In this post, you will learn what is water holing and how it works and water is a type of social engineering attack. I have already written a post on what is social engineering and its most common type. To read click here.
What is water holing?
Water holing is a type of social engineering attack. This type of attack is performed on user trusting websites. Yes, suppose a user is regularly visiting a site and he/she has no doubt that the site is watching here details. Of course, When a user enters the site they will interact with the site by clicking another post, Interacting in the chat and the contact forms.
So, these are the ways the users are interacting with the site. But you may ask how this will affect peoples trust in official big sites like tesla, google, StackOverflow.
Many people keep many trusts in the above websites but when a hacker comes in and enters some malicious codes into the site and gathers the website users information and leaks or use them for hacking is called water holding.
In simple words, water holing means using the trust of a website a user keep and a hacker comes in and takes the random database from the site is the perfect definition of water holing.
Also Read: What is Diversion theft?
How to stop water holing?
- Stop visiting untrusted sites
- Use Tor over VPN while browsing (I know the speed will be slow, but privacy is more important the speed)
- Don’s interact in the chat box or the contact form. But If you wanted to interact in the contact form use some fake email or fake phone numbers.
Also Read: What is pretexting? -Explained
An example of Water holing
Suppose an IT staff visit website like stack overflow or Github for regular use and a hacker comes and bugs in the specific person ID and takes the data and leaks or keep it for further hacking is a good example of water holding.
Also Read: What are phishing and its types
Also Read: What is dumpster diving? – Explained