Week 7 & 8 Lab – Social Engineering Attacks Students Student ID Name Notes · This seminar is a continuation on from week 6 so please make sure you have completed that before attempting this. · You can...

1 answer below »

Week 7 & 8 Lab – Social Engineering Attacks

Students

Student ID

Name



Notes

· This seminar is a continuation on from week 6 so please make sure you have completed that before attempting this.

· You can perform this exercise in groups over your online meeting tool of choice or individually if you would prefer.

Background

One of the more common hacking techniques occurring today is through the use of social engineering, this includes spam emails, phishing and fake websites. After using the information, we gathered last week using The Harvester and other open source tools such as good. An attack could launch a phishing campaign against a company attempting to trick a user into entering credentials into a fake website.

Due to all websites’ code on the web being readable, it has become very easy to clone a website and there are some specialised tools to do so.

Activity 1: Clone a website to a phishing site

1. Open VirtualBox and boot up the virtual machine we setup last week and login

2. Open the applications menu (icon in the top left corner)

3. Open up the Social-Engineer Toolkit by searching for it

4. Agree to the terms (after reading them of course).

5. Choose option 1, Social-Engineering Attacks then choose number 2, Website Attack Vectors followed by number 3, Credential Harvester Attack Method.

6. You then want to select option 2, Site Cloner and you can now enter a website to clone.
You can select any website you’d like to clone, I suggest trying something simple first

This will clone the website you choose and then serve it at http:// XXXXXXXXXX. Go to that URL in the virtual machine and enter some information into a form (such as a login form) to see what it does. Do not enter real information here.

How could this attack method be used to phish unsuspecting victims?

Activity 2: Researching phishing template services

Now that we have a fake website, we can look at sending this out. To do this we would need a phishing email. There are multiple services/tools that can be used to do this.

Have a look at gophish and explain what services that it provides.

Activity 3: Clone a template website

In this exercise, you should clone a website from the list of templates. What website did you choose? What differences can you see between the official website and your cloned one?


Activity 4: Wifi Phishing

Look into the wifiphisher tool and explain how this tool works. How can this be used to phish individuals?

Activity 5: Detecting phishing attacks

After looking through the process for creating a phishing website and a phishing email campaign. Perform some research into different ways to detect these kinds of attacks and the best ways to prevent them. Write down your best recommendations individuals should follow for identifying and phishing attacks

Activity 6: Reporting Phishing

Perform some research into where individuals who detect a phishing attack can report these crimes to, what information is needed? How does this vary for a business?

Answered 1 days AfterMay 02, 2021Macquaire University

Solution

Ali Asgar Kanchwala answered on May 03 2021
20 Votes

Week 7 & 8 Lab – Social Engineering Attacks
Students
Student ID
Name






Notes
· This seminar is a continuation on from week 6 so please make sure...

Submit New Assignment

Copy and Paste Your Assignment Here