product iamge

Social Engineering Attack: Rethinking Responsibilities and Solutions

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

"The social engineering attack is presented in the first chapter of the book. It covers the definition, background, motives, and outcome of the social engineering attack. The life cycle of a social engineering attack is covered in the second chapter of the book. Attack formulation, information collecting, preparation, cultivating relationships, exploitation, and debriefing are the six phrases used by social engineering attackers throughout the life cycle. The basic concepts of social engineering attacks are covered in the third chapter of the book. The six principles of social engineering include scarcity, commitment, authority, social proof, reciprocity, social proof, and social proof. Various forms of social engineering attacks are discussed in the fourth chapter of the book. The physical method, social approach, reverse social engineering approach, technical approach, and socio-technical approach are the five main forms of social engineering attacks. Identity theft is discussed in five of the book's chapters. The purpose of the information that attackers stole from users is explained in this chapter. Social engineering tools are covered in the book's six chapters. Organizations deploy a variety of toolkits to informally teach their staff members and identify organizational weaknesses. The seven chapter of the book covers the countermeasures for social engineering attacks. There are three ways to counter the social engineering attack includes policy and procedures, education, and technical. The eighth chapter of the book covers the laws that are related to social engineering attacks. Many governments proposed many laws which directly or indirectly related to social engineering attacks. The future of social engineering attacks is covered in the ninth chapter of the book. Some of the technology that will be utilized in the future for social engineering purposes is covered in this chapter"--

Author(s): Gunikhan Sonowal
Series: Cybercrime and Cybersecurity Research
Publisher: Nova Science Publishers
Year: 2023

Language: English
Pages: 282
City: New York

