Scribd
Upload
56 views

Lab Exercise - Lesson 7

The document discusses two scenarios involving risks from social engineering attacks and phishing. In the first scenario, a receptionist at a company is tricked into providing their username and password to an impersonator claiming to be from IT, illustrating a social engineering attack. The second scenario describes a phishing attack, where a student receives a fraudulent email claiming their bank account was compromised and directing them to a fake website to enter personal information. The student wisely verifies the situation by contacting the actual bank directly.

Uploaded by

Corrales Briyan Joy
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
56 views

Lab Exercise - Lesson 7

The document discusses two scenarios involving risks from social engineering attacks and phishing. In the first scenario, a receptionist at a company is tricked into providing their username and password to an impersonator claiming to be from IT, illustrating a social engineering attack. The second scenario describes a phishing attack, where a student receives a fraudulent email claiming their bank account was compromised and directing them to a fake website to enter personal information. The student wisely verifies the situation by contacting the actual bank directly.

Uploaded by

Corrales Briyan Joy
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Exercise 7-1: Recognizing risks

In this exercise, you will review two scenarios and identify the risks represented by each.

1. Consider the following scenario:

Alan is the new receptionist at XYZ Company. Most of the management staff has been at an offsite meeting
all day and it is already 4 PM. The phone rings and the conversation proceeds as follows:

Alan: "Dream Pages LLC, this is Alan, can I help you?"

Caller: "Alan! Great. Hey, this is Jim from IT. We've been stuck offsite all day, and it looks like we may be here
several more hours, and I really need to finish getting all the email accounts moved over to the new server. I
can do it remotely, but I left my notes at the office. I can get your account moved over, but I need your user
name and password to do it."

Alan: "You're in the IT department?"


Caller: "Yes, Alan, this is Jim from IT. I’m in charge of the email server." Alan: "Sorry, I'm still new here ..."

Caller: "Oh, hey, no worries, Alan. Anyway, I can get your account moved over if you could just give me the
user name and password. Yours is the last one I need to move, and it would save me a trip all the way back
to the office. Can you help me out?"

Alan: "Oh, okay."

Alan then gives his user name and password to "Jim." Jim thanks him and says that was all he needed to know. And
then the call ends.

2. What type of attack is illustrated in this scenario?

__________________

3. What do you think has taken place?

__________________

4. Consider the following scenario:

Minerva is a student. She was disturbed to receive an email message from her bank informing her that
several customer accounts had recently been compromised. The message assured her, however, that account
numbers were being changed to protect the customers. The message included a link to the fraud prevention
page of the bank’s web site. Once there, she would be instructed on how to verify her old information and
activate her new account.

Minerva clicked the link and read all the information on the fraud prevention page of the bank’s web site.
The page included a web form for verifying old information and a link to activate her new account number. It
also included contact phone numbers for speaking with bank agents who were available to answer any
questions. The form required her to enter her old account number, her date of birth and the last four digits
of her social security number.

Instead of filling out the form, Minerva opened a new browser page, entered the URL for the main page of
her bank web site, located a contact phone number and called the bank. She noticed that the contact
number was very similar to the one on the "fraud prevention page," but it was not the same number.

5. What type of attack is illustrated in this scenario?

________________________

6. Why do you think Minerva did not use the phone number listed on the fraud prevention page?

_______________________

Exercise 7-2: Using secure connections


In this exercise, you will use secure connections and view digital certificates.
1. Open the Google Chrome web browser and navigate to www.amazon.com. Click the Hello Sign in Your

Account link near the top right corner.

Screen shot

2. Look at the URL in the Address bar and notice that the protocol is https, indicating a secure connection.
3. Click the lock icon in the browser address bar, then read the information that displays in a drop-down
message. Your connection to the site is private.

Screen shot

4. Click Details in the drop down message to view details about the security of the connection in a pane that
opens on the right edge of the browser window.
5. Click the View certificate button to view details about the digital certificate.

Screen shot

6. Click the various tabs in the Certificate dialog box, then close the dialog box.
7. Close the Chrome browser.
8. Open the Internet Explorer browser and navigate to www.amazon.com.
9. Notice the use of the https protocol in the Address bar. Click the lock icon and read the information that
displays in the drop-down message, then click View certificates.

Screen shot

10. Close the Certificate dialog box, then close the Internet Explorer browser.

You might also like