Social Engineering: You Have Been A Victim
Monday morning, 6am; the electric rooster is telling you it's time to start a new work week. A shower, some coffee, and you're in the car and off. On the way to work you're thinking of all you need to accomplished this week. Then, on top of that there's the recent merger between your company and a competitor. One of your associates told you, you better be on your toes because rumors of layoffs are floating around.
You arrive at the office and stop by the restroom to make sure you look your best. You straighten your tie, and turn to head to your cube when you notice, sitting on the back of the sink, is a CD-ROM. Someone must have left this behind by accident. You pick it up and notice there is a label on it. The label reads "2005 Financials & Layoff's". You get a sinking feeling in your stomach and hurry to your desk. It looks like your associate has good reasons for concern, and you're about to find out for your self.
And The "Social Engineering" Game Is In Play:
People Are The Easiest Target
When Did I Become a Victim of Social Engineering?
The spreadsheet you opened was not the only thing executing on your computer. The moment you open that file you caused a script to execute which installed a few files on your computer. Those files were designed to call home and make a connection to one of our servers on the Internet. Once the connection was made the software on our servers responded by pushing (or downloading) several software tools to your computer. Tools designed to give us complete control of your computer. Now we have a platform, inside your company's network, where we can continue to hack the network. And, we can do it from inside without even being there.
This is what we call a 180 degree attack. Meaning, we did not have to defeat the security measures of your company's firewall from the Internet. You took care of that for us. Many organizations give their employees unfettered access (or impose limited control) to the Internet. Given this fact, we devised a method for attacking the network from within with the explicit purpose of gaining control of a computer on the private network. All we had to do is get someone inside to do it for us - Social Engineering! What would you have done if you found a CD with this type of information on it?
What Does It Mean to Be "Human"
This knowledge gives the social engineer the tools needed to entice another person to take a certain course of action. Because of human weaknesses, inability to properly assess certain risk, and need to believe most people are good, we are an easy target.
In fact, chances are you have been a victim of social engineering many times during the course of your life. For instance, it is my opinion that peer pressure is a form of social engineering. Some of the best sales people I've known are very effective social engineers. Direct marketing can be considered a form of social engineering. How many times have you purchased something only to find out you really did not need it? Why did you purchase it? Because you were lead to believe you must.
The main thing to remember is to rely on common sense. If some one calls you asking for your login and password information and states they are from the technical department, do not give them the information. Even if the number on your phone display seems to be from within your company. I can't tell you how many times we have successfully used that technique. A good way of reducing your risk of becoming a victim of social engineering is to ask questions. Most hackers don't have time for this and will not consider someone who asks questions an easy target.
About The Author
Tennessee shooting: Nashville police release security camera footage of Covenant school attack that killed 6 - Fox News
Tennessee shooting: Nashville police release security camera footage of Covenant school attack that killed 6 Fox News
Security expert: Nashville school shooting should serve as a wake up call for similar schools in Nor - CBS News
Security expert: Nashville school shooting should serve as a wake up call for similar schools in Nor CBS News
Microsoft pushes OOB security updates for Windows Snipping tool flaw BleepingComputer
College athlete influencers confront security concerns Honolulu Star-Advertiser
Executive Order on Prohibition on Use by the United States ... The White House
Biden bans government use of commercial spyware that may pose a ... SiliconANGLE News
Running a security program before your first security hire Help Net Security
Balancing security risks and innovation potential of shadow IT teams Help Net Security
Japan’s new security policies: A long road to full implementation Brookings Institution
Roof replacements, security vestibules among improvements in ... Alaska Public Media News
Counter-Terrorism: High-level Debate : What's In Blue Security Council Report
Survey Surfaces Need to Change SecOps Priorities Security Boulevard
UN Security Council turns down request for Nord Stream inquiry Al Jazeera English
WCPS starts security assistants program to curb student misbehavior Herald-Mail Media
UA releases security assessment outlining systemic safety issues Arizona Public Media
LA Metro adding new security officers amid safety concerns FOX 11 Los Angeles
'School safety and security has been a priority': Superintendent Moore reaffirms prioritizing school security in Wake Schools - WRAL News
'School safety and security has been a priority': Superintendent Moore reaffirms prioritizing school security in Wake Schools WRAL News
Tausight expands its AI-based PHI Security Intelligence platform to ... Help Net Security
NEW: Shaheen Leads 37 Senators in Letter to Pentagon ... Senator Jeanne Shaheen
What you need before the next vulnerability hits Help Net Security
Improve Mobile Device Security with this HC3 Checklist HIPAA Journal
SLED investigating after late-night shooting at SC State, university adds security measures - WIS News 10
SLED investigating after late-night shooting at SC State, university adds security measures WIS News 10
Israel defense minister’s firing triggers security fears, reservist call-ups and greater protests - Breaking Defense
Israel defense minister’s firing triggers security fears, reservist call-ups and greater protests Breaking Defense
Under pressure, St. Louis' Railway Exchange boosts security to ... St. Louis Post-Dispatch
Commerce Department Outlines Proposed National Security ... US Department of Commerce
Secretary Mayorkas, Administrator Criswell Visit Devastated Areas ... Homeland Security
Meandering Moose Breaches Security At Sinclair Oil Refinery Cowboy State Daily
New for Devs in SQL Server 2022: Ledger for Blockchain-Backed ... Visual Studio Magazine
Rising Rate of Drug Shortages Is Framed as a National Security Threat The New York Times
Maryland native works to help others with food security News 13 Orlando
Las Cruces Police Department advises against posting doorbell security footage online - KFOX El Paso
Pasquotank officials discuss county courthouse repairs, security ... The Daily Advance
Opinion: Sensible legislation would 'sentence' gun security violