Vishing, or voice phishing, continues to increase as an attack against users. Wh
ID: 3902279 • Letter: V
Question
Vishing, or voice phishing, continues to increase as an attack against users. What would you do to help prevent users from becoming victims? First, access the online SoundCloud repository by NumberCop that contains several different recordings of vishing attacks (soundcloud.com/numbercop). After listening to several of the recordings to understand 1. what attackers typically ask and how they craft their attacks, create guidelines for not falling prey to these attacks. What messages do the attackers commonly use? How do they trick users into entering their information? What social engineering effectiveness reasons do they use? Then write a series of steps that would help users resist these attacks. Write a one-page paper on your research
2. trust. Table 2-6 uses these principles in a scenario of an attacker pretending to be the chief executive officer (CEO) calling the organization's help desk to have a password reset. Create two additional scenarios, such as an attacker impersonating a help desk employee who wants access to an employee's protected information, and create a dialog example for each of the seven principles.
3. Today's Attacks and Defenses at the beginning of this chapter illustrated how a security researcher could manipulate a help desk support technician into compromising security. If you were to create your own social engineering attack, what would it be? Using your place of employment or school, first determine exactly what your goal would be in the attack, and then craft a detailed description of how you would carry out the attack using only social engineering to achieve your goal. You might want to search the Internet for examples of previously successful attacks that used social engineering. Why do you think your attack would be successful? Who would be involved? What would be the problems in achieving your goal? Why? Write a one-page paper on your research.
4. Google dorking, or using advanced Google search techniques to find sensitive information, has been likened to "online dumpster diving." Use the Internet to research Google dorking. First, use the Internet to determine how the following advanced Google search engine operators are used: allintext, allintitle, allinurl, cache, filetype, inanchor, intest, intitle, link, site, +, |, and *. Then, use at least five of the operators to create potential Google dorking searches. Finally, try out your searches to see if they are effective. How easy is it for a threat actor to use Google dorking? How can users and organizations combat this? List your Google dorking searches, the results, and the defenses that should be used against it. Write a one-page paper on your activity.
5. Use the Internet to research some of the recent different crypto-malware ransomware attacks. What do they do? Why are they so successful? How are they being spread? What can users do to protect themselves? Write a one-page summary of your research.
6. Detecting phishing emails can often be difficult. Point your web browser to the following three online phishing tests: www.sonicwall.com/phishing/,www.opendns.com/phishing-quiz/, and www.komando.com/tips/361345/can-you-spot-a-fake-email-take-our-phishing-iq-test (or search the Internet for others). What did you learn from these tests? Were they helpful? What do you think general users would think about these tests? Write a one-paragraph summary on what you learned about phishing from these tests.
7. Lake Point Consulting Services (LPCS) provides security consulting and assurance services to over 500 clients across a wide range of enterprises in more than 20 states. A new initiative at LPCS is for each of its seven regional offices to provide internships to students who are in their final year of the information security degree program at the local college.
Manna is a regional bakery and café. Although Manna has used an outside security consultant to help their small IT team with security they nevertheless have been the victims of several attacks over the last two quarters. Manna decided not to renew the consultant's contract and has now turned to LPCS for assistance. While LPCS is performing an audit and evaluating the enterprise's current security position, LPCS has asked you to conduct a presentation about malware to the staff of three of Manna's retail sites during their annual regional meeting.
Create a PowerPoint presentation that lists 15 different types of malware and defines each type in detail regarding what the malware can do, how it spreads, its dangers, etc. Your presentation should contain at least 10 slides.
After your presentation, it is apparent that some of the attacks were the result of social engineering. Manna has asked you to create a one-page "cheat sheet" that describes social engineering attacks and how they may be performed, including a list of practical tips to resist these attacks. This sheet paper will be posted in the stores in which employees can make quick reference to when necessary. Create the paper for Manna, using a format that is easy to reference.
Explanation / Answer
Please Note: As per Chegg Answering Guidelines, I have answered the first question. Please Post Separate for Separate Questions.
Q1)
Answer)
Vishing, or voice phishing is a fraud technique through telephone, voip, mobile or landline or other voice mediums where the victims or customers are tricked into revealing personal, confidential, financial operations to unauthorized entities such as the attacker. The attacker here poses as the actual genuine entity such as a bank who is trying to confirm its details from the customer but in turn uses the information entered by the customer for malicious reasons and thus harming the customer's financials or personal information.
The victim firstly receives a call from that attacker, who poses as the bank through his speech and phone number spoofed and having some preliminary information about the customer. Then he states the customer that there is some suspicious activity taken on his account and his account is hacked or some security issue is there. In the above scenario wither a number is provided to call in a message by the attacker by the victim which appears genuine or the attacker posing as genuine entity call the victim. The victim as worried as he should be about the security of his account, as mandated by the attacker gives out the details over the telephone such as credit card and other bank or private details.
The messages commonly used by attackers for calling the attacker by the victim include that suspicious activity has been occurred into the victim's account or credit card or bank and immediate action is necessary to handle or mitigate this risk. The attackers trick users into entering the victims information or telling him the victims bank information based on the above attack method discussed above. The social engineering techniques used by the attackers are gaining trust of the customers, having a telephone where there is caller id spoofing causing the attacker to pose as a genuine entity and gaining trust of the customer and also having preliminary information about the customer.
The victims can detect and resist the attacks by -
a) Suspecting the unsolicited message the customers receive which says threat they are target of the some risks which can be some illegal activity
b) There is a risk involved in calling a unknown number and giving up details about bank, and thus customers should never do that.
c) Even on calling, the voice of the attacker should be notices and may appear to be not genuine many of times.
d) A customer should directly call the official phone number of the banking or financial institution rather than calling the number in the text message.
e) Customer can verify all the recent activities of his to be certain that no information has been tampered or leaked
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.