Cybersecurity for Beginners: How to prevent Phishing & Social Engineering Attacks by Mike Miller & Mike Miller

Author:Mike Miller & Mike Miller [Miller, Mike & Miller, Mike]
Language: eng
Format: epub
Published: 2020-10-24T00:00:00+00:00

Chapter 11 Understanding Cross-site Request Forgery

Cross site request forgery is a very specific type of attack. This is the attack that alerted a lot of people using social media sites that they were being hacked and just to let you know, this is often pronounced sea-surf. So that's another way that you'll hear about this type of attack and what this is also known as is a session riding attack and I'm going to explain this. This is a very intricate type of attack but I'm going to give you the basics of how this attack works so you know what is going on. This can be a social engineering attack and remember, that's different than social networking. Social engineering is when you might get a call on the phone from what you believe to be is one of your company's distributors or you might get a phishing email or some other malware that could also exploit this particular type of attack. So understand that it's not just that you went to Facebook, it could be any piece of malware that does this. However, many people have gotten malware from Facebook that has done this type of attack and I shouldn't just say Facebook, I should say any social media site. It's happening on all of them. Let me briefly break this attack down for you. First of all, it starts out that there is a particular business that you want to have access to and you want to transact some business with that requires you to authenticate. You would like to transfer some funds from one of your bank accounts to another bank account, so you sign in, you log in using your credentials to your bank and you transfer funds. At this point you then open up your browser and go to let's say a social media site and you start accessing the social media site. I want you to understand, that when you authenticated to your bank, that's a session and that session is still open. Until you log out or you turn off your machine and disconnect, that session is still open for a while. There are time outs on sessions but I want you to think about this. If it has a 15-minute time out, I signed in, transferred funds, I jumped into Facebook, that session is still there. Well, what can happen is this. You authenticate to Facebook, if the username and passwords are the same for both your bank and your social media, but this particular attack is much easier to pull off. That's why you should not use the same username and password on different websites. However, this attack can still work even if your usernames and passwords are different. What's going to happen is that an attacker or a hacker is going to have something on that social media site that when you click on it, and this can be a link, a photo or an ad that could infect your machine malware or forgery script, and here's what these software will do.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.