Contents
List of Figures
List of Tables
Preface
Acknowledgments
Chapter 1
An Overview of Social Engineering Attacks
1.1. History
1.1.1. 1800 - 1900
1.1.2. 1900 - 2000
1.1.3. 2000 - Present
1.2. Defining the Term, “Social Engineering Attack”
1.3. Types of Attackers
1.3.1. Internal Attackers
1.3.2. External Attackers
1.4. Why Social Engineering Might Be Used by Attackers
1.4.1. Humans Are the Weakest Link in the Security Chain
1.4.2. Social Engineering Is the Path of Least Resistance
1.4.3. Social Engineering Methods Can Be Used to Spread Malicious Software
1.4.3.1. Viruses
1.4.3.2. Ransomware
1.4.3.3. Worms
1.4.3.4. Trojan Horse
1.4.3.5. Fileless
1.4.3.6. Spyware
1.4.3.7. Adware
1.4.3.8. Keyloggers
1.4.3.9. Rootkits
1.4.4. Victims Might Not Have the Right Safeguards to Spot a Social Engineering Scam
1.5. Attackers’ Motivations or Goals
1.5.1. Financial Motivation
1.5.2. Emotional Motivation
1.5.3. Commercial Motivation
1.5.4. Ideological Motivation
1.5.5. Recognition and Achievement
1.5.5.1. Kevin David Mitnick
1.5.5.2. Frank William Abagnale Jr.
1.5.5.3. Susan Headley
1.6. Impact of Social Engineering Attacks
1.6.1. Financial Losses
1.6.2. Loss of Productivity
1.6.3. The Cost of Recovering after a Social Engineering Attack
1.6.4. Cyberattacks Cause Business Disruptions
1.6.5. Social Engineering Hacks Damage Reputations
Summary
Chapter 2
A Social Engineering Life Cycle Model
2.1. Mitnick’s Life Cycle
2.2. Attack Formulation
2.2.1. Ordinary People or Persons
2.2.1.1. Senior Citizens
2.2.1.2. Students
2.2.1.3. Others
2.2.2. Employees or Staff
2.2.2.1. Entry-Level Employees
2.2.2.2. Intermediate Employees
2.2.2.3. Mid-Level Employees
2.2.3. Senior or Executive-Level
2.3. Information Gathering
2.3.1. Collecting Publicly Available Information
2.3.2. Authentication Credentials
2.3.2.1. Username and Password-Based Information
2.3.2.2. Certificate-Based Authentication
2.3.3. Confidential Information
2.3.3.1. Employee Information
2.3.3.2. Client Information
2.3.3.3. Business Information
2.3.4. Hardware Information
2.3.5. Network Information
2.4. Preparation of Attack
2.5. Developing Relations
2.5.1. Emails
2.5.2. Short Message Service
2.5.3. Telephone Calls
2.5.4. Social Networking Sites
2.5.5. Instant Messaging (IM)
2.5.6. Blogs
2.5.7. Forums
2.6. Exploitation
2.7. Debriefing
Summary
Chapter 3
Principles of Social Engineering
3.1. Reciprocity: Give a Little Something in Exchange for Something in Return
3.1.1. Types of Reciprocity
3.1.1.1. Generalized Reciprocity
3.1.1.2. Balanced Reciprocity
3.1.1.3. Negative Reciprocity
3.1.2. Influence of Reciprocity on People
3.1.3. Attackers Frequently Adopt the Method of Reciprocity
3.2. Commitment and Consistency: People Want Their Actions to Be Consistent with Their Values
3.2.1. Commitment Used in Social Engineering Attacks
3.3. Social Proof: The Sensation of Being Validated by Other People’s Experiences
3.3.1. Fear of Missing Out (FOMO)
3.3.2. Various Forms of Social Proof Have an Impact on People
3.3.3. An Example of Social Proof
3.3.4. Social Proof in Social Engineering Attacks
3.4. Authority: People Will Abide by the Rules
3.4.1. Types of Authority
3.4.1.1. Legal Authority
3.4.1.2. Expert Authority
3.4.1.3. Reverent Authority
3.4.1.4. Reward Authority
3.4.1.5. Punitive Authority
3.4.2. Authority Used in Social Engineering Attacks
3.5. Liking: People Are More Likely to Comply When Requests Are Made by Someone They Like
3.5.1. Liking Elements
3.5.2. The Liking Principle in Social Engineering Attacks
3.6. Scarcity: Victims Tend to Want Things More When They Think There Is a Shortage of Them
