fbpx
contact

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson’s machine. What is the social engineering technique Steve employed in the above scenario?

Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson’s machine. What is the social engineering technique Steve employed in the above scenario?

Option 1 : Elicitation
Option 2 : Diversion theft
Option 3 : Phishing
Option 4 : Quid pro quo

1. Elicitation

Elicitation may be a lively effort to extract project-related information from all relevant stakeholders. the target is to obviously define the business or project objectives. Requirements elicitation uses various analytics and techniques that leave complete, concise and clear requirements to be gathered. A Standish Group report lists “incomplete requirements” because the leading explanation for software project failure and divulges that poor requirements account for 50% of project failures. Poor requirements are a results of sub-standard elicitation which can also cause scope creep, budget overrun and inadequate process redesign.

Elicitation is vital as many stakeholders are unable to accurately articulate the business problem. Therefore, analysts performing the elicitation got to make sure that the wants produced are clearly understandable, useful and relevant. A well defined problem and clear requirements will go an extended thanks to creating the right solution that adds value to the business.

2. Diversion theft

Diversion theft started as an “offline” attack where the mal-actor tricks a courier into learning or dropping off a package from the incorrect location and hence either facilitating the delivery of their false package or accessing the important package. It’s also referred to as the “Corner game” or “Round the corner game” and has its origins within the East End of London, way before the web was even thought of.

A lorry driver would be met and told that the products he’s carrying are needed round the corner from the important drop off point. the products are then easily accessible by the crooks and may be stolen or substituted.

A mal-actor can now use technology to divert the delivery, by intercepting and altering the delivery schedule. Diversion theft is additionally getting used online to trick the victim into sending information to the incorrect location. Often this is often done by using spear phishing, whaling, vishing or pretexting attacks.

3. Phishing

Phishing may be a cybercrime during which a target or targets are contact by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data like personally identifiable information, banking and mastercard details, and passwords.

The information is then wont to access important accounts and may end in fraud and loss .

The first phishing lawsuit was filed in 2004 against a Californian teenager who created the imitation of the web site “America Online”. With this fake website, he was ready to gain sensitive information from users and access the mastercard details to withdraw money from their accounts. aside from email and website phishing, there’s also ‘vishing’ (voice phishing), ‘smishing’ (SMS Phishing) and a number of other other phishing techniques cybercriminals are constantly arising with.

4. Quid pro quo

A quid pro quo attack (aka “something for something” attack) could also be a variant of baiting. instead of baiting a target with the promise of an honest , a quid pro quo attack promises a service or a benefit supported the execution of a specific action.

In business and legal contexts, quid pro quo conveys that an honest or service has been exchanged for something of equal value. it’s been utilized in politics to explain an unethical practice of “I’ll do something for you, if you are doing something on behalf of me ,” but are allowable if bribery or malfeasance doesn’t occur through it.

Understanding Quid Pro Quo

The key to a quid pro quo business agreement may be a consideration, which can take the shape of an honest , service, money, or, financial instrument. Such considerations are attached to a accept which something is provided and something of equal value is hence returned in exchange. Without such considerations, a court may find a contact to be invalid or nonbinding. Additionally, if the agreement appears to be unfair or overly one-sided, the courts may rule that the contract is null and void. a person , business, or other transacting entity should know what’s expected of both parties to enter into a contact.

Learn CEH & Think like hacker


This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

1 thought on “Johnson, an attacker, performed online research for the contact details of reputed cybersecurity firms. He found the contact number of sibertech.org and dialed the number, claiming himself to represent a technical support team from a vendor. He warned that a specific server is about to be compromised and requested sibertech.org to follow the provided instructions. Consequently, he prompted the victim to execute unusual commands and install malicious files, which were then used to collect and pass critical information to Johnson’s machine. What is the social engineering technique Steve employed in the above scenario?”

Leave a Comment