Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Social Engineering: You Have Been A Victim > NetSparsh - Viral Content you Love & Share

Social Engineering: You Have Been A Victim

Monday morning, 6am; the electric rooster is telling you it's time to start a new work week. A shower, some coffee, and you're in the car and off. On the way to work you're thinking of all you need to accomplished this week. Then, on top of that there's the recent merger between your company and a competitor. One of your associates told you, you better be on your toes because rumors of layoffs are floating around.

You arrive at the office and stop by the restroom to make sure you look your best. You straighten your tie, and turn to head to your cube when you notice, sitting on the back of the sink, is a CD-ROM. Someone must have left this behind by accident. You pick it up and notice there is a label on it. The label reads "2005 Financials & Layoff's". You get a sinking feeling in your stomach and hurry to your desk. It looks like your associate has good reasons for concern, and you're about to find out for your self.

And The "Social Engineering" Game Is In Play:

People Are The Easiest Target
--------------------------------------------
You make it to your desk and insert the CD-ROM. You find several files on the CD, including a spreadsheet which you quickly open. The spreadsheet contains a list of employee names, start dates, salaries, and a note field that says "Release" or "Retain". You quickly search for your name but cannot find it. In fact, many of the names don't seem familiar. Why would they, this is pretty large company, you don't know everyone. Since your name is not on the list you feel a bit of relief. It's time to turn this over to your boss. Your boss thanks you and you head back to your desk. You have just become a victim of social engineering.

When Did I Become a Victim of Social Engineering?
--------------------------------------------
Ok, let's take a step back in time. The CD you found in the restroom, it was not left there by accident. It was strategically placed there by me, or one of my employees. You see, my firm has been hired to perform a Network Security Assessment on your company. In reality, we've been contracted to hack into your company from the Internet and have been authorized to utilize social engineering techniques.

The spreadsheet you opened was not the only thing executing on your computer. The moment you open that file you caused a script to execute which installed a few files on your computer. Those files were designed to call home and make a connection to one of our servers on the Internet. Once the connection was made the software on our servers responded by pushing (or downloading) several software tools to your computer. Tools designed to give us complete control of your computer. Now we have a platform, inside your company's network, where we can continue to hack the network. And, we can do it from inside without even being there.

This is what we call a 180 degree attack. Meaning, we did not have to defeat the security measures of your company's firewall from the Internet. You took care of that for us. Many organizations give their employees unfettered access (or impose limited control) to the Internet. Given this fact, we devised a method for attacking the network from within with the explicit purpose of gaining control of a computer on the private network. All we had to do is get someone inside to do it for us - Social Engineering! What would you have done if you found a CD with this type of information on it?

What Does It Mean to Be "Human"
--------------------------------------------
As human beings we are pretty bad at evaluating risk. Self preservation, whether it be from physical danger or any other event that could cause harm, like the loss of a job or income, is a pretty strong human trait. The odd thing is, we tend to worry about things that are not likely to happen. Many people think nothing of climbing a 12 foot ladder to replace an old ceiling fan (sometimes doing so with the electricity still on), but fear getting on a plane. You have a better chance severely inuring yourself climbing a ladder than you do taking a plane ride.

This knowledge gives the social engineer the tools needed to entice another person to take a certain course of action. Because of human weaknesses, inability to properly assess certain risk, and need to believe most people are good, we are an easy target.

In fact, chances are you have been a victim of social engineering many times during the course of your life. For instance, it is my opinion that peer pressure is a form of social engineering. Some of the best sales people I've known are very effective social engineers. Direct marketing can be considered a form of social engineering. How many times have you purchased something only to find out you really did not need it? Why did you purchase it? Because you were lead to believe you must.

Conclusion
--------------------------------------------
Defining The Term "Social Engineering": In the world of computers and technology, social engineering is a technique used to obtain or attempt to obtain secure information by tricking an individual into revealing the information. Social engineering is normally quite successful because most targets (or victims) want to trust people and provide as much help as possible. Victims of social engineering typically have no idea they have been conned out of useful information or have been tricked into performing a particular task.

The main thing to remember is to rely on common sense. If some one calls you asking for your login and password information and states they are from the technical department, do not give them the information. Even if the number on your phone display seems to be from within your company. I can't tell you how many times we have successfully used that technique. A good way of reducing your risk of becoming a victim of social engineering is to ask questions. Most hackers don't have time for this and will not consider someone who asks questions an easy target.

About The Author
----------------
Darren Miller is an Industry leading computer and internet security consultant. At the website - http://www.defendingthenet.com you will find information about computer security specifically design to assist home, home office, and small business computer users. Sign up for defending the nets newsletter and become empowered to stay safe on the Internet. You can reach Darren at darren.miller@paralogic.net or at defendthenet@paralogic.net

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

ZDNet

​Seven cloud vendors lining up for government security clearance
ZDNet
The Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC) have revealed there are currently seven cloud providers undertaking certification that would allow them to provide cloud services to federal government entities.


