CEH v5 Module 09 Social Engineering PDF
CEH v5 Module 09 Social Engineering PDF
CEH v5 Module 09 Social Engineering PDF
Version 5
Module IX
Social Engineering
Scenario
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Objective
This module will familiarize you with the following:
~
~
~
~
~
~
~
~
~
~
~
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Flow
Social Engineering
Phishing Attacks
Types of
Social Engineering
Identity Theft
Behaviors vulnerable
to attacks
Countermeasures
Online Scams
Countermeasures
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
There is No
Patch to Human
Stupidity
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Human Weakness
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Example:
There was a Rebecca at the bank and I am
going to call her to extract privileged
information.
I met Ms. Jessica, she was an easy target for
social engineering.
Do you have any Rebecca in your company?
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Office Workers
~
Despite having the best firewall, intrusiondetection and antivirus systems, technology
has to offer, you are still hit with security
breaches
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Computer-based
Social engineering carried out with the aid of
computers
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Eavesdropping
Unauthorized listening of conversations or
reading of messages
Interception of any form such as audio,
video or written
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Passwords
Hacker
Victim
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Dumpster Diving
Search for sensitive
information at target
companys
Trash-bins
Printer Trash bins
user desk for sticky
notes etc
Collect
Phone Bills
Contact Information
Financial Information
Operations related
information etc
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Case Study
Source
courtesy:
http://www.w
ashingtonpost.
com/wpdyn/content/a
rticle/2006/0
9/27/AR2006
092701304.ht
ml
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
In person
Survey a target company to collect information on
Current technologies
Contact information, and so on
Third-party Authorization
Refer to an important person in the organization and try to collect
data
Mr. George, our Finance Manager, asked that I pick up the audit
reports. Will you please provide them to me?
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Tailgating
An unauthorized person, wearing a fake ID badge, enters a secured
area by closely following an authorized person through a door
requiring key access
An authorized person may be unaware of having provided an
unauthorized person access to a secured area
Piggybacking
I forgot my ID badge at home. Please help me.
An authorized person provides access to an unauthorized person by
keeping the secured door open
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Pop-up Windows
Windows that suddenly pop up, while surfing the Internet and ask for
users information,to login or sign-in
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Spam email
Email sent to many recipients without prior permission intended for
commercial purposes
Irrelevant, unwanted and unsolicited email to collect financial
information, social security numbers, and network information
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Phishing
An illegitimate email falsely claiming to be from a legitimate site
attempts to acquire users personal or account information
Lures online users with statements such as
Verify your account
Update your information
Your account will be closed or suspended
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Insider Attack
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Disgruntled Employee
Most cases of insider abuse can be
traced to individuals who are
introverted, incapable of dealing
with stress or conflict, and
frustrated with their job, office
politics, no respect, no promotions
etc.
Disgruntled
Employee
Company
Secrets
Competitor
Company
Network
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Some recommendations:
Separation of duties
Rotation of duties
Least privilege
Controlled access
Logging and auditing
Legal Policies
Archive critical data
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Vendors of target
organization
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
An attacker may:
Show inability to give valid callback number
Make informal requests
Claim of authority
Show haste
Unusually compliment or praise
Show discomfort when questioned
Drop the name inadvertently
Threaten of dire consequences if information is not provided
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Shows all the attributes of each site such as host location, country,
longevity and popularity
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Netcraft Toolbar
Site Report
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Location
details
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Select Victim
Identify frustrated employees of target company
Develop relationship
Developing relationship with selected employees
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Trust
Human nature of trust is the basis of any social engineering
attack
Ignorance
Ignorance about social engineering and its effects among the
workforce makes the organization an easy target
Fear
Social engineers might threaten severe losses in case of noncompliance with their request
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Greed
Social engineers lure the targets to divulge
information by promising something for
nothing
Moral duty
Targets are asked for the help, and they
comply out of a sense of moral obligation
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Economic losses
Damage of goodwill
Loss of privacy
Dangers of terrorism
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Countermeasures
~
Training
An efficient training program should consist of all security
policies and methods to increase awareness on social
engineering
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Countermeasures (contd)
~
Password policies
Periodic password change
Avoiding guessable passwords
Account blocking after failed attempts
Length and complexity of passwords
Minimum number of characters, use of special characters and numbers etc.
