Exploitation techniques
Social engineering techniques
Tricking people into giving sensitive data such as PINs or passwords. is manipulating people into handing over confidential information such as a PIN or password. There are several forms:
- The act of inventing a story or scenario to gain a targeted victim's interest. This may encourage them to give away confidential information, or even send money.
- An attempt to gain personal information about someone by way of deception, eg sending an email pretending to be from their bank asking them for their bank details.
- A cyberattack that redirects a user from a genuine website to a fake one.
- Observing someone’s personal information over their shoulder, for example watching a person enter their PIN in a shop or at a cashpoint.
Blagging
Blagging is when someone makes up a story to gain a person’s interest and uses this to encourage them to give away information about themselves, or even send money.
For example, a person may receive an email that appears to be from a friend telling them that they’re in trouble and asking them to send money.
Phishing
Similar to blagging, a phishing email will ask a person to send personal details, but pretends to be from a business. They can often look convincing, but may contain spelling errors or Uniform resource locator - Each web page address on a network is written as a URL. It contains the IP address and the DNS and web page details. that do not match the business's website.
When a person clicks on these links and logs in, it sends their username and password to someone who will use it to access their real accounts. This information might be used to steal a person’s money or identity, or the email may contain Software that is designed to cause harm or damage to a computer. This includes viruses that might damage files, adware that causes pop-ups, and spyware that collects and shares login details..
Banks will never send emails asking for personal information or usernames and passwords. If someone receives an email that they think might be phishing, they should report it to the business the sender is claiming to be.
Pharming
Pharming is a type of cyberattack that redirects a user from a genuine website to a fake one. The fake website will often look like the genuine one. When a person logs in, it sends their username and password to someone who will use it to access their real accounts.
There are several ways that a pharming cyberattack can redirect traffic from a genuine website to a fake one. One example is if the Domain Name Servers (Domain name system (or server) - an internet service that translates IP addresses into website domain names. All websites have equivalent IP addresses.) of the website, which match the website address with the A unique address for each computer device on a network. of the webserver, are Gaining unauthorised access to a computer. and the IP address is changed to become the address of the pharming site.
Shouldering
This is the simplest form of taking personal details. Shouldering is looking at someone’s information over their shoulder, for example looking at someone enter their PIN in a shop or at a cashpoint.
A person can prevent this by using their hand to cover the keypad as they type their PIN, or being aware of people around them when typing in PINs. The programs, applications and data in a computer system. Any parts of a computer system that aren't physical. helps protect against shouldering by masking what is typed, showing an asterisk on the screen instead of the symbol that was entered.