CNBC

Europeans are giving Trump a defiant runaround on trade and security
CNBC
As a presidential candidate, Donald Trump began telling the Europeans in 2015 that they had to: (a) cut their systematic and excessive trade surpluses with the U.S., (b) eliminate discriminatory trade rules and practices to open up markets for American ...
Globalised business is a US security issueFinancial Times

all 1,295 news articles »

Cointelegraph

Crypto Wallets Security: Explained
Cointelegraph
Notify the company - it's possible you are not the only one - and review your wallet and PC/smartphone security, if it has significant flaws. Although if you kept your coins at a crypto exchange wallet and that exchange was hacked, there is a ...


Daily Beast

Russia Hawk Axed From National Security Council Right Before Trump-Putin Summit
Daily Beast
The circumstances of retired Army Colonel Richard Hooker's departure from the National Security Council on June 29 are in dispute. It's not clear whether Hooker was forced out or if his detail on the NSC came to its natural end. But what's not in doubt ...


Department of Defense

Mattis Commends Norway's Commitment to Global Peace, Security
Department of Defense
Defense Secretary James N. Mattis hailed the strong bond between the United States and Norway and commended the Nordic nation for its commitment to global peace and security in Oslo, Norway, yesterday. Defense Secretary James N. Mattis shakes ...

and more »

CSO Australia

To achieve strong IT security, embrace a framework strategy
CSO Australia
As well as the constantly evolving threat landscape, IT security teams must also work through an increasingly complex mix of security products and services. With established players extending their offerings and new vendors constantly appearing ...


Northwest Georgia News

FCSO and partners offer church safety and security summit
Northwest Georgia News
Sheriff Tim Burkhalter and the Floyd County Sheriff's Office have partnered with a number of non-profit organizations and local businesses to provide a free Church Safety and Security Summit on Aug. 25, from 8 a.m. to 3 p.m. For the last several years ...


Forbes

Google Roundup: Eight New Features Plus A Major Security ...
Forbes
Google was busy this week with upgrades and new features for its apps and devices, and a major security update for the Chrome browser. Here are some of the ...
Use caller ID & spam protection - Phone app Help - Google SupportGoogle Support

all 69 news articles »

KLAS-TV

Mob Museum hosts home security forum
KLAS-TV
LAS VEGAS - Today the Mob Museum teamed up with Metro Police to teach the valley more about home security. Officers explained keeping criminals out of your home can be as simple as leaving a light on and locking your doors. They also brought up some ...

and more »
Google News

How to Fight Spyware

If you are wondering how to fight spyware for safe... Read More

Delete Cookies: New-Age Diet or Common Sense Internet Security?

No, this article isn't about some new, lose-20-pounds-in-a-week, certified-by-some-tan-Southern-California-doctor diet.... Read More

8 Surefire Ways to Spot an E-Mail Identity Theft Scam!

The E-Mail Identity Theft Scam is running Rampant. These E-Mail... Read More

Network Security 101

As more people are logging onto the Internet everyday, Network... Read More

Is The Internet Over Regulated

Today's Internet or World Wide Web is being over regulated.But,... Read More

A Personal Experience with Identity Theft

Some months ago, before there was much publicity regarding phishing... Read More

Why you Must Secure your Digital Product and Thank You Web Page

A couple of years back, I paid my dues the... Read More

The Attack of the Advertiser - Spy Mother Spy

The menacing campaigns that drive the corporate spyware and adware... Read More

Pharming - Another New Scam

Pharming is one of the latest online scams and rapidly... Read More

Can I Guess Your Password?

We all know that it's dangerous to use the same... Read More

Ransom Trojan Uses Cryptography for Malicious Purpose

Every day millions of people go online to find information,... Read More

Criminals are Fishing For Your Identity

What is Phishing? In a typical Phishing attack, a criminal... Read More

Everything You Need To Know About Spyware and Malware

You are at your computer, checking out software on EBay.... Read More

How to Get Rid of New Sobig.F Virus?

As you know, this time the virus under the name... Read More

How To Clean the Spies In Your Computer?

Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer... Read More

I Spy...Something Terribly Wrong (In Your Computer)

This really chapped my lips...I recently bought a new computer.... Read More

Hacked: Who Else Is Using Your Computer?

A friend called me one day and asked if I... Read More

Computer-Virus Writers: A Few Bats In The Belfry?

"Male. Obsessed with computers. Lacking a girlfriend. Aged 14 to... Read More

Dont be a Dork ? Protect Yourself

There are folks out there who use their powers for... Read More

Phishing

Recently I have received email from my bank/credit Card Company,... Read More

Anti-Spyware Protection: Behind How-To Tips

There is no doubt that "how-to articles" have become a... Read More

Phishing: A Scary Way of Life

The Federal Bureau of Investigation has identified "phishing" as the... Read More

A Basic Introduction To Spyware

Spyware is the most troublesome software to appear on the... Read More

Another Fine Mess!

I'm in the Anti-Spyware business, and I'm doing a lot... Read More

Identity Theft ? Beware of Phishing Attacks!

"Dear Bank of the West customer", the message begins. I've... Read More