3.6.1. Strategies for the Scarcity Principle
3.6.1.1. The Product Is Almost Sold Out
3.6.1.2. Early Bird Discounts
3.6.1.3. Limited Time Bonus Items
3.6.1.4. Items That Are Limited Edition
3.6.1.5. Platform-Exclusive Deals
3.6.1.6. Seasonal Products
3.6.1.7. Popular or High-Demand Products
3.6.2. Scarcity in Social Engineering Attacks
3.7. People Are Influenced by Other Persuasive Factors
3.7.1. Greed
3.7.2. Curiosity
3.7.3. Urgency
3.7.4. Helpfulness
3.7.5. Fear
3.7.6. Sympathy/Empathy
3.7.7. Repetition
Summary
Chapter 4
Types of Social Engineering Attacks
4.1. Physical Approaches
4.1.1. Dumpster Diving
4.1.2. Shoulder Surfing
4.1.3. Eavesdropping
4.1.3.1. Direct Listening
4.1.3.2. Data Sniffing
4.1.3.3. Voice-Over-IP Calls
4.1.4. Physical Access Control System
4.1.4.1. Tailgating Attacks
4.1.4.2. The Difference between Piggybacking and Tailgating
4.1.4.3. Methods Used in Tailgating or Piggybacking Attacks
4.1.4.3. Access Card System
4.1.4.4. Biometric System
4.2. Social Approaches
4.2.1. Impersonation
4.2.2. Foot-In-The-Door (FITD)
4.2.3. Persuasion
4.2.4. Pretexting
4.2.5. Quid Pro Quo
4.3. Reverse Social Engineering (RSE)
4.3.1. RSE Based on Recommendations
4.3.2. RSE Based on Demographics
4.3.3. RSE Based on Visitor Tracking
4.3.3.1. Social Media Sites
4.3.4. Traditional Social Engineering vs. Reverse Social Engineering
4.4. Technical Approaches
4.4.1. Search Engine Tools
4.4.2. Social Engineering Toolkits
4.4.3. Third Party Applications
4.4.4. Watering Hole Attacks
4.4.5. Likejacking
4.4.6. Tabnabbing
4.4.6.1. Man-In-The-Middle Attacks (MITM)
4.4.6.2. Code and SQL Injection Attacks
4.5. Socio-Technical Approaches
4.5.1. Phishing Email
4.5.2. Spear Phishing
4.5.2.1. Whaling
4.5.2.2. Business Email Compromise
4.5.2.3. CEO Fraud
4.5.2.4. Double Barrel Phishing
4.5.3. Angler Phishing
4.5.4. Vishing
4.5.5. Smishing
4.5.6. Imishing Attack
4.5.7. Evil Twin Phishing
Summary
Chapter 5
Identity Theft: Exploit the User’s Information
5.1. Financial Identity Theft
5.1.1. Banking Identity Theft
5.1.2. Credit and Debit Card Scams
5.1.3. Fraudulent Loans
5.1.4. Investment Fraud
5.2. Tax Identity Theft
5.2.1. Consequences
5.3. Medical Identity Theft
5.3.1. Financial Medical Identity Theft
5.3.2. Criminal Medical Identity Theft
5.3.3. Government Benefits Fraud
5.3.4. Obtaining Medical Equipment
5.3.5. Impersonating a Health Care Professional
5.4. Child Identity Theft
5.4.1. Children Are Easy Targets for Identity Thieves
5.4.2. Relatives Are Usually the Attackers
5.4.3. The Duration of Child Identity Theft Is Longer Than That of Other Varieties
5.4.4. Foster Children May Be Particularly at Risk
5.5. Criminal Identity Theft
5.5.1. Consequences of Criminal Identity Theft
5.6. Synthetic Identity Theft
5.6.1. Manipulated Synthetics
5.6.2. Manufactured Synthetics
5.7. Mail Identity Theft
5.7.1. Mail Identity Theft Approaches
5.8. Real Estate Identity Theft
5.8.1. Title Deception
5.8.2. Pressure to Act Immediately
5.8.3. Selling the Same Unit to Multiple Buyers
5.8.4. Encroachments
5.9. Driver’s License Identity Theft
5.10. Senior Identity Theft
5.11. Employment Identity Theft
5.11.1. Limited-Term Offers
5.11.2. Inaccurate Credentials
5.11.3. Co-Workers
5.12. Online Shopping Identity Theft
Summary
Chapter 6
Tools for Social Engineering Attacks
6.1. Social-Engineer Toolkit (SET)
6.1.1. Features of the Social-Engineer Toolkit
6.1.2. The Social-Engineer Toolkit’s Configuration
6.1.3. Launch the Setoolkit
6.2. Maltego
6.2.1. Installation
6.2.2. Launch Maltego
6.2.3. Creating Graphs in Maltego
6.2.4. Maltego for Attackers
6.3. Nmap
6.3.1. Nmap Vulners
