| |
| |
|
Security Information |
|
|
|
Social Engineering: You Have Been A Victim
Monday morning, 6am; the electric rooster is telling you it's time to start a new work week. A shower, some coffee, and you're in the car and off. On the way to work you're thinking of all you need to accomplished this week. Then, on top of that there's the recent merger between your company and a competitor. One of your associates told you, you better be on your toes because rumors of layoffs are floating around. You arrive at the office and stop by the restroom to make sure you look your best. You straighten your tie, and turn to head to your cube when you notice, sitting on the back of the sink, is a CD-ROM. Someone must have left this behind by accident. You pick it up and notice there is a label on it. The label reads "2005 Financials & Layoff's". You get a sinking feeling in your stomach and hurry to your desk. It looks like your associate has good reasons for concern, and you're about to find out for your self. And The "Social Engineering" Game Is In Play: People Are The Easiest Target When Did I Become a Victim of Social Engineering? The spreadsheet you opened was not the only thing executing on your computer. The moment you open that file you caused a script to execute which installed a few files on your computer. Those files were designed to call home and make a connection to one of our servers on the Internet. Once the connection was made the software on our servers responded by pushing (or downloading) several software tools to your computer. Tools designed to give us complete control of your computer. Now we have a platform, inside your company's network, where we can continue to hack the network. And, we can do it from inside without even being there. This is what we call a 180 degree attack. Meaning, we did not have to defeat the security measures of your company's firewall from the Internet. You took care of that for us. Many organizations give their employees unfettered access (or impose limited control) to the Internet. Given this fact, we devised a method for attacking the network from within with the explicit purpose of gaining control of a computer on the private network. All we had to do is get someone inside to do it for us - Social Engineering! What would you have done if you found a CD with this type of information on it? What Does It Mean to Be "Human" This knowledge gives the social engineer the tools needed to entice another person to take a certain course of action. Because of human weaknesses, inability to properly assess certain risk, and need to believe most people are good, we are an easy target. In fact, chances are you have been a victim of social engineering many times during the course of your life. For instance, it is my opinion that peer pressure is a form of social engineering. Some of the best sales people I've known are very effective social engineers. Direct marketing can be considered a form of social engineering. How many times have you purchased something only to find out you really did not need it? Why did you purchase it? Because you were lead to believe you must. Conclusion The main thing to remember is to rely on common sense. If some one calls you asking for your login and password information and states they are from the technical department, do not give them the information. Even if the number on your phone display seems to be from within your company. I can't tell you how many times we have successfully used that technique. A good way of reducing your risk of becoming a victim of social engineering is to ask questions. Most hackers don't have time for this and will not consider someone who asks questions an easy target. About The Author
MORE RESOURCES: Opinion | What Happens When There’s a Real National Security Crisis? The New York Times AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock The Hacker News Trump moves to fire several national security officials deemed insufficiently loyal, AP sources say Star Tribune Trump fires NSC officials a day after far-right activist raises concerns to him about staff loyalty AP News Trump ousts members of National Security Council staff The Washington Post Trump fires national security officials after far-right activist Laura Loomer urged him to in meeting – report The Guardian NCS⁴ Announces 16th Annual National Sports Safety and Security Conference & Exhibition Agenda The University of Southern Mississippi Advisory warns of fast flux national security threat, urges action to protect critical infrastructure Industrial Cyber Lebanon-Syria Border Talks Can Restrain Hezbollah and Boost Security The Washington Institute Trump fires national security officials after Laura Loomer ‘excoriated’ them in Oval Office meeting AL.com Trump Moves to Fire Several National Security Officials Deemed Insufficiently Loyal, AP Sources Say Military.com Utimaco Launches Post Quantum Security App Package The Quantum Insider Trump fired at least one national security aide following pressure from far-right activist Laura Loomer NBC Los Angeles Homeland Security Investigations expects more victims in Bartow Co. labor trafficking case Atlanta News First Congo War Security Review, April 3, 2025 Critical Threats House Democrats to head to U.S.-Mexico border in California to scrutinize Trump security policies Fox News IDF, Israel Police ignored all security dangers leading to Nova festival massacre The Jerusalem Post Observers say IDF abandoned Gaza border outpost in 12-hour security lapse The Jerusalem Post Trump purges national security team after meeting conspiracist Nonstop Local News Apple Head of Global Security found not guilty in bribery trial tied to concealed gun permits NBC Bay Area Trump moves to fire several national security officials over concerns they’re not loyal: AP sources knopnews2.com Commission presents a European internal security strategy European Commission Annual Assessment Lists Primary Threats to U.S. National Security AFCEA International Ivanti patches Connect Secure zero-day exploited since mid-March BleepingComputer Netanyahu says Israel will establish a new security corridor across Gaza to pressure Hamas - AP News Senate GOP's blueprint for Trump's 'big, beautiful' agenda includes tax cuts, border security and more — here's what's inside New York Post White House National Security Officials Fired, Sources Say, in Trump's First Purge U.S. News & World Report Trump's national security adviser reportedly used his personal Gmail account to do government work TechCrunch DHS arrests man in McKinney accused of making terroristic threats against Homeland Security Secretary, ICE NBC 5 Dallas-Fort Worth Wayne Board of Education President Don Pavlak, Provides Update on School Security Measures - TAPinto ISC West 2025 Show Floor Spotlight: BOSCH SECURITY AND SAFETY SYSTEMS Security Info Watch Trump Fires Three White House National Security Officials WBZ NewsRadio 1030 Trump said to fire several National Security Council officials The Times of Israel Oracle's masterclass in breach comms: Deny, deflect, repeat theregister.com |
|
|
|
RELATED ARTICLES
Avoid Internet Theft, Fraud and Phishing Since its birth, the Internet has grown and expanded to unprecedented, unmanageable proportions. Information, software, news, and much more flow freely through its twisted pathways. Ransom Trojan Uses Cryptography for Malicious Purpose Every day millions of people go online to find information, to do business, to have a good time. Alas, some people go there to commit crimes as well. From Spyware with Love! It's late. You've been scouring the web for that perfect present for your Aunt Bess in Idaho. Preventing Online Identity Theft Identity theft is one of the most common criminal acts in society today. Criminals will use your personal information such as banking accounts and passwords, to pretend that they are you. 3 Pervasive Phishing Scams Scams involving email continue to plague consumers across America, indeed the world. These so called "phishing" scams involve "spoofed" emails meant to draw the unwary to bogus internet sites masquerading as legitimate sites. 8 Surefire Ways to Spot an E-Mail Identity Theft Scam! The E-Mail Identity Theft Scam is running Rampant. These E-Mail Scam artists will go to great lengths to Get Your Bank Account information and Steal your Identity. Adware and Spyware: The Problems and Their Solutions The Threat10 years ago you could probably have run no Internet security applications and still have come out after a browse of the Internet with a virus and malware free computer, but this situation is no longer apparent. Several years ago, before I knew of the dangers of the Internet, I had absolutely no spyware or adware protection. How To Clean the Spies In Your Computer? Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer Browser Helper Object used to show advertising.Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!VariantsBookedSpace/Remanent : early variant (around July 2003) with filename rem00001. Phishing and Pharming: Dangerous Scams As soon as almost all computer users already got used to -- or at least heard about -- the word "phishing", another somewhat confusing word appeared not long ago. Pharming. The Top Twelve Threats No Computer User Should Ignore The internet is undoubtedly a fantastic resource for families and offers a rich vein of educational content.However, there are potential dangers - welcome to the seedy world of viruses, spam, trojans, pornography, spyware and other nasties. Lets Talk About Antivirus Software! Nowadays more and more people are using a computer. A lot of them use it at their work place, but an increasing number of computer users have also discovered the need to have a computer at home. Secrets On Security: A Gentle Introduction To Cryptography Let us take the example of scrambling an egg. First, crack the shell, pour the contents into a bowl and beat the contents vigorously until you achieved the needed result - well, a scrambled egg. Instant Messaging - Expressway for Identity Theft, Trojan Horses, Viruses, and Worms Never before with Instant Messaging (IM) has a more vital warning been needed for current and potential IM buddies who chat on line.John Sakoda of IMlogic CTO and Vice President of Products stated that,"IM viruses and worms are growing exponentially. Firewalls: What They Are And Why You MUST Have One! A firewall is a system or gateway that prevents unauthorized access to your computer or private network. It is usually the first line of defense in protecting your private information or data. Identity Theft -- 10 Simple Ways to Protect Your Good Name! Identity Theft is one of the most serious problems facing Internet users. Identity Theft is exactly as the name states -- someone steals your Identity and commits fraud in your name. 40 Million People Hacked - YOU as Identity Theft Victim Saturday, MasterCard blamed a vendor of ALL credit cardproviders called CardSystems Solutions, Inc., a third-partyprocessor of payment card data, as the source of loss of 40million consumers credit card information. The Risk Of Electronic Fraud & Identity Theft Electronic Fraud and Identity Theft-----------------------------------Human beings are pretty sensible when presented with an imminent threat or risk. That is, if it's staring us directly in the face. Free Spyware Removal - Its Not As Easy As It Sounds Nobody wants to pay to remove spyware. At the very least, I don't. SPYWARE - Whos Watching Who? I am in the midst of Oscar Wilde's The Picture of Dorian Gray. "The basis of optimism is sheer terror. What Every Internet Marketer Should Know About Spyware If you run any type of Internet business, Adware and Spyware can be a very serious issue. These programs hide themselves on your computer and do all sorts of annoying and potentially dangerous things.
|
| home | site map |
| © 2006 |