Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/a26f9f83/public_html/articles/includes/config.php on line 159
Social Engineering: You Have Been A Victim > NetSparsh - Viral Content you Love & Share

Social Engineering: You Have Been A Victim

Monday morning, 6am; the electric rooster is telling you it's time to start a new work week. A shower, some coffee, and you're in the car and off. On the way to work you're thinking of all you need to accomplished this week. Then, on top of that there's the recent merger between your company and a competitor. One of your associates told you, you better be on your toes because rumors of layoffs are floating around.

You arrive at the office and stop by the restroom to make sure you look your best. You straighten your tie, and turn to head to your cube when you notice, sitting on the back of the sink, is a CD-ROM. Someone must have left this behind by accident. You pick it up and notice there is a label on it. The label reads "2005 Financials & Layoff's". You get a sinking feeling in your stomach and hurry to your desk. It looks like your associate has good reasons for concern, and you're about to find out for your self.

And The "Social Engineering" Game Is In Play:

People Are The Easiest Target
--------------------------------------------
You make it to your desk and insert the CD-ROM. You find several files on the CD, including a spreadsheet which you quickly open. The spreadsheet contains a list of employee names, start dates, salaries, and a note field that says "Release" or "Retain". You quickly search for your name but cannot find it. In fact, many of the names don't seem familiar. Why would they, this is pretty large company, you don't know everyone. Since your name is not on the list you feel a bit of relief. It's time to turn this over to your boss. Your boss thanks you and you head back to your desk. You have just become a victim of social engineering.

When Did I Become a Victim of Social Engineering?
--------------------------------------------
Ok, let's take a step back in time. The CD you found in the restroom, it was not left there by accident. It was strategically placed there by me, or one of my employees. You see, my firm has been hired to perform a Network Security Assessment on your company. In reality, we've been contracted to hack into your company from the Internet and have been authorized to utilize social engineering techniques.

The spreadsheet you opened was not the only thing executing on your computer. The moment you open that file you caused a script to execute which installed a few files on your computer. Those files were designed to call home and make a connection to one of our servers on the Internet. Once the connection was made the software on our servers responded by pushing (or downloading) several software tools to your computer. Tools designed to give us complete control of your computer. Now we have a platform, inside your company's network, where we can continue to hack the network. And, we can do it from inside without even being there.

This is what we call a 180 degree attack. Meaning, we did not have to defeat the security measures of your company's firewall from the Internet. You took care of that for us. Many organizations give their employees unfettered access (or impose limited control) to the Internet. Given this fact, we devised a method for attacking the network from within with the explicit purpose of gaining control of a computer on the private network. All we had to do is get someone inside to do it for us - Social Engineering! What would you have done if you found a CD with this type of information on it?

What Does It Mean to Be "Human"
--------------------------------------------
As human beings we are pretty bad at evaluating risk. Self preservation, whether it be from physical danger or any other event that could cause harm, like the loss of a job or income, is a pretty strong human trait. The odd thing is, we tend to worry about things that are not likely to happen. Many people think nothing of climbing a 12 foot ladder to replace an old ceiling fan (sometimes doing so with the electricity still on), but fear getting on a plane. You have a better chance severely inuring yourself climbing a ladder than you do taking a plane ride.

This knowledge gives the social engineer the tools needed to entice another person to take a certain course of action. Because of human weaknesses, inability to properly assess certain risk, and need to believe most people are good, we are an easy target.

In fact, chances are you have been a victim of social engineering many times during the course of your life. For instance, it is my opinion that peer pressure is a form of social engineering. Some of the best sales people I've known are very effective social engineers. Direct marketing can be considered a form of social engineering. How many times have you purchased something only to find out you really did not need it? Why did you purchase it? Because you were lead to believe you must.

Conclusion
--------------------------------------------
Defining The Term "Social Engineering": In the world of computers and technology, social engineering is a technique used to obtain or attempt to obtain secure information by tricking an individual into revealing the information. Social engineering is normally quite successful because most targets (or victims) want to trust people and provide as much help as possible. Victims of social engineering typically have no idea they have been conned out of useful information or have been tricked into performing a particular task.

The main thing to remember is to rely on common sense. If some one calls you asking for your login and password information and states they are from the technical department, do not give them the information. Even if the number on your phone display seems to be from within your company. I can't tell you how many times we have successfully used that technique. A good way of reducing your risk of becoming a victim of social engineering is to ask questions. Most hackers don't have time for this and will not consider someone who asks questions an easy target.

About The Author
----------------
Darren Miller is an Industry leading computer and internet security consultant. At the website - http://www.defendingthenet.com you will find information about computer security specifically design to assist home, home office, and small business computer users. Sign up for defending the nets newsletter and become empowered to stay safe on the Internet. You can reach Darren at darren.miller@paralogic.net or at defendthenet@paralogic.net

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

Reuters

From reality TV to UN, Trump to wield Security Council gavel
Reuters
UNITED NATIONS (Reuters) - He has chaired board meetings, cabinet meetings and starred in a reality television show, but on Wednesday U.S. President Donald Trump will wield the gavel in the United Nations Security Council to denounce Iran for what it ...
Cue fireworks as 'lord of misrule' Donald Trump chairs UN security councilThe Guardian

all 252 news articles »

Bolstering Security Ahead Of Midterm Elections
NPR
With the clock ticking down to November 6, election officials around the country are urgently working to make sure this year's midterms are secure. One way they're doing that is by making sure their computer systems aren't vulnerable to hackers. In ...

and more »

Santa Fe New Mexican

Santa Fe schools looking for holes in security
Santa Fe New Mexican
As public schools nationwide beef up security in response to school shootings, including a deadly incident in Aztec in December, the security chief at the Santa Fe district says he's been wrangling with an array of safety issues that could make schools ...