6.3.2. Nmap Vuln
6.3.3. Nmap Vulscan
6.4. Metasploit
6.4.1. Download Metasploit Installer
6.4.2. Launch the Metasploit
Summary
Chapter 7
Defending against Social Engineering Attacks
7.1. Policy and Procedures
7.1.1. Email Usage Policy
7.1.1.1. Inappropriate Use of Company Email
7.1.1.2. Appropriate Use of Corporate Email
7.1.1.3. Personal Use
7.1.1.4. Suggestions on Email Security
7.1.1.5. Email Signature
7.1.1.6. Disciplinary Action
7.1.2. Internet Usages Policy
7.1.2.1. Inappropriate Internet Usage by Employees
7.1.2.2. Internet Usage by Employees in a Responsible Manner
7.1.2.3. Disciplinary Action
7.1.3. Software Usage Policy
7.1.3.1. Proper Usage of the Software by Employees
7.1.3.2. Improper Use of the Software by Employees
7.1.4. Hardware Policy
7.1.4.1. Proper Use of the Hardware by Employees
7.1.4.2. Improper Use of the Hardware by Employees
7.1.5. Physical Access Policy
7.1.5.1. Access Cards or Key Access
7.1.5.2. Housekeeping/Cleaning Staff
7.1.5.3. Policy for Delivery Person
7.1.5.4. Disciplinary Actions
7.2. Educating Employees About Social Engineering Attacks
7.2.1. Awareness Materials
7.2.1.1. Posters
7.2.1.2. Pamphlets
7.2.1.3. Printed Newspapers
7.2.1.4. Magazines
7.2.2. Electronic Distribution of Materials
7.2.2.1. Blogs
7.2.2.2. Distribution of Awareness Materials via Social media
7.2.2.3. Learning Management System (LMS)
7.2.3. Video-Based Training
7.2.3.1. Instructor-Led Videos for Training
7.2.3.2. Animated Videos for Training
7.2.3.3. Movies for Trainers
7.2.4. Interaction-Based Training Method
7.2.4.1. Lectures
7.2.4.2. Virtual Classrooms
7.2.4.3. Slides
7.2.5. Developing of Security Awareness Program
7.3. Technical Measures
7.3.1. Phone Call Detection Model
7.3.2. Prevent Social Engineering Attacks Using a Whitelist
7.3.3. Prevent Social Engineering Attacks Using a Blacklist
7.3.3.1. Greylisting
7.3.4. Detect Social Engineering Attacks Using the Heuristic Method
7.3.5. Honeypot
7.3.6. Important Information on Social Engineering Attacks
Summary
Chapter 8
Laws Governing Social Engineering Attacks
8.1. Copyright Act
8.1.1. Online Contents
8.1.2. Trademark
8.1.3. Cybersquatting
8.1.4. Software Piracy
8.1.5. Linking
8.1.6. Abuse of Law
8.2. Telephone Records and Privacy Protection Act of 2006
8.3. Fraud Act
8.3.1. Computer Fraud and Abuse Act of 1986 (CFAA)
8.3.2. Fraud Act of 2006
8.3.3. The Indian Penal Code
8.4. Spam Act
8.4.1. CAN-SPAM Act of 2003
8.4.2. Spam Act of 2003
8.4.3. Privacy and Electronic Communications (EC Directive) Regulations of 2003
8.4.3.1. Section 66A in the Information Technology Act of 2000
8.5. Data Protection Act
8.5.1. General Data Protection Regulation (GDPR)
8.5.2. Data Protection Act of 1998
8.5.3. Protection of Personal Information (APPI)
8.5.4. Personal Information Protection Law of the People’s Republic of China
8.5.5. Personal Information Protection and Electronic Documents Act
8.5.6. Section 66B in the Information Technology Act of 2000
8.6. Health Insurance Portability and Accountability Act
8.7. Phishing Law
8.7.1. Anti-Phishing Act of 2005
8.7.2. Section 66C in the Information Technology Act of 2000
8.7.3. Section 66D in The Information Technology Act of 2000
8.7.4. Section 71 in the Information Technology Act of 2000
Summary
Chapter 9
The Future of Social Engineering Attacks
9.1. Deepfake
9.2. Social Engineering as a Service
9.3. Virtual Customer Assistant (VCA) or Chatbot
9.4. Web3 and the Metaverse
9.5. Faster Password Guessing
9.6. Communication Channels
9.7. Future of the Malicious Software
Summary
References
Index
Author’s Contact Information
Blank Page