Hiding executables and obfuscating the attacker’s URL
As shown in the previous examples, there are two keys to successfully launching a social engineering attack. The first is to obtain the information needed to make it work: usernames, business information, and supporting details about networks, systems, and applications. The majority of the effort, however, is focused on the second aspect: crafting the attack to entice the target into opening an executable or clicking on a link.
Several attacks produce modules that require the victim to execute them in order for the attack to succeed. Unfortunately, users are increasingly wary about executing unknown software. There are, however, some ways to increase the possibility of successful attack execution, including the following:
- Launch an attack from a system that is known and trusted by the intended victim or spoof the source of the attack. If the attack appears to originate from the help desk or IT support and...