Social Engineering
Social Engineering
Example:
• A hacker brings down a target network, and then contacts the target
pretending to be a technician, in order to get a user to give
information.
Email and Phone Calls
• Are described as a direct social engineering approach, but have less
probability of success since the person targeted can simply ignore the
email and the phone call.
Example:
• Phishing
Authority Abuse
• Attackers can pose to be a member of the organization with higher
authority and request for usernames and passwords, may use
meeting a deadline as an excuse.
Countermeasures
• Slow Down. Spammers want you to act first and think later.
• Research the facts. Be suspicious of any unsolicited message.
• Delete requests for help or offers of help. Legitimate companies and
organizations do not contact you to provide help.
• Curiosity leads to careless clicking – if you don’t know what the email
is about, clicking links is a poor choice.
• Don’t let a link in control where you land. Stay in control by finding
the website yourself using a search engine to be sure you land where
you intend to land.
More countermeasures….
• Email Hijacking is rampant. Hackers, spammers, and social engineers
taking over control of people’s email accounts has become rampant.
• Beware of any download.
• Foreign offers are fake.
• Set your spam filters to high.
• Secure your computing devices.
Advantages of knowing how Social Engineering Techniques
are effective includes:
• Prevents unauthorized access from occurring.
• Prevents possible information theft.
• Prevents the possibility of downloading malicious software on
unsuspecting user systems.
• Preserves the integrity of Information Systems.
Disadvantages of being uninformed with respect to Social
Engineering Techniques are effective includes:
• Possible data theft.
• Possible identity theft.
• Possible corruption of data.
• Possible unplanned system downtime.
• Possible (physical) Security Threat.