| |
| |
|
Security Information |
|
|
|
Social Engineering: You Have Been A Victim
Monday morning, 6am; the electric rooster is telling you it's time to start a new work week. A shower, some coffee, and you're in the car and off. On the way to work you're thinking of all you need to accomplished this week. Then, on top of that there's the recent merger between your company and a competitor. One of your associates told you, you better be on your toes because rumors of layoffs are floating around. You arrive at the office and stop by the restroom to make sure you look your best. You straighten your tie, and turn to head to your cube when you notice, sitting on the back of the sink, is a CD-ROM. Someone must have left this behind by accident. You pick it up and notice there is a label on it. The label reads "2005 Financials & Layoff's". You get a sinking feeling in your stomach and hurry to your desk. It looks like your associate has good reasons for concern, and you're about to find out for your self. And The "Social Engineering" Game Is In Play: People Are The Easiest Target When Did I Become a Victim of Social Engineering? The spreadsheet you opened was not the only thing executing on your computer. The moment you open that file you caused a script to execute which installed a few files on your computer. Those files were designed to call home and make a connection to one of our servers on the Internet. Once the connection was made the software on our servers responded by pushing (or downloading) several software tools to your computer. Tools designed to give us complete control of your computer. Now we have a platform, inside your company's network, where we can continue to hack the network. And, we can do it from inside without even being there. This is what we call a 180 degree attack. Meaning, we did not have to defeat the security measures of your company's firewall from the Internet. You took care of that for us. Many organizations give their employees unfettered access (or impose limited control) to the Internet. Given this fact, we devised a method for attacking the network from within with the explicit purpose of gaining control of a computer on the private network. All we had to do is get someone inside to do it for us - Social Engineering! What would you have done if you found a CD with this type of information on it? What Does It Mean to Be "Human" This knowledge gives the social engineer the tools needed to entice another person to take a certain course of action. Because of human weaknesses, inability to properly assess certain risk, and need to believe most people are good, we are an easy target. In fact, chances are you have been a victim of social engineering many times during the course of your life. For instance, it is my opinion that peer pressure is a form of social engineering. Some of the best sales people I've known are very effective social engineers. Direct marketing can be considered a form of social engineering. How many times have you purchased something only to find out you really did not need it? Why did you purchase it? Because you were lead to believe you must. Conclusion The main thing to remember is to rely on common sense. If some one calls you asking for your login and password information and states they are from the technical department, do not give them the information. Even if the number on your phone display seems to be from within your company. I can't tell you how many times we have successfully used that technique. A good way of reducing your risk of becoming a victim of social engineering is to ask questions. Most hackers don't have time for this and will not consider someone who asks questions an easy target. About The Author
MORE RESOURCES: Why NHIs Are Security's Most Dangerous Blind Spot The Hacker News Inside the Fiasco at the National Security Council The Atlantic Britain Lifts Sanctions on Syrian Security Agencies The New York Times Summit on the Future of Energy Security IEA – International Energy Agency Defense Officials Outline AI's Strategic Role in National Security U.S. Department of Defense (.gov) Remarks at a UN Security Council Briefing on the Political and Humanitarian Situations in Syria United States Mission to the United Nations (.gov) He was an undercover cop and Dennis Rodman’s security guard. Now, he keeps the Phillies safe Police1 RSAC highlights security markets in transition SiliconANGLE Everything You Need to Know About the Air Defenses Protecting World Leaders at the Pope’s Funeral The Aviationist New Security Perimeter Around Mt. Kolang Gaz La Secret Nuclear Tunnel Complexes Institute for Science and International Security (ISIS) Signalgate lessons learned: If creating a culture of security is the goal, America is screwed theregister.com Remarks at a UN Security Council Briefing on Haiti United States Mission to the United Nations (.gov) Legislature should provide lobbyists with key fobs to bypass new Capitol security screening The Alaska Landmine California security firm CEO, workers charged after woman forcibly removed from Republican town hall Los Angeles Times Ukraine, allies working on security guarantees potentially similar to NATO Article 5, Zelensky says The Kyiv Independent Joint Press Statement on United States-Japan-Republic of Korea Trilateral Security Coopera U.S. Department of Defense (.gov) Punxsutawney native begins serving as special assistant in Department of Homeland Security The Courier Express National Security Commission on Emerging Biotechnology’s Final Report Includes Recommendations to Boost Economy and Protect National Security NatLawReview.com NSA targets OT cyber risks with new smart controller security standards for national security systems Industrial Cyber NSA Publishes Recommendations for Smart Controller Security Controls and Technical Require National Security Agency (.gov) Allegiant flight attendant finds bomb threat just before St. Pete-Clearwater International departure: Sheriff FOX 13 Tampa Bay Yes, You Can Take Water Through Airport Security—Here's How Travel + Leisure Get to know new security leaders at OSU-CHS Oklahoma State University Security Alert: Los Cabos and La Paz, Baja California Sur U.S. Embassy & Consulates in Mexico (.gov) Anton’s Security Blog Quarterly Q1 2025 Security Boulevard D51 security officials discuss increased assault, weapon incidents in schools The Grand Junction Daily Sentinel US House Committee subpoenas Chinese state telecoms over data privacy, national security concerns Industrial Cyber US security agency TSA seizes mobile phone charger because it looks like a Call of Duty Monkey Bomb Eurogamer Safeguarding Your Corporate Leaders Against Rising Security Threats: FP’s Guide on Executive Protection Fisher Phillips DOJ’s Data Security Program Final Rules Effective – Implications for Telecom Providers NatLawReview.com UN Security Council condemns Jammu and Kashmir terror attack Department of Political and Peacebuilding Affairs Fiesta goers can expect increased security at main events Texas Public Radio Linux 'io_uring' security blindspot allows stealthy rootkit attacks BleepingComputer Mobile Applications: A Cesspool of Security Issues Dark Reading Rome Health to install new security systems Rome Sentinel Homeland Security, Riverside County deputies raid business in Pomona FOX 11 Los Angeles Trump Should Have Stuck With Border Security, Not Mass Deportations New York Magazine ATA Transportation Security Council Recognizes Fleets American Trucking Associations How To Build A Data Center Security Strategy For 2025 And Beyond CybersecurityNews Palestinian supporters confront far-right Israeli security minister as he leaves an event near Yale CNN Two state officials follow Noem to Homeland Security; Rhoden names new tribal relations head South Dakota Searchlight Local Advocates, Officials and Faith Leaders Speak Out Against Homeland Security Letter Falsely Telling Thousands They Must Leave US River Journal Online Security guard takedown exposes questions over $11 million contract with Metro Transit 5 EYEWITNESS NEWS Footage Reveals New York-To-Paris Delta Flight Stowaway Getting Through Airport Security Travel Noire King County Security Tips – “Google” yourself kcemployees.com Court grants NM Tech student temporary restraining order against Homeland Security Source New Mexico Exploding Cargo. Hacked GPS Devices. Spoofed Coordinates. Inside New Security Threats in the Skies. Vanity Fair Our National Debt is a Security Threat HubCitySPOKES Department of Homeland Security points to another agency when asked about court-barred deportations AP News Hyosung Urges Operators of All ATMs to Follow Previous Security Guidance Due to Large-Scale Cyberattacks Business Wire Temple University stepping up security after several students assaulted near campus last week CBS News |
|
|
|
RELATED ARTICLES
Avoid Internet Theft, Fraud and Phishing Since its birth, the Internet has grown and expanded to unprecedented, unmanageable proportions. Information, software, news, and much more flow freely through its twisted pathways. Ransom Trojan Uses Cryptography for Malicious Purpose Every day millions of people go online to find information, to do business, to have a good time. Alas, some people go there to commit crimes as well. From Spyware with Love! It's late. You've been scouring the web for that perfect present for your Aunt Bess in Idaho. Preventing Online Identity Theft Identity theft is one of the most common criminal acts in society today. Criminals will use your personal information such as banking accounts and passwords, to pretend that they are you. 3 Pervasive Phishing Scams Scams involving email continue to plague consumers across America, indeed the world. These so called "phishing" scams involve "spoofed" emails meant to draw the unwary to bogus internet sites masquerading as legitimate sites. 8 Surefire Ways to Spot an E-Mail Identity Theft Scam! The E-Mail Identity Theft Scam is running Rampant. These E-Mail Scam artists will go to great lengths to Get Your Bank Account information and Steal your Identity. Adware and Spyware: The Problems and Their Solutions The Threat10 years ago you could probably have run no Internet security applications and still have come out after a browse of the Internet with a virus and malware free computer, but this situation is no longer apparent. Several years ago, before I knew of the dangers of the Internet, I had absolutely no spyware or adware protection. How To Clean the Spies In Your Computer? Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer Browser Helper Object used to show advertising.Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!VariantsBookedSpace/Remanent : early variant (around July 2003) with filename rem00001. Phishing and Pharming: Dangerous Scams As soon as almost all computer users already got used to -- or at least heard about -- the word "phishing", another somewhat confusing word appeared not long ago. Pharming. The Top Twelve Threats No Computer User Should Ignore The internet is undoubtedly a fantastic resource for families and offers a rich vein of educational content.However, there are potential dangers - welcome to the seedy world of viruses, spam, trojans, pornography, spyware and other nasties. Lets Talk About Antivirus Software! Nowadays more and more people are using a computer. A lot of them use it at their work place, but an increasing number of computer users have also discovered the need to have a computer at home. Secrets On Security: A Gentle Introduction To Cryptography Let us take the example of scrambling an egg. First, crack the shell, pour the contents into a bowl and beat the contents vigorously until you achieved the needed result - well, a scrambled egg. Instant Messaging - Expressway for Identity Theft, Trojan Horses, Viruses, and Worms Never before with Instant Messaging (IM) has a more vital warning been needed for current and potential IM buddies who chat on line.John Sakoda of IMlogic CTO and Vice President of Products stated that,"IM viruses and worms are growing exponentially. Firewalls: What They Are And Why You MUST Have One! A firewall is a system or gateway that prevents unauthorized access to your computer or private network. It is usually the first line of defense in protecting your private information or data. Identity Theft -- 10 Simple Ways to Protect Your Good Name! Identity Theft is one of the most serious problems facing Internet users. Identity Theft is exactly as the name states -- someone steals your Identity and commits fraud in your name. 40 Million People Hacked - YOU as Identity Theft Victim Saturday, MasterCard blamed a vendor of ALL credit cardproviders called CardSystems Solutions, Inc., a third-partyprocessor of payment card data, as the source of loss of 40million consumers credit card information. The Risk Of Electronic Fraud & Identity Theft Electronic Fraud and Identity Theft-----------------------------------Human beings are pretty sensible when presented with an imminent threat or risk. That is, if it's staring us directly in the face. Free Spyware Removal - Its Not As Easy As It Sounds Nobody wants to pay to remove spyware. At the very least, I don't. SPYWARE - Whos Watching Who? I am in the midst of Oscar Wilde's The Picture of Dorian Gray. "The basis of optimism is sheer terror. What Every Internet Marketer Should Know About Spyware If you run any type of Internet business, Adware and Spyware can be a very serious issue. These programs hide themselves on your computer and do all sorts of annoying and potentially dangerous things.
|
| home | site map |
| © 2006 |