. One thing can make you more secure, is thinking from the attackers point of view. Which is the most important thing that an attacker will need. If you think like that you can easily differentiate between fake and authenticated websites.

    Points of Protection:

    Make a note and stick it somewhere you can see. At the time of transferring fund, or making banking transaction view the points one by one. These points are those which you usually see in this process. It begins with logging into site, providing the login access, etc. Keep a nice note or if possible to visual display. If the process goes step by step every time then you do not need to worry much. Also keep an eye on the site URL. Mostly it is not easy for attackers to redirect a user while making payment. They do that through phishing site. If you feel that there is something wrong, try to contact your bank and block all transactions instantly.

    Windows Update:

    Updates are very important. Many of us ignore that. But you did not know what fixes then carry. Updates come with security patches which fix software holes. Vulnerability can appear anytime without informing. And an end user is never expert to find that instantly. To protect the consumers, software companies send regular updates. This updates are one of the most important aspect in protection. Your browser gets regular updates, your windows application receive updates, etc. You must not avoid them. A good internet security pack on the same hand is far better. It helps you to stay alert and secure. Some antivirus comes with news facility which popup regular news based on any threat appeared on web. Update makes this attack more difficult. Because once the software companies came to know about any new threat, they make a patch to protect everyone. Avoid using pirated software. Use a proper license version so that you cannot fell in any trap. Pirated software comes with time bombs. There are malicious code inserted and on which ever machine it is used, those systems are more prone to attack.

Similar Threads

  1. Replies: 1
    Last Post: 03-06-2011, 12:40 AM
  2. Internet Explorer 9 blocks 99% of social engineering malware
    By Jhooda in forum Technology & Internet
    Replies: 3
    Last Post: 24-12-2010, 06:56 PM
  3. Replies: 7
    Last Post: 15-07-2010, 04:40 PM
  4. How to use router to prevent DoS attacks
    By Kallol in forum Networking & Security
    Replies: 5
    Last Post: 28-03-2010, 03:09 AM
  5. What is social engineering?
    By Enriqueta in forum Education Career and Job Discussions
    Replies: 5
    Last Post: 30-12-2009, 11:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts