5.

4 Cyber Security (Social Engineering)

Objective:
 Describe processes involved in, and aim of carrying out cyber security threats related to
Social Engineering.
Social Engineering occurs when cybercriminal creates a social situation that can lead to a
potential victim dropping their guard. It involves manipulation of people into breaking their
normal security procedures and not following best practice.
There is no hacking involved, since user is willingly allowing cybercriminal to have access to
their computer, to download malicious software or visit fake websites; user is rushed into
making rash decisions.
Types of threats Used in Social Engineering
 Instant Messaging:
Malicious links are embedded into instant messages; for example, an
important software upgrade. This relies on user’s curiosity.
 Scareware:
This is done using pop-up message that claims that user’s computer is infected
with a virus; user is told they need to download fake anti-virus immediately. This relies on
user’s fear.
 Emails/Phishing Scams:
Phishing occurs when a cybercriminal sends out legitimate-looking emails
to users. When user click on emails links it will take user to a fake website that trick user
into responding with personal data. This fake email appears to be genuine coming from a
known bank or service provider. This relies on user’s trust of well-known companies.
 Baiting:
Cybercriminal leaves a malware-infected memory stick somewhere, where it can
be found. Finder picks up memory stick and plugs it into their computer (just to see who it
belongs to) and unintentionally downloads malicious malware. This relies on user curiosity.
 Phone calls:
Cybercriminal call user on their mobile claiming their device has been
compromised in some way. User is advised to download some special software that
allows cybercriminal to take over the user’s device giving them access to personal
information. This relies on user fear.
Social Engineering is based on exploitation of following Human Emotions:
➢ Fear:
User is panicked into believing their computer is in danger and isn’t given time to
logically decide if danger is genuine or not. Fear is a powerful emotion that can easily
be exploited by a cybercriminal.

03345606716 emkonweb.com @emkonweb @emkonweb

 CS Made Easy

➢ Curiosity:
User can be tricked into believing they have won a car or they find an infected
memory stick lying around. They give their details willingly to win the car (credit card
details to pay for delivery) or they are curious who memory stick belongs to; without
thinking clearly, their curiosity gets better of them and damage is done.
➢ Empathy and Trust:
A real belief that all genuine-sounding companies can be trusted,
therefore emails or phone calls coming from such companies must be safe.

ESQ: List down Stages in a typical social engineering scam.

Stage 1: Victims are identified; information about victim gathered and method of attack
decided.
Stage 2: Victim is being targeted (either through email, phone call, Trojan horse and so on; )
Stage 3: Attack on victim is executed allowing cybercriminal to obtain information.
Stage 4: When cybercriminal has decided they have what they wanted they try to remove all
traces of malware to cover their tracks.

Data Security
Data Security means data is recoverable if lost or corrupted. Data can be said to be 'secure' if
it is available for use when needed and data made available is data that was stored originally.
Security of data has been breached if data has been lost or corrupted. Data security is a
prerequisite for ensuring data integrity and data privacy.
Access levels through User Account
In computer systems, user accounts control a user’s
rights and have a hierarchy of access levels depending on a person’s level of security. This is
usually achieved using user name and password.
When using databases, levels of access are essential to determine who has right to read,
write and delete data.
Access Level in Social Networking Website:
Users are allowed to use privacy settings rather than passwords to decide level of access in
social networking website.
➢ Public access refers to data anyone from general public can access.
➢ Friends only people identified as ‘friends’ by owner of data can see certain data.
➢ Custom: This allows user to further refine what data can be seen by ‘friends’ allowing
them to exclude certain content from selected people.
➢ Data Owner: This type of data can be seen by data owner only. We call this as private

Computer Science IGCSE, O & A level By Engr M Kashif 03345606716

 5.4 Cyber Security (Social Engineering)

data access.
Anti-Malware
Two most common types of anti-malware are anti-virus and anti-spyware.
 Anti-Virus:
It is a utility software used for scanning and removing viruses from computer.
Primary purpose of antivirus is to protect computers from viruses and remove any viruses
that are found.
How Antivirus works?
Antivirus contain list all of all known viruses and check each file
extensions on all storage media in computer. When it finds one it deletes it.
Tasks carried out by anti-virus software:
➢ Scans files for viruses // detects/identifies a virus
➢ Can constantly run in background
➢ Can run a scheduled scan
➢ Can automatically updating virus definitions
➢ Can quarantine a virus
➢ Can delete a virus
➢ Notifies user of a possible virus
 Anti-Spyware:
Anti-spyware software detects and removes spyware programs installed
illegally on a user’s computer system.
Anti-Spyware Software is based on one of following two methods:
➢ Rules: Anti-Spyware Software looks for typical features which are usually associated
with spyware thus identifying any potential security issues
➢ File Structures: There are certain file structures associated with potential spyware
which allows them to be identified by Anti-Spyware software.

Features of anti-spyware:
➢ Detect and remove spyware already installed on device
➢ Prevent a user from downloading spyware.
➢ Encrypt files to make data more secure in case it is ‘spied’ on.
➢ Encryption of keyboard strokes to help remove risk posed by keylogging aspects of
spyware.
➢ Blocks access to a user’s webcam and microphone .
➢ Scans for signs that user’s personal information has been stolen and warns user if this
has happened.

Authentication Authentication refers to ability of a user to prove who they are.

03345606716 emkonweb.com @emkonweb @emkonweb

 CS Made Easy

Three Factors used in authentication:

➢ Something you know (for example, a password or PIN code)
➢ Something you have (for example, a mobile phone or tablet)
➢ Something which is unique to you (for example, biometrics).
Authentication Method:
 Passwords and User Names:
Passwords are used to restrict access to data or systems. They
should be difficult to crack and changed frequently. Passwords can take form of biometrics.
Passwords are frequently used when accessing internet.
Example:
➢ When accessing email accounts.
➢ When carrying out online banking or shopping.
➢ Accessing social networking sites.
ESQ: List down ways to protect password.
➢ Run Anti Spyware software to make sure your passwords are not being sent to
whoever put spyware on your computer.
➢ Regularly change passwords in case they have been seen by someone else, illegally or
accidentally.
➢ Make sure passwords are difficult to crack or guess.
➢ Instead of using week password, use strong passwords and it should contain at least
one capital letter, at least one numerical value, at least one other keyboard character.

ESQ: How can we add precaution in case unauthorised person has tried to change user’s
password.
Ans: When using online website, if user forgets their password or they need to reset it, they
will be sent an email which contains link to web page where they can reset their password.
➢ Biometrics can be used as a way of identifying a user. Biometrics relies on certain
unique characteristics of human beings. Examples: Fingerprint Scans, Retina Scans,
Face Recognition , Voice Recognition.

Application of Biometric:
❖ Biometrics is used in a number of applications as a security device. Example, Latest
mobile phones use fingerprint matching before they can be operated.
❖ Pharmaceutical companies use face recognition or retina scans to allow entry to
secure areas.
➢ Fingerprint Scans:
Images of fingerprints are compared against previously scanned fingerprints

Computer Science IGCSE, O & A level By Engr M Kashif 03345606716

 5.4 Cyber Security (Social Engineering)

stored in a database; if they match then access is allowed; system compares patterns of
‘ridges’ and ‘valleys’ which are fairly unique.
Security devices (such as magnetic cards to gain entry to building) can be lost or even stolen
which makes them less effective.

Benefit of Fingerprint Scans Drawback of Fingerprint Scans

it is one of most developed biometric For some people it is very intrusive, since it is
techniques still related to criminal identification
It is very easy to use. It can make mistakes if skin is dirty or
Relatively small storage requirements for the damaged (e.g. cuts)
biometric data create.
Fingerprints can’t be misplaced; a person It is relatively expensive to install and set up.
always has them!
It would be impossible to ‘sign in’ for
somebody else since fingerprints would
match with only one person on database.
Fingerprints can improve security as
Fingerprints are unique and it would be
difficult to replicate a person’s fingerprints.
➢ Retina Scans:
Retina scans use infrared light to scan unique pattern of blood vessels in retina. It is
unpleasant technique requiring a person to sit totally still for 10 to 15 seconds while scan
takes place. It is very secure since nobody has yet found way to duplicate blood vessels
patterns.
Benefit of Retina Scan Drawback of Retina Scan
Very high accuracy it is very intrusive
There is no known way to replicate a person’s it can be relatively slow to verify retina scan
retina. with stored scans
➢ Face Recognition
Facial recognition is a way of identifying or confirming an individual’s
identity using their face. Facial recognition systems can be used to identify people in photos,
videos, or in real-time.

Application: At many airports, 2-D photograph in the passport is scanned. Passenger’s face is
also photographed using a digital camera. Two digital images are compared using face
recognition and detection software. Key parts of the face are compared.
Data such as:
• Distance between eyes • width of nose • shape of cheek bones • length of jaw line • shape
of eyebrows
Above key positions on face determine whether or not two images represent same face.

03345606716 emkonweb.com @emkonweb @emkonweb

 CS Made Easy

Benefit of Face Recognition Drawback of Face Recognition

Non-intrusive method It can be affected by changes in lighting,
Relatively inexpensive technology person’s hair, change in age, and if the
person is wearing glasses
➢ Voice Recognition
Microphone is being used in a VOICE RECOGNITION system, user’s
voice is detected and then converted into digital. Few words spoken produce a digital wave
pattern. Software compares this wave pattern to wave patterns stored in memory to see if
they match. If they match, then the person has been correctly identified. This technology can
be used in security systems.
Benefit of Voice Recognition Drawback of Voice Recognition
Non-intrusive method A person’s voice can be easily recorded and used for
unauthorized access
Verification takes less than 5 seconds An illness such as a cold can change a person’s voice,
relatively inexpensive technology making absolute identification difficult or impossible
Low accuracy.
Biometric Applications
Company uses retina scans to permit entry to their secure research laboratories.

Person stands facing retina scanner. Scanned data is sent via an ADC (analogue-digital
converter) to a microprocessor. Microprocessor compares the data received with retina scan
data already stored in a database. If the two sets of data match, a signal is sent to turn a light
from red to green and also unlock the security door. Door is controlled by a DAC (digital-
analogue converter) and an actuator. If the retina scan data and database data don’t match,
then entry is denied and the light remains red.
Two-Step Verification
Two-step verification requires two methods of authentication to
verify who a user is. It is mostly used when a user makes an online purchase using a
credit/debit card as payment method.

Computer Science IGCSE, O & A level By Engr M Kashif 03345606716

 5.4 Cyber Security (Social Engineering)

Example: Suppose a user logs into website using her computer. This requires to enter a user
name and a password, which is step 1 of authentication process. To improve security, few
digit PIN (OTP) is sent back to user either in an email or as a text message to registered
mobile phone (Second stage of authentication process). User now enters PIN into computer
and is now authorized to use website.
Automatic Software Updates Automatic software updates mean software on
computers and mobile phones is kept up-to-date. Sometimes this is done overnight or when
you log off the device. These updates are vital since they may contain patches that update
the software security (to protect against malware) or improve the software performance (for
example, removal of bugs and addition of new features).

Downside to this is the potential for updates to disrupt your device following installation. If
this happens, the user either has to wait for another patch to put this right, or use the
techniques that reverse the clock time to an earlier date before the updates were made.
Checking URL spelling and tone of Email Communication
To ensure that email is from trusted source, User need
to follow following steps before clicking on link:
➢ Check out spellings in email and in links; professional, genuine organisations will not
send out emails which contain spelling or major grammatical errors.
➢ Carefully check tone used in email message; if it is rushing you into doing something or
if language used seems inappropriate or incorrect, then it could be a phishing email.
➢ Check email address as no legitimate company will use an email address such as:
@gmail.com. Carefully check part of address after ‘@’ symbol which should match
company’s name.
➢ Misspelling of domain names in a link are very common errors found in emails sent by
scammers and fraudsters. www.gougle.com www.amozon.com. This is known as typo
squatting where names close to genuine names are used to fool you.
➢ Errors to look out for are just plain spelling mistakes. Look at this address from
TKMaxx; find three errors:
http://www.tkmax.co.ie
» since company involve online payments, so it should use secure links https
» Spelling of the company is incorrect.
» it is more likely to see .com since they are a large company.
Firewalls Firewall sits between the user’s computer and an external network and filters
information in and out of the computer. It can be either software or hardware. Firewalls are

03345606716 emkonweb.com @emkonweb @emkonweb

 CS Made Easy

primary defence to any computer system to help protect it from hacking, malware (viruses
and spyware), phishing and pharming.

Tasks carried out by a firewall: 2210 P12 May 16

1) Firewall monitor ‘traffic’ between user’s computer and a public network.
2) Firewall warn user if some software on their system is trying to access an external
data source (e.g. automatic software upgrade); user is given option of allowing it to
go ahead or requesting that such access is denied.
3) Firewall help to prevent viruses or hackers entering the user’s computer.
4) Firewall keep logging of all incoming and outgoing ‘traffic’ to allow later interrogation
by network manager.
5) Firewall keeps a list of undesirable websites and IP addresses.
6) Firewall helps to prevent malware, including viruses, from entering user’s computer.
Hardware Firewall:
Firewall can be a hardware interface which is located somewhere between computer
and internet connection. It is often referred as a GATEWAY.
Alternatively, firewall can be software installed on a computer and mostly this is part
of the operating system.
Limitations of Firewall:
➢ It cannot prevent individuals on internal networks using their own modems to bypass
the firewall.
➢ Employee misconduct or carelessness cannot be controlled by firewalls.
➢ Users on stand-alone computers can chose to disable the firewall, leaving their
computer open to harmful ‘traffic’ from the internet.
Firewalls cannot act as intermediary servers.

PROXY SERVERS
It act as an intermediary between the user and a web server. It prevents
direct access to the webserver. If an attack is launched it hits the proxy server instead and
help prevent hacking of webserver.

Task Of Proxy Servers:

a) Proxy Servers allow internet ‘traffic’ to be filtered and Keeps a list of undesirable
websites and IP addresses.

Computer Science IGCSE, O & A level By Engr M Kashif 03345606716

 5.4 Cyber Security (Social Engineering)

b) Proxy Servers can block access to a website if necessary

c) Proxy Servers can speed up access to information from a website by using feature
known as CACHE. When website is first visited, home page is stored on proxy server.
When user next visits website, it now goes through proxy server cache instead, giving
much faster access.
d) Proxy Servers keep user’s IP address secret which improves security.
e) Proxy Servers act as a firewall and can block requests from certain IP addresses.
f) Proxy Servers prevents direct access to web server by sitting between user and web
server, if an attack is launched, it hits proxy server instead – this helps to prevent
hacking, DoS.
Exam Style Question
Study each statement. Tick appropriate column(s) to indicate whether statement
refers to a firewall and/or a proxy server. P13 Nov 15

Privacy Settings Privacy settings are controls available on web browsers, social networks
and other websites that are designed to limit who can access and see a user’s personal
profile.
Privacy Settings can refer to:
➢ A ‘do not track’ setting stop websites collecting and using browsing data which leads
to improved security.
➢ A check to see if payment methods have been saved on websites; this is a safety
feature which prevents need to type in payment details again.
➢ Safer Browsing; an alert is given when browser encounters a potentially dangerous
website (the undesirable website will be in a ‘blacklist’ stored on the user’s computer)
➢ Web Browser privacy options (e.g. storing browsing history, storing cookies)
➢ Website advertising: Website may be tracked by any number of third parties who
gather information about your browsing behaviour for advertising purposes.
➢ Apps; Sharing of location data in map apps can be switched off.

Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) is a type of security protocol. It is a set of rules used by

03345606716 emkonweb.com @emkonweb @emkonweb

 CS Made Easy

computers to communicate with each other across a network. SSL allows data to be sent and
received securely over internet.
When user logs onto website, SSL encrypts data – only user’s computer and the web server
are able to make sense of what is being transmitted.
User will know if SSL is being applied when they see https or small padlock in status bar at
top of screen. P11 May 16
Stages a web browser goes through to detect whether website is secure. P11 May 16
 Web browser attempts to connect to a web site which is secured by SSL
 Web browser requests web server to identify itself and view (SSL) certificate.
 Web browser receives a copy of (SSL) certificate, sent from webserver.
 Web browser checks if SSL certificate is authentic.
 Web browser sends signal back to webserver that the certificate is authentic.
 Web server will then send back some form of acknowledgement to allow SSL
encrypted session to begin.
 Encrypted data is then shared securely between web browser and web server.
SSL Certificate is form of digital certificate which is used to authenticate a website. This
means any communication data exchange between browser and website is secure provided
this certificate can be authenticated.

SSL Protocol Applications:

• Online banking • Online shopping • Online payment systems • Email • Cloud based storage
• Intranet/extranet • VPN • VoIP • Instant messaging (IM) // social networking

ESQ: How SSL protocol help to keep the data safe over internet during transmission?

 SSL encrypts the data – only user’s computer and web server are able to make
sense of what is being transmitted.
 encryption is asymmetric / symmetric / both
 makes use of (public and private) keys
 Data is meaningless without decryption key if intercepted.

Transport Layer Security

TLS is similar to SSL but is a more recent security system. TLS is a
security protocol that ensures security and privacy of data between devices and users when
communicating over internet. It designed to provide encryption, authentication and data
integrity in a more effective way than SSL. TLS is updated version of SSL. P12 Oct 17
Layers of TLS:
TLS consist of two layers: P13 Nov 16
 Handshake Layer: this permits the website and the client to authenticate each other and
to make use of a secure session between client and website.

Computer Science IGCSE, O & A level By Engr M Kashif 03345606716

 5.4 Cyber Security (Social Engineering)

 Record layer: this part of the communication can be used with or without encryption and
it contains the data being transferred over the internet.
Comparison between SSL and TLS:
➢ TLS separates handshaking process from record protocol (layer) which holds all data.
➢ It is possible to extend TLS by adding new authentication methods.
➢ TLS can make use of SESSION CACHING which improves overall performance
compared to SSL.
Session Caching:
When opening TLS session, it requires lot of computer time due to complex encryption keys
being used. Use of session caching can avoid the need to utilize so much computer time for each
connection. TLS can either establish a new session or attempt to resume an existing session
which can considerably boost system performance.

 Applications of TLS. P12 Oct 17

• Online banking • Online shopping • Online payment systems • Email • Cloud based storage
• Intranet/extranet • VPN • VoIP • Instant messaging (IM) // social networking

*************

03345606716 emkonweb.com @emkonweb @emkonweb