2 hours 25 minutes
in the last video we discussed What malicious file slash code attacks are in This video will be discussing what social engineering link attacks are
now. This attack is somewhere to the previous attack in that it can use every day flash rights as well.
The difference being is these devices are loaded with links to Web sites. A lot of times, these links will take victims to militias fishing sites. Now, what is a fishing site? Well, basically, a phishing site is a site that masquerades as a legitimate site or a site that
makes look like a legitimate site.
And a lot of times, thes sites will look like email hosting sites or financial sites like Gmail or Chase. Uh, a lot of these phishing sites are built to do number things. They can harvest credentials. So if a
user gets taken to, say, a financial site in the start entering their credentials,
well, now the Hecker are the attacker has the information, and a lot of times what they do is once the victim enters their credentials, they'll link them to the real site, so the victim will have no idea they were actually at a fishing site.
Other times fishing sites will attempt to extort victims. For example, I'm sure you've seen a and add that that says your computers infected and you need to call this number. When victims call that number, the people on the phone will extort victims into paying the money to
clean their machine when in reality, they're doing nothing.
Now, sometimes these
these attacks will download malicious files in this sort of circumvents the problem of malicious files being on advice. Say someone scans device and they find malicious
files and they just don't open what's on there. Well, this sort of circumvents that and then download it from the website.
Now these attacks are mostly seen with everyday flash drives.
They can be used with HIV spoofing devices, although most the time it's done with everyday flash drives.
Now there are a few drawbacks to this type attack. First of all, the victim needs to have access to the Internet.
Victim doesn't have any access to Internet thistle. Attack is going to go nowhere because it relies on an Internet connection.
This type tak also relies on more gullible users. Don't get me wrong. There's some Attackers that could be very good at what they do and contract even experts into thinking they're real sight. But
most the time these sites have some sort of issue with them,
where the trained eye can spot the differences
now. Also, some gullible users will. The file gets downloaded. We'll have to run it so it kind of does rely on people being less knowledgeable of these attacks.