Ashley Madison a Canada based online dating website, on July 2015 created a horrifying situation for its subscribers, this news brought about a change in ways everyone thought social networking could be. The subscribers of the website felt that their personal information will be out in the public and would ruin their reputations and relationships. The reason for them to think that way was all the members of the Ashley Madison received anonymous e-mails and letters, stating that their personal information would be leaked on public platforms. Along with that member of the dating website received a letter demanded approximately US$500 to be paid within three days, which lead to an alarming as well a panic situation among all.
The attack that took place on the website was named as Phishing Attack.
The attacker tricks the user to submit login details for websites that look legitimate, but it redirects them to some malicious website hosted on the attacker web server, through which attacker steals the credential entered by the user and uses it to impersonate with the website hosted on the legitimate target server. Attacker then can perform unauthorized or malicious operation with the websites target server.
BEHAVIOR VULNERABLE TO ATTACKS
- Human nature of trust is the basic of any social engineering attack. As of the business model of Ashley Madison site, it allowed users to register for it with no cost involved but when users who wish to seek partners for relationships wanted to contacted others, had to pay a fee, which started with US Dollar $49 each.
- Ignorance about social engineering, phishing and its effects among the workforce makes the organization an easy target.
- Fear of severe losses in case of non-compliance to the social engineer’s request.
- Social engineers lure the target to divulge information by promising something for nothing
- Target are asked for help and they comply out of sense of moral obligation
Computer based PHISHING
- An illegitimate email falsely claiming to be from a legitimate site attempts to acquire the user’s personal or account information.
- Phishing emails or pop ups redirects users to fake webpages of mimicking trustworthy sites that ask them to submit their personal information.
Mobile based social engineering – Phishing malicious apps
- Attacker creates malicious apps with attractive features and similar names to that of popular apps, and publish them on major app stores
- Unaware users download these apps and get infected by malware that sends credentials to attacks.
Mobile based social engineering – Fake security applications
- Attacker infects the victims PC.
- The victim logs onto his/her bank account.
- Malware in PC pop-ups a message telling the victim to download an app onto his phone in order-to receive security message.
- Victim downloads the malicious application on his/her phone.
- Attacks can now access second authentication factor sent to the victim from the bank via SMS.
WHY THIS HAPPENS?
- Social engineering is the art of convincing people to reveal confidential information. Social engineering involves acquiring sensitive information or inappropriate access privileges by an outsider. Attackers’ attempts social engineering attacks on office workers to extract sensitive data. Human based S.E refers to person-to-person interaction to retrieve the desired information. Attackers’ attempts social engineering attacks on office workers to extract sensitive data. Identify theft occurs when someone steals your name and other personal information for fraudulent purposes. A successful defense depends on having good policies and their diligent implementations.
SAVE YOURSELF- ANTI PHISHIN TOOLBAR
- PhishTank is a clearing house for data and information about phishing on the internet. It provides an open API for develops and researches to integrate anti phishing data into their application. Few ways of preventing yourself from falling prey for phishing is through verifying a Site’s Security, Keeping the Browser Up to Date, Be Wary of Pop-Ups, Never Give Personal Information and many more.
If you feel there are any more ways, do share your opinions.