| |
| |
|
Security Information |
|
|
|
Social Engineering: You Have Been A Victim
Monday morning, 6am; the electric rooster is telling you it's time to start a new work week. A shower, some coffee, and you're in the car and off. On the way to work you're thinking of all you need to accomplished this week. Then, on top of that there's the recent merger between your company and a competitor. One of your associates told you, you better be on your toes because rumors of layoffs are floating around. You arrive at the office and stop by the restroom to make sure you look your best. You straighten your tie, and turn to head to your cube when you notice, sitting on the back of the sink, is a CD-ROM. Someone must have left this behind by accident. You pick it up and notice there is a label on it. The label reads "2005 Financials & Layoff's". You get a sinking feeling in your stomach and hurry to your desk. It looks like your associate has good reasons for concern, and you're about to find out for your self. And The "Social Engineering" Game Is In Play: People Are The Easiest Target When Did I Become a Victim of Social Engineering? The spreadsheet you opened was not the only thing executing on your computer. The moment you open that file you caused a script to execute which installed a few files on your computer. Those files were designed to call home and make a connection to one of our servers on the Internet. Once the connection was made the software on our servers responded by pushing (or downloading) several software tools to your computer. Tools designed to give us complete control of your computer. Now we have a platform, inside your company's network, where we can continue to hack the network. And, we can do it from inside without even being there. This is what we call a 180 degree attack. Meaning, we did not have to defeat the security measures of your company's firewall from the Internet. You took care of that for us. Many organizations give their employees unfettered access (or impose limited control) to the Internet. Given this fact, we devised a method for attacking the network from within with the explicit purpose of gaining control of a computer on the private network. All we had to do is get someone inside to do it for us - Social Engineering! What would you have done if you found a CD with this type of information on it? What Does It Mean to Be "Human" This knowledge gives the social engineer the tools needed to entice another person to take a certain course of action. Because of human weaknesses, inability to properly assess certain risk, and need to believe most people are good, we are an easy target. In fact, chances are you have been a victim of social engineering many times during the course of your life. For instance, it is my opinion that peer pressure is a form of social engineering. Some of the best sales people I've known are very effective social engineers. Direct marketing can be considered a form of social engineering. How many times have you purchased something only to find out you really did not need it? Why did you purchase it? Because you were lead to believe you must. Conclusion The main thing to remember is to rely on common sense. If some one calls you asking for your login and password information and states they are from the technical department, do not give them the information. Even if the number on your phone display seems to be from within your company. I can't tell you how many times we have successfully used that technique. A good way of reducing your risk of becoming a victim of social engineering is to ask questions. Most hackers don't have time for this and will not consider someone who asks questions an easy target. About The Author
MORE RESOURCES: Homeland Security Department to Release New A.I. Guidance The New York Times Officials detail increased D.C. security for certification, inauguration The Washington Post Nuclear power for military bases will increase our national security Breaking Defense U.S. ambassador bashes Mexico’s security efforts. Mexico’s president pushes back - Los Angeles Times Homeland Security Department releases framework for using AI in critical infrastructure The Associated Press New 'spectral fingerprint' atlas of satellites aims to improve space security University of Arizona News Opinion | Trump’s national security wrecking crew The Washington Post ‘Never trust, always verify’: The zero trust approach to network security United States Army Brief altercation between fans mars France-Israel soccer match despite heavy security The Associated Press St. Francis Seraph hires security guards for Christmas, Nativity display visitors as crowds still plague area WCPO 9 Cincinnati Trump’s National Security Team Keeps Getting More Extreme The New Republic Video: How The Fortinet Security Fabric Is Combatting Cybersecurity Threats And Talent Shortage Channel Insider The Fastest Airport Security Line You Don’t Know About The Wall Street Journal The campus will be closed to anyone who is not a student, faculty or staff member. WVTM13 Birmingham Tuskegee president releases security updates following shooting WIAT - CBS42.com Do Titans QB, Coach Have Job Security? Sports Illustrated Inside The 2024 Security Benchmark Report Security Magazine Your favorite security leadership podcasts Security Magazine The UN cybercrime convention threatens security research. The US should do something about it CyberScoop 3rd Annual U.S.-Mexico Defense and Security Roundtable smallwarsjournal France draws with Israel in high-security operation to reach Nations League quarterfinals with Italy The Associated Press Endpoint Security from BlackBerry BlackBerry Tuskegee University Shifts Security, Facilities Leadership Tuskegee University An Interview With the Target & Home Depot Hacker Krebs on Security Akamai: 84% of security professionals experienced an API security incident in the past year SecurityInfoWatch ESA opens registration for 2024 Town Hall Broadcast SecurityInfoWatch ‘We’re just a target’: Pickleball players call for more security Camas Washougal Post Record Trump names Florida’s Rep. Mike Waltz as national security adviser Nebraska Examiner Mexican Officials Arrest Top Security Official in Mayor’s Beheading The New York Times New infosec products of the week: November 15, 2024 Help Net Security Linn County’s Food for Health pilot program aims to improve food security, support local economy KEZI TV Tom Homan, Trump’s ‘Border Czar,’ on Border Security The New York Times South Florida campus security officer arrested after attempting to meet minor for sex WPBF West Palm Beach Microsoft Patch Tuesday, November 2024 Edition Krebs on Security Silverfort Buys Rezonate to Fortify Identity Security Muscle BankInfoSecurity.com Trump Picks Kristi Noem for Homeland Security Secretary The New York Times Rand Paul Will Continue His COVID-19 Investigations From Atop the Senate Homeland Security Committee Reason NIST report on hardware security risks reveals 98 failure scenarios Help Net Security Lamar CISD invests in safety, security amid rapid growth Community Impact Mexico’s ‘hugs, not bullets’ security strategy has failed, says US Ambassador Ken Salazar Mexico News Daily Who Is Michael Waltz, Trump’s Pick to Be National Security Adviser? The New York Times |
|
|
|
RELATED ARTICLES
Avoid Internet Theft, Fraud and Phishing Since its birth, the Internet has grown and expanded to unprecedented, unmanageable proportions. Information, software, news, and much more flow freely through its twisted pathways. Ransom Trojan Uses Cryptography for Malicious Purpose Every day millions of people go online to find information, to do business, to have a good time. Alas, some people go there to commit crimes as well. From Spyware with Love! It's late. You've been scouring the web for that perfect present for your Aunt Bess in Idaho. Preventing Online Identity Theft Identity theft is one of the most common criminal acts in society today. Criminals will use your personal information such as banking accounts and passwords, to pretend that they are you. 3 Pervasive Phishing Scams Scams involving email continue to plague consumers across America, indeed the world. These so called "phishing" scams involve "spoofed" emails meant to draw the unwary to bogus internet sites masquerading as legitimate sites. 8 Surefire Ways to Spot an E-Mail Identity Theft Scam! The E-Mail Identity Theft Scam is running Rampant. These E-Mail Scam artists will go to great lengths to Get Your Bank Account information and Steal your Identity. Adware and Spyware: The Problems and Their Solutions The Threat10 years ago you could probably have run no Internet security applications and still have come out after a browse of the Internet with a virus and malware free computer, but this situation is no longer apparent. Several years ago, before I knew of the dangers of the Internet, I had absolutely no spyware or adware protection. How To Clean the Spies In Your Computer? Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer Browser Helper Object used to show advertising.Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!VariantsBookedSpace/Remanent : early variant (around July 2003) with filename rem00001. Phishing and Pharming: Dangerous Scams As soon as almost all computer users already got used to -- or at least heard about -- the word "phishing", another somewhat confusing word appeared not long ago. Pharming. The Top Twelve Threats No Computer User Should Ignore The internet is undoubtedly a fantastic resource for families and offers a rich vein of educational content.However, there are potential dangers - welcome to the seedy world of viruses, spam, trojans, pornography, spyware and other nasties. Lets Talk About Antivirus Software! Nowadays more and more people are using a computer. A lot of them use it at their work place, but an increasing number of computer users have also discovered the need to have a computer at home. Secrets On Security: A Gentle Introduction To Cryptography Let us take the example of scrambling an egg. First, crack the shell, pour the contents into a bowl and beat the contents vigorously until you achieved the needed result - well, a scrambled egg. Instant Messaging - Expressway for Identity Theft, Trojan Horses, Viruses, and Worms Never before with Instant Messaging (IM) has a more vital warning been needed for current and potential IM buddies who chat on line.John Sakoda of IMlogic CTO and Vice President of Products stated that,"IM viruses and worms are growing exponentially. Firewalls: What They Are And Why You MUST Have One! A firewall is a system or gateway that prevents unauthorized access to your computer or private network. It is usually the first line of defense in protecting your private information or data. Identity Theft -- 10 Simple Ways to Protect Your Good Name! Identity Theft is one of the most serious problems facing Internet users. Identity Theft is exactly as the name states -- someone steals your Identity and commits fraud in your name. 40 Million People Hacked - YOU as Identity Theft Victim Saturday, MasterCard blamed a vendor of ALL credit cardproviders called CardSystems Solutions, Inc., a third-partyprocessor of payment card data, as the source of loss of 40million consumers credit card information. The Risk Of Electronic Fraud & Identity Theft Electronic Fraud and Identity Theft-----------------------------------Human beings are pretty sensible when presented with an imminent threat or risk. That is, if it's staring us directly in the face. Free Spyware Removal - Its Not As Easy As It Sounds Nobody wants to pay to remove spyware. At the very least, I don't. SPYWARE - Whos Watching Who? I am in the midst of Oscar Wilde's The Picture of Dorian Gray. "The basis of optimism is sheer terror. What Every Internet Marketer Should Know About Spyware If you run any type of Internet business, Adware and Spyware can be a very serious issue. These programs hide themselves on your computer and do all sorts of annoying and potentially dangerous things.
|
| home | site map |
| © 2006 |