![]() | |
![]() | |
![]() |
Security Information |
|
![]() |
Social Engineering: You Have Been A Victim
Monday morning, 6am; the electric rooster is telling you it's time to start a new work week. A shower, some coffee, and you're in the car and off. On the way to work you're thinking of all you need to accomplished this week. Then, on top of that there's the recent merger between your company and a competitor. One of your associates told you, you better be on your toes because rumors of layoffs are floating around. You arrive at the office and stop by the restroom to make sure you look your best. You straighten your tie, and turn to head to your cube when you notice, sitting on the back of the sink, is a CD-ROM. Someone must have left this behind by accident. You pick it up and notice there is a label on it. The label reads "2005 Financials & Layoff's". You get a sinking feeling in your stomach and hurry to your desk. It looks like your associate has good reasons for concern, and you're about to find out for your self. And The "Social Engineering" Game Is In Play: People Are The Easiest Target When Did I Become a Victim of Social Engineering? The spreadsheet you opened was not the only thing executing on your computer. The moment you open that file you caused a script to execute which installed a few files on your computer. Those files were designed to call home and make a connection to one of our servers on the Internet. Once the connection was made the software on our servers responded by pushing (or downloading) several software tools to your computer. Tools designed to give us complete control of your computer. Now we have a platform, inside your company's network, where we can continue to hack the network. And, we can do it from inside without even being there. This is what we call a 180 degree attack. Meaning, we did not have to defeat the security measures of your company's firewall from the Internet. You took care of that for us. Many organizations give their employees unfettered access (or impose limited control) to the Internet. Given this fact, we devised a method for attacking the network from within with the explicit purpose of gaining control of a computer on the private network. All we had to do is get someone inside to do it for us - Social Engineering! What would you have done if you found a CD with this type of information on it? What Does It Mean to Be "Human" This knowledge gives the social engineer the tools needed to entice another person to take a certain course of action. Because of human weaknesses, inability to properly assess certain risk, and need to believe most people are good, we are an easy target. In fact, chances are you have been a victim of social engineering many times during the course of your life. For instance, it is my opinion that peer pressure is a form of social engineering. Some of the best sales people I've known are very effective social engineers. Direct marketing can be considered a form of social engineering. How many times have you purchased something only to find out you really did not need it? Why did you purchase it? Because you were lead to believe you must. Conclusion The main thing to remember is to rely on common sense. If some one calls you asking for your login and password information and states they are from the technical department, do not give them the information. Even if the number on your phone display seems to be from within your company. I can't tell you how many times we have successfully used that technique. A good way of reducing your risk of becoming a victim of social engineering is to ask questions. Most hackers don't have time for this and will not consider someone who asks questions an easy target. About The Author
MORE RESOURCES: Security expert: Nashville school shooting should serve as a wake up call for similar schools in Nor CBS News Microsoft pushes OOB security updates for Windows Snipping tool flaw BleepingComputer College athlete influencers confront security concerns Honolulu Star-Advertiser Executive Order on Prohibition on Use by the United States ... The White House Biden bans government use of commercial spyware that may pose a ... SiliconANGLE News Running a security program before your first security hire Help Net Security Balancing security risks and innovation potential of shadow IT teams Help Net Security Japan’s new security policies: A long road to full implementation Brookings Institution Roof replacements, security vestibules among improvements in ... Alaska Public Media News Counter-Terrorism: High-level Debate : What's In Blue Security Council Report Survey Surfaces Need to Change SecOps Priorities Security Boulevard UN Security Council turns down request for Nord Stream inquiry Al Jazeera English WCPS starts security assistants program to curb student misbehavior Herald-Mail Media UA releases security assessment outlining systemic safety issues Arizona Public Media LA Metro adding new security officers amid safety concerns FOX 11 Los Angeles Tausight expands its AI-based PHI Security Intelligence platform to ... Help Net Security NEW: Shaheen Leads 37 Senators in Letter to Pentagon ... Senator Jeanne Shaheen What you need before the next vulnerability hits Help Net Security Improve Mobile Device Security with this HC3 Checklist HIPAA Journal SLED investigating after late-night shooting at SC State, university adds security measures WIS News 10 Israel defense minister’s firing triggers security fears, reservist call-ups and greater protests Breaking Defense Under pressure, St. Louis' Railway Exchange boosts security to ... St. Louis Post-Dispatch Commerce Department Outlines Proposed National Security ... US Department of Commerce Secretary Mayorkas, Administrator Criswell Visit Devastated Areas ... Homeland Security Meandering Moose Breaches Security At Sinclair Oil Refinery Cowboy State Daily New for Devs in SQL Server 2022: Ledger for Blockchain-Backed ... Visual Studio Magazine Rising Rate of Drug Shortages Is Framed as a National Security Threat The New York Times Maryland native works to help others with food security News 13 Orlando Las Cruces Police Department advises against posting doorbell security footage online - KFOX El Paso Pasquotank officials discuss county courthouse repairs, security ... The Daily Advance Opinion: Sensible legislation would 'sentence' gun security violators ... Chattanooga Times Free Press Law firm fined $200,000 over 'poor data security' that led to ... The Record by Recorded Future Senators Introduce Bipartisan Bill to Tackle National Security ... Senator Mark Warner Ukraine-Russia updates: Kyiv seeks UN Security Council meeting Al Jazeera English FACT SHEET: President Biden Signs National Security ... The White House TSA issues new cybersecurity requirements for airport and aircraft ... Transportation Security Administration Remarks by Ambassador Linda Thomas-Greenfield at a UN Security ... United States Mission to the United Nations The Case for a Security Guarantee for Ukraine Foreign Affairs Magazine TikTok Pushed by U.S. to Resolve National Security Concerns The New York Times FACT SHEET: President Biden’s Budget Strengthens Border ... The White House Biden’s Cybersecurity Strategy Assigns Responsibility to Tech Firms The New York Times Biden Administration Announces Additional Security Assistance for ... Department of Defense After Denver school shooting, an outcry erupts over security The Associated Press Topeka senator calls for security as frustrations flare at Kansas anti ... The Topeka Capital-Journal Feds Charge NY Man as BreachForums Boss “Pompompurin ... Krebs on Security US Cyber Challenge offers online competitions in information ... Veterans Affairs (.gov) Climate Security & Resilience Program State Magazine |
![]() |
![]() |
![]() |
RELATED ARTICLES
Computer Security What is computer security?Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Internet Small Business and Fraud Be careful of sites that promise to send you "instant pins". These companies usually have lax credit card security and can afford customer charge backs from fraudulent transactions. How to Thwart the Barbarian Spyware! Today,on most internet user's computers, we have theability to employ software, along with ourintelligence, to prevent viruses and spyware.To put this article into proper perspective, we'll useMedieval defense tactics. Identity Theft - Dont Blame The Internet Identity theft - also known as ID theft, identity fraud and ID fraud - describes a type of fraud where a criminal adopts someone else's identity in order to profit illegally. It is one of the fastest growing forms of fraud in many developed countries. SCAMS - Be Aware - And Report When Necessary The Internet is a vast International Network of people and businesses - and a place where people can make a fairly decent living. However, it is also a place where certain unsavory characters can freely roam - to take your dollars and run. How To Clean the Spies In Your Computer? Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer Browser Helper Object used to show advertising.Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!VariantsBookedSpace/Remanent : early variant (around July 2003) with filename rem00001. Identity Theft -- 10 Simple Ways to Protect Your Good Name! Identity Theft is one of the most serious problems facing Internet users. Identity Theft is exactly as the name states -- someone steals your Identity and commits fraud in your name. Spyware, What It Is, What It Does, And How To Stop It Spyware is software that runs on a personal computer without the knowledge or consent of the owner of that computer. The Spyware then collects personal information about the user or users of the infected computer. Adware and Spyware: The Problems and Their Solutions The Threat10 years ago you could probably have run no Internet security applications and still have come out after a browse of the Internet with a virus and malware free computer, but this situation is no longer apparent. Several years ago, before I knew of the dangers of the Internet, I had absolutely no spyware or adware protection. Spyware Programs Are Out To Get You! The average computer is packed with hidden software that can secretly spy on online habits.The US net provider EarthLink said it uncovered an average of 28 spyware programs on each PC scanned during the first three months of the year. Dont Allow Hackers to Take Out Money from Your Bank Account If you know what is the 'Fishing' then it's very easyto understand the definition of 'Phishing'. Justreplace letter 'F' from the word Fishing with 'Ph'. Data Security; Are Your Company Assets Really Secure? Is your data secure? Think again. Securing data is unlike any other corporate asset, and is likely the biggest challenge your company faces today. Spyware Protection Software Spyware protection software is the easiest way of removing spyware from your computer and keeping it away. It detects and removes all pieces of spyware and adware automatically. A New Era of Computer Security Computer security for most can be described in 2 words, firewall and antivirus.Until recently could one install a firewall and an antivirus program and feel quite secure. How Can Someone Get Private Information From My Computer? From the "Ask Booster" column in the June 17, 2005 issue of Booster's Auction News, a free ezine for online auction sellers and enthusiasts.Dear Booster,How can someone get private information from my computer?Thank you,Evan S. Temporary Internet Files - the Good, the Bad, and the Ugly A little bit of time invested into learning about internet security can go a long way in preventing mishaps on your computer. Temporary internet files are not something we should be afraid of, but we should certainly be careful in how much we trust them and how we deal with them. Pharming - Another New Scam Pharming is one of the latest online scams and rapidly growing threat that has been showing up on the Internet. It's a new way for criminals to try to get into your computer so they can steal your personal data. Hacked: Who Else Is Using Your Computer? A friend called me one day and asked if I would stop by to look at his computer. He said it was running abnormally slow and he had found something on his hard-drive he could not explain. Lottery Scam, What It is and how to Avoid It? Internet scams and frauds are on the rise! The quantity of scam emails with various fraud schemes any email account receives today is simply overwhelming! There is this infamous Nigerian 419 scam, which is by far the most widely circulated one. I wrote about it in one of our ezine articles not long ago. Phishing: An Interesting Twist On A Common Scam After Two Security Assessments I Must Be Secure, Right?---------------------------------------Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests. ![]() |
home | site map |
© 2006 |