WIRED

Security News This Week: Twitter Sent User DMs to Developers by Mistake
WIRED
But otherwise, this week had surprisingly good news in the world of security! Cloudflare is embracing Google's "Roughtime" protocol to help keep the internet's clocks ticking in sync, and the Mirai botnet architects have been helping the FBI take down ...
Twitter squashes security bug leaking direct messages since 2017Digital Trends
Fixing a bug in our Account Activity API - TwitterTwitter

all 43 news articles »

Fox News

Police beef up security for UN gathering, Trump visit
Fox News
FILE- In this Sept. 17, 2017 file photo, a security team near Trump Tower looks towards high floors of nearby buildings shortly before the arrival of President Donald Trump in New York. Authorities in New York City are facing an epic security and ...
Police beef up security in NYC for UN gathering, Trump visitAuburn Citizen

all 270 news articles »

CNET

5 new Alexa security tricks to watch over your smart home
CNET
Alexa-enabled security cameras from Ring, Arlo and August, along with Amazon's own Cloud Cam indoor security camera, are getting the capability to work with the Amazon Cameras Recap API. This API allows you to view recorded video clips by saying, ...

and more »

WGN-TV

Increased security at Glenbrook South after school shooting threat
WGN-TV
GLENVIEW, Ill. — Glenbrook South students can expect increased security at their Homecoming dance Saturday after a shooting threat was reported at the high school. Principal Lauren Fagel sent a letter to parents stating that two students on Thursday ...

and more »

South China Morning Post

All eyes on Donald Trump as UN Security Council prepares to discuss North Korea and Iran
South China Morning Post
“The members of the Security Council are not going to take kindly to being lectured by President Trump on the subject of Iran,” said DiMaggio. “These very countries, which include our closest allies, are now facing US sanctions as they scramble to save ...

and more »

New York Times

Billionaire Backer of Maria Butina Had Russian Security Ties
New York Times
An oligarch who helped finance a Russian gun rights activist accused of infiltrating American conservative circles has been a discreet source of funds for business ventures useful to the Russian military and security services, according to documents ...

and more »

Spectrum News

Find out how security is changing for Rochester football games
Spectrum News
New security measures took effect this weekend for the first time after a series of fights at last week's Wilson-East high school football game in Rochester. “What happened last week was a tragedy," Daren Floyd said, who's nephew plays for Wilson. "It ...
Stricter security measures rolled out at high school games in wake of brawls13WHAM-TV

all 5 news articles »
Google News

Secure Your PC From Hackers, Viruses, and Trojans

Viruses, Trojans and Spyware: Protecting yourself.No user on the internet... Read More

Are They Watching You Online?

When surfing the Internet you probably take your anonymity for... Read More

Spyware Attacks! Windows Safe Mode is No Longer Safe

Many of us have run into an annoying and time-consuming... Read More

How to Prevent Online Identity Theft

Identity theft rates one of the fastest growing crimes in... Read More

Computer Viruses and Other Nasties: How to Protect Your Computer from These Invaders

Can you protect your computer from all possible viruses and... Read More

Computer Security

What is computer security? Computer security is the process of... Read More

The Bad Guys Are Phishing For Your Personal Information

Do you know what "phishing" is?No, it doesn't mean you... Read More

Hacked: Who Else Is Using Your Computer?

A friend called me one day and asked if I... Read More

How To Be Your Own Secret Service Agency

So you want to know who your kids are chatting... Read More

Message Board Security Problems

Security leaks can be a big problem for any site... Read More

If You Sell Anything Online Your ePockets Are Being Picked

You and I are a lot alike. We are both... Read More

How Free Scripts Can Create Security Problems

With the Internet entering our lives in such an explosive... Read More

Protection for Your PC - Painless and Free!

Viruses, Bugs, Worms, Dataminers, Spybots, and Trojan horses. The Internet... Read More

3 Things You Must Know About Spyware

1)Spyware is on your system. Like it or not, statistically... Read More

Is Spyware Watching You?

Imagine my surprise when I received a phone call from... Read More

How To Give Away Your Personal Information

Identity Theft and Your Personal Information -------------------------------------------- Identity theft is... Read More

Internet Scams: Dont be a Victim

As the number of people using the Internet as an... Read More

The Importance of Protecting Your PC from Viruses and Spam

Today the internet is a mine field of malicious code... Read More

Wireless Network Security

Working from home has its advantages, including no commute, a... Read More

HackAttack

P C. owners are constantly at risk from attacks by... Read More

A Basic Introduction To Spyware

Spyware is the most troublesome software to appear on the... Read More

Securing Your Accounts With Well-Crafted Passwords

In the past I've never really paid much attention to... Read More

Don?t Become An Identity Fraud Statistic!

"You've just won a fabulous vacation or prize package! Now,... Read More

Information Security for E-businessmen: Just a Couple of Ideas

If you constantly deal with bank or electronic accounts, it... Read More

Why you Must Secure your Digital Product and Thank You Web Page

A couple of years back, I paid my dues the... Read More