written by Chris Griesemer
Social Engineering is generally described as hackers tricking people into giving up information that would greatly increase the chance to gain entry into a locked information system, network or physical structure.
When we think of hacking you may imagine a person tapping away at his computer trying to break through a firewall in order to gain access to a company’s server. What people don’t understand is the majority of hacking attempts started with information gained through social engineering. Let’s take a look at some basic social engineering techniques.
Phishing scams are typically done by someone sending emails to a group of people in attempt to gain personal information. Sometimes website links are added to the email trying to get the user to click on the link. The link will take the user to a website that looks like a legitimate business, trying to further lower the user’s suspicions so he/she will start entering personal information.
It seems like this would be a very technical procedure that might involve programming and web page design but surprising there are services out there that will do all of this for you. You sign up for their service, put your list of user emails in their system and they will send the phishing email and track how many users will give up personal information, how many will just click on the link and how many will delete the email.
Pretexting is when an attacker puts forth a false scenario they can use to help steal their victim’s personal information. An example would be pretending to work for an IT business and convinces a company’s security staff into letting them into the building.
According to the Washington Post, scammers impersonating representatives from a modeling agency and escort service, created fake background stories and interview questions in an attempt to con women and teenage girls to send inappropriate pictures.
Baiting is a social engineering scheme that promises an item or good that will then be used to help gather personal information. For example, Steve Stasiukonis, VP and founder of Secure Network Technologies, Inc., performed a baiting experiment by planting dozens of USBs with a Trojan virus over the parking lot of a business. Some of the employees picked up the USBs and when they plugged them into their computer, a keylogging program was executed and Steve was able to obtain usernames and passwords of the users.
How to Protect Yourself
If you have questions or need more information, please don’t hesitate to contact Chris Griesemer at The Whitlock Company 417-881-0145.
More details and information via http://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/