e.g. ar1f23#$g
Secrecy of passwords
Do not reveal if asked, or write on anything to remember them
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Countermeasures (contd)
~
Operational guidelines
Ensure security of sensitive information
and authorized use of resources
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Countermeasures (contd)
~
Classification of Information
Categorize the information as top secret, proprietary, for internal use
only, for public use, and so on
Access privileges
Administrator, user and guest accounts with proper authorization
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Account setup
Password change policy
Help desk procedures
Access privileges
Violations
Employee identification
Privacy policy
Paper documents
Modems
Physical access restrictions
Virus control
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Summary
~
~
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Phishing Attacks
and
Identity Theft
Hacking News
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
What is Phishing?
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Phishing News
Source Courtesy: http://news.com.com/Yahoo+adds+phishing+shield/2100-1029_3-6108330.html?tag=nefd.top
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Phishing Report
Source: http://anti-phishing.org/
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Source: http://anti-phishing.org/
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Attacks
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Hidden Frames
~
The first frame contains the legitimate site URL information, while
the second frame, occupying 0% of the browser interface, has a
malicious code running
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
URL Obfuscation
~
Using Strings - Uses a credible sounding text string within the URL
Using @ sign - This kind of syntax is normally used for websites that require some
authentication. The left side of @ sign is ignored and the domain name or IP address
on the right side of the @ sign is treated as the legitimate domain (@ can be replaced
with %40 unicode)
Example:
http://XX.XX.78.45/ebay/account_update/now.asp
Example:
http://www.citybank.com/[email protected]/usb/process.asp
Status Bar Tricks- The URL is so long that it can not be completely displayed in the
status bar - Often combined with the @ so that the fraudulent URL is at the end and
not displayed
EC-Council
Example
http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495&userso
ption=
SecurityUpdate&[email protected]/verified_by_visa.ht
ml
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Examples:
http://www.ebay-support.com/verify
http://www.citybank-secure.com/login
http://www.suntrustbank.com
http://www.amex-corp.com
http://www.fedex-security.com
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
URLs are Encoded to disguise its true value using hex, dword, or
octal encoding
Example:
http://www.paypal.com@%32%32%30%2E%36%38%2E%32%31
%34%2E%32%31%33
which translates into 220.68.214.213
http://www.paypal.com%40570754567
which translates into 34.5.6.7
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Screenshot 1
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Screenshot 2
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Fake Toolbars
This is a fake toolbar
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
127.0.0.1 localhost
XX.XX.XX.XX Citibank.com
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
http://www.scandoo.com
~
EC-Council
Scandoo scans all search results to protect the user from visiting
websites that spread malicious viruses or spyware, and the viewing
of offensive content
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Identity Theft
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Identity Theft
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
STEP 1
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
STEP 2
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
STEP 3
Your replacement drivers license will be issued
to your new home address
~ Now you are ready to have some serious fun
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Comparison
~
Original
EC-Council
Identity Theft
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
STEP 4
~
Tell them you would like to apply for a new credit card
The bank will ask for your ID: Show them your drivers
license as ID
Lets go shopping
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
~ Present
your drivers
license as a form of ID
~ the
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Ahhh!!! Somebody
stole my identity!!
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
theft is a serious
problem
~
~ Securing
personal
information in the
workplace and at home,
and looking over credit
card reports are just a few
of the ways to minimize
the risk of identity theft
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
http://www.consumer.gov/idtheft/
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Nigerian Scam
~
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Countermeasures
~
Do not use the links in an email to get to any web page, if you
suspect the message might not be authentic
Call the company on the telephone, or log onto the website directly
by typing in the Web address into your browser
Avoid filling out forms in an email that asks for personal financial
information
Always ensure that you are using a secure website when submitting
credit card or other sensitive information via a web browser
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
EC-Council
Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited