Credential Harvesting Using Man in the Middle Attack via Social Engineering

Page 1

International Research Journal of Engineering and Technology (IRJET) Volume: 09 Issue: 06 | Jun 2022

www.irjet.net

e-ISSN: 2395-0056 p-ISSN: 2395-0072

Credential Harvesting Using Man in the Middle Attack via Social Engineering Mounika V1, Dr. Vibha M B2 1Student

Dept. of MCA, Dayananda Sagar College of Engineering, Bangalore, Karnataka, India Professor, Dept. of MCA, Dayananda Sagar College of Engineering, Bangalore, Karnataka, India ---------------------------------------------------------------------***--------------------------------------------------------------------many more. But these toolkits require a setup environment ABSTRACT – With growing internet users threat landscape 2Associate

and are specific to the use case. These toolkits are not suitable for novice users [7].

is also increasing widely. Even following standard security policies and using multiple security layers will not keep users safe unless they are well aware of the emerging cyber threats and risks involved. Humans are the weakest people in the security system as they possess emotions that can be exploited with minimum reconnaissance. Social engineering is a type of cyberattack where it exploits human behaviour or emotions to collect sensitive information such as username, password, personal details, etc.

At present irrespective of occupation, age probably most people have a smartphone, have interest access, and use online services such as social media, online banking, and many more. Most of the users are not aware of common cyber threats and are at risk of cyber-attacks [3]. This project proposes a system that is a lightweight simple to use phishing simulation toolkit consisting of pre-loaded social networking sites which help train users on cyber threats such as phishing attacks.

This paper proposes a system that helps end-users to understand that even using security mechanisms such as two-factor authentication can be useless when the user is not aware of basic security elements and make internet users aware of cyber threats and the risk involved.

2. LITERATURE REVIEW The poll was done in 2019 with approximately 4800 participants, and the results led to the following conclusions. According to the survey results, 55 percent of respondents are unfamiliar with two-factor authentication, and 68 percent use the same password for several authorizations. Only 30 percent of users use strong password with at least a number, an alphabet, and a special character, and only 50 percent of users employ powerful security mechanisms like two-factor authentication and backup. 90 percent of people will not change their password unless they are prompted to [3].

KEYWORDS: Phishing, toolkits, social engineering, cyber awareness

1. INTRODUCTION Phishing is the most common type of social engineering attack. The nature of this attack makes it more dangerous. As humans can be exploited easily with emotions and various other factors, even training them gives no guarantee of being safe from these attacks. Making awareness of these threats to users has been a very important part of organizations.

The results of a poll on internet usage and cyber security awareness were done in 2017 across age groups ranging from 8 to 21 years. Antivirus was the most familiar term among all age groups, followed by firewalls and security warnings. Tracker and phishing were unfamiliar terms to the responders in the 8-12 age range. This emphasizes the necessity for people to become more aware of the phishing aspects of cybersecurity. Phishing and tracker are terms that less than half of people are familiar with [4].

Phishing is when an attacker sends phony messages to a human victim in the hopes of tricking them into revealing sensitive information or installing malware on their computer. Phishing attacks have evolved, allowing the attacker to track everything the victim does while on the site and evading any additional security measures. Phishing attacks can be carried out by anyone with rudimentary expertise, making them a dangerous and common threat [7]. Internet users need to be trained about these types of attacks and also need to be thought about how to respond to the attacks.

The other poll, on the trust factors of social engineering attacks on social networking sites, was done in 2021 with 35 participants using a pseudo-social-networking-service application that was subjected to a social engineering attack. The findings show that characteristics such as the attacker’s personal information and the content of the message have little bearing on trust. Only the display of a negative response to the post has an impact on trust [5].

There are many phishing toolkits available in the market that are used by organizations to train their employees. These toolkits help to simulate a real-world phishing attack and have many other features such as launching and managing multiple campaigns, generating reports, GUI, and

© 2022, IRJET

|

Impact Factor value: 7.529

|

ISO 9001:2008 Certified Journal

|

Page 1176

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: and more. Sign up and create your flipbook.