Different Types Of Attacks On Computer Through Internet

Social Engineering:

Reading the term engineering ,what comes in one’s mind is construction of buildings, machines moving, wires carrying high voltage currents, But the term behind “ENGINEERING in first line changes its meanings completely. Social Engineering In the field of IT has entirely shocking and different meanings. It means to manipulate, temper someone’s thoughts psychologically and use the victim’s own knowledge of his private, personal and semi-confidential things to be released to attacker or the one who is manipulating him by using Social Engineering. It’s a kind of friendly trick to gather victim’s information, even not letting him or her know what attackers’ intention are and what information has been compromised. In layman terms we can say that it’s a kind of hypnotism.

Just understand it with a simple example, Consider a bank office, on the reception there is a number written saying “If you have login problems Contact This Number”. Now a costumer comes and note down this number. Suppose this costumer have login problem ,Now he call this phone number and asks the operator (a badperson) that he/she is not able to login in due to any problem, Now the operator asks him to tell me your user name and password , so now the attacker have costumer’s password. So the method to access to costumer password in this case was social engineering.

Phishing:

Phishing is kind of social engineering primarily focused to get user login details, credit card information etc. It works by sending spam or fakes emails to uses, prompting them to login to any malicious website, which is designed to pretend like any popular website, user thinks that is a genuine website and logs into it, which results in loss of his login details to hackers.

For example you receive an email asking you to verify you email address for Facebook, so when you will open the link on email and login into that fake website which also resembles Facebook real login page ,then you have lost your login details.

Baiting:

Baiting is the use of greedy nature of humans: P. Yes you have read it right. Baiting is offering something as prize or gift in exchange of user login details, or any other credentials. It works by sending emails, or offering prize on any website, any new movies to download, or even a USB placed on road so that someone picks it up and insert it into their PC which starts the send data to attacker by any malware. So it directly works on user either by using their greed or by building trust then deceiving them.

Piggybacking:

Piggybacking is technique which is mostly used in practical life, where a person enter one’s confidential or important premises where he can do anything harming. Basically this technique can be understood by an example, that you call electrician to in your company’s server room. Electrician comes verifies his card to you, and you allows him, as the electrician enters a man with evil intent enter in the premises too, pretending electrician to you and your employee to that electrician, in this way he is now able to enter in premises. Usually this is not possible in large companies where everyone has to verify their identity before entering in , by swiping their card or any other method.

How to prevent against:

1. Don’t trust emails until you are sure.
2. Look at URL before you enter your passwords or credentials.
3. Don’t enter your credentials on tiny URLs.
4. Don’t believe on Prize or Gift emails.
5. USE 2-factor authentication in order to make it more difficult for hackers to enter your organization.
6. When clicking on links sent via email or on websites, always keep a watch out for uninitiated or automatic downloads. It could be a malware piggybacking on to your system. All such activity should be reported IMMEDIATELY to your security manager.