| |
| |
|
Security Information |
|
|
|
Social Engineering: You Have Been A Victim
Monday morning, 6am; the electric rooster is telling you it's time to start a new work week. A shower, some coffee, and you're in the car and off. On the way to work you're thinking of all you need to accomplished this week. Then, on top of that there's the recent merger between your company and a competitor. One of your associates told you, you better be on your toes because rumors of layoffs are floating around. You arrive at the office and stop by the restroom to make sure you look your best. You straighten your tie, and turn to head to your cube when you notice, sitting on the back of the sink, is a CD-ROM. Someone must have left this behind by accident. You pick it up and notice there is a label on it. The label reads "2005 Financials & Layoff's". You get a sinking feeling in your stomach and hurry to your desk. It looks like your associate has good reasons for concern, and you're about to find out for your self. And The "Social Engineering" Game Is In Play: People Are The Easiest Target When Did I Become a Victim of Social Engineering? The spreadsheet you opened was not the only thing executing on your computer. The moment you open that file you caused a script to execute which installed a few files on your computer. Those files were designed to call home and make a connection to one of our servers on the Internet. Once the connection was made the software on our servers responded by pushing (or downloading) several software tools to your computer. Tools designed to give us complete control of your computer. Now we have a platform, inside your company's network, where we can continue to hack the network. And, we can do it from inside without even being there. This is what we call a 180 degree attack. Meaning, we did not have to defeat the security measures of your company's firewall from the Internet. You took care of that for us. Many organizations give their employees unfettered access (or impose limited control) to the Internet. Given this fact, we devised a method for attacking the network from within with the explicit purpose of gaining control of a computer on the private network. All we had to do is get someone inside to do it for us - Social Engineering! What would you have done if you found a CD with this type of information on it? What Does It Mean to Be "Human" This knowledge gives the social engineer the tools needed to entice another person to take a certain course of action. Because of human weaknesses, inability to properly assess certain risk, and need to believe most people are good, we are an easy target. In fact, chances are you have been a victim of social engineering many times during the course of your life. For instance, it is my opinion that peer pressure is a form of social engineering. Some of the best sales people I've known are very effective social engineers. Direct marketing can be considered a form of social engineering. How many times have you purchased something only to find out you really did not need it? Why did you purchase it? Because you were lead to believe you must. Conclusion The main thing to remember is to rely on common sense. If some one calls you asking for your login and password information and states they are from the technical department, do not give them the information. Even if the number on your phone display seems to be from within your company. I can't tell you how many times we have successfully used that technique. A good way of reducing your risk of becoming a victim of social engineering is to ask questions. Most hackers don't have time for this and will not consider someone who asks questions an easy target. About The Author
MORE RESOURCES: Security alert: It’s time to update your iPhone — again NewsNation Now Secretary Antony J. Blinken At the Addressing the Urgent Security Situation in Haiti Meeting - United States Department ... Department of State Mozambique-U.S. seek to deepen defence, security ties Africanews English OSCE in crisis as Russian veto threatens security body Financial Times TSA showcases security checkpoint technologies in use at Antonio ... Transportation Security Administration Biden-Harris Administration Announces Final National Security ... US Department of Commerce United States Hosts UNGA Side Event: Addressing the Urgent ... Department of State Austin Lauds Mozambique's Leadership on Regional Security > U.S Department of Defense Biden Administration Announces Additional Security Assistance for ... Department of Defense Five questions with security expert Greg Parker Johnson Controls Operation Lone Star Bolsters Border Security To Stem Historic Influx Office of the Texas Governor Software supply chain security Grant Thornton Increased online security coming soon to El Camino El Camino College Union TSA canines enhancing security at John F. Kennedy International ... Transportation Security Administration Fact Sheet: The Biden-Harris Administration Takes New Actions to ... Homeland Security Secretary Antony J. Blinken At United Nations Security Council ... Department of State At Disagree Better Event, National Security Experts Warn of the ... - National Governors Association At Disagree Better Event, National Security Experts Warn of the ... National Governors Association DHS Homeland Security Investigations Announces Strategy to ... Homeland Security Statement by President Charles Michel at the UN Security Council ... Présidence française du Conseil de l'Union européenne 2022 Remarks by Ambassador Linda Thomas-Greenfield at a UN Security ... United States Mission to the United Nations CU Boulder earns $5 million award for 5G cellular security research CU Boulder's College of Engineering & Applied Science Diving Deep Into Key Input on the Access Control Market Security Sales & Integration Building the Quad: A Diamond of National Security United States Army Job Security Isn't Enough to Keep Many Accountants From Quitting The Wall Street Journal At the edge of the UN security perimeter, those with causes (and ... Chattanooga Times Free Press Security guards are first line of defense at Fort Wainwright United States Army GEN Nakasone Offers Insight into Future of Cybersecurity and SIGINT National Security Agency Indiana University Health reports data security incident pertaining to one of its vendors FOX 59 Indianapolis Unlocking IoT Endpoint Security in 2023: What You Need to Know Security Boulevard 30th Security Forces Squadron Expeditionary Training ... Vandenberg Space Force Base ROSEN, TRUSTED INVESTOR COUNSEL, Encourages NAPCO ... GlobeNewswire Airport Security Officer Caught Stealing From Passenger, Stuffs ... View from the Wing Secretary Mayorkas Delivers Remarks at Ukrainian Cultural Artifacts ... Homeland Security Fleeing Militants Pose Challenge to Somalia’s Security Voice of America - VOA News LastPass: 'Horse Gone Barn Bolted' is Strong Password – Krebs on ... Krebs on Security Remarks by Ambassador Thomas-Greenfield at a UN Security ... U.S. Embassy Moscow Robert Habeck on Germany's new approach to 'economic security ... Atlantic Council Ambassador Linda Thomas-Greenfield Joins Secretary Blinken for ... United States Mission to the United Nations Why We're Pulling Our Recommendation of Wyze Security Cameras The New York Times Chicago Mayor Signs $29 Million Deal With Private Security Firm To Create Tent Camps For Migrants Forbes D.C. Dispatch: Lawmakers call for Russian reparations, border ... Iowa Capital Dispatch Security Forces Teargas, Arrest Family Of Protester Killed In Iran ایران اینترنشنال |
|
|
|
RELATED ARTICLES
Computer Security What is computer security?Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Internet Small Business and Fraud Be careful of sites that promise to send you "instant pins". These companies usually have lax credit card security and can afford customer charge backs from fraudulent transactions. How to Thwart the Barbarian Spyware! Today,on most internet user's computers, we have theability to employ software, along with ourintelligence, to prevent viruses and spyware.To put this article into proper perspective, we'll useMedieval defense tactics. Identity Theft - Dont Blame The Internet Identity theft - also known as ID theft, identity fraud and ID fraud - describes a type of fraud where a criminal adopts someone else's identity in order to profit illegally. It is one of the fastest growing forms of fraud in many developed countries. SCAMS - Be Aware - And Report When Necessary The Internet is a vast International Network of people and businesses - and a place where people can make a fairly decent living. However, it is also a place where certain unsavory characters can freely roam - to take your dollars and run. How To Clean the Spies In Your Computer? Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer Browser Helper Object used to show advertising.Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!VariantsBookedSpace/Remanent : early variant (around July 2003) with filename rem00001. Identity Theft -- 10 Simple Ways to Protect Your Good Name! Identity Theft is one of the most serious problems facing Internet users. Identity Theft is exactly as the name states -- someone steals your Identity and commits fraud in your name. Spyware, What It Is, What It Does, And How To Stop It Spyware is software that runs on a personal computer without the knowledge or consent of the owner of that computer. The Spyware then collects personal information about the user or users of the infected computer. Adware and Spyware: The Problems and Their Solutions The Threat10 years ago you could probably have run no Internet security applications and still have come out after a browse of the Internet with a virus and malware free computer, but this situation is no longer apparent. Several years ago, before I knew of the dangers of the Internet, I had absolutely no spyware or adware protection. Spyware Programs Are Out To Get You! The average computer is packed with hidden software that can secretly spy on online habits.The US net provider EarthLink said it uncovered an average of 28 spyware programs on each PC scanned during the first three months of the year. Dont Allow Hackers to Take Out Money from Your Bank Account If you know what is the 'Fishing' then it's very easyto understand the definition of 'Phishing'. Justreplace letter 'F' from the word Fishing with 'Ph'. Data Security; Are Your Company Assets Really Secure? Is your data secure? Think again. Securing data is unlike any other corporate asset, and is likely the biggest challenge your company faces today. Spyware Protection Software Spyware protection software is the easiest way of removing spyware from your computer and keeping it away. It detects and removes all pieces of spyware and adware automatically. A New Era of Computer Security Computer security for most can be described in 2 words, firewall and antivirus.Until recently could one install a firewall and an antivirus program and feel quite secure. How Can Someone Get Private Information From My Computer? From the "Ask Booster" column in the June 17, 2005 issue of Booster's Auction News, a free ezine for online auction sellers and enthusiasts.Dear Booster,How can someone get private information from my computer?Thank you,Evan S. Temporary Internet Files - the Good, the Bad, and the Ugly A little bit of time invested into learning about internet security can go a long way in preventing mishaps on your computer. Temporary internet files are not something we should be afraid of, but we should certainly be careful in how much we trust them and how we deal with them. Pharming - Another New Scam Pharming is one of the latest online scams and rapidly growing threat that has been showing up on the Internet. It's a new way for criminals to try to get into your computer so they can steal your personal data. Hacked: Who Else Is Using Your Computer? A friend called me one day and asked if I would stop by to look at his computer. He said it was running abnormally slow and he had found something on his hard-drive he could not explain. Lottery Scam, What It is and how to Avoid It? Internet scams and frauds are on the rise! The quantity of scam emails with various fraud schemes any email account receives today is simply overwhelming! There is this infamous Nigerian 419 scam, which is by far the most widely circulated one. I wrote about it in one of our ezine articles not long ago. Phishing: An Interesting Twist On A Common Scam After Two Security Assessments I Must Be Secure, Right?---------------------------------------Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests.
|
| home | site map |
| © 2006 |