Social Engineering

Sat, Jul 11, 2009, by Ravana

Web Talk

Social engineering is the ability to manipulate people to divulge important information. One could compare it to a trick played by a confidence man..

Pre-Texting

Creating a scenario in which the victim reveals information typically over the phone. In one such scenario, a telephone call was made to an ex-bank manager asking him to reveal his online ID and the password for maintenance purposes.

Phishing

Typically a mail is sent to the victim with the mail appearing to originate from an original source requiring a password reset, credit card information, login information, ATM card number & pin. The phisher counts on the mail reaching the people who have a genuine account in a bank.

Dumpster Diving

A huge amount of information could be obtained from company dumpsters. Information that could be got from dumpsters are: organization policies, print outs of mails, company phone book, calendar  of meetings, company letterheads, outdated hardware, disks, tapes, employee records. Phone books gives the names of people to impersonate, any data can be recovered from disks, tapes, memos could contain information useful for impersonation, company letterheads to forge documents, employee records contain employee ID with their social security number which could be used in a lot of useful ways.

Online Social Engineering

Read more in Web Talk
« Top 10 Great Sites to be Addicted To
How to Improve Your Wireless Internet Connection »

Almost most of the users have a single password to every one of their mail IDs. Email could be sent to a victim asking to register with one site with the passwords to login into multiple email IDs or the in a corporate network it could appear to come from the system administrator asking for the victims password.

Combat Strategy

Never divulge any information which is personal like date of birth, mothers name, bank online login ID and password over the phone or through any media.

Never use the links which come in the emails which hit your inbox. Always, try to verify using the links which are provided to you by the bank or any of your trusted sources.

Always use your company shredder in case you discard unwanted paper, it may prove valuable to somebody once it reaches the dumpster. Shred the transaction slip after you exit the ATM.

Always use complex passwords for each of your email IDs.

In case of system administrators, it is advisable that they educate the users on social engineering periodically.

Does Technology Help?

Surrounding yourself with the best firewall, anti-virus or any other technology won’t secure a system. Your infrastructure and system is always open to manipulation from the old fashioned conman.

Image via Wikipedia

3
Liked it

, , , , , , ,

1 Comments For This Post

  1. Atikin Says:
    August 29th, 2009 at 4:46 pm

    Some nice techy words and their definitions, well written!

Leave a Reply

« Previous Article
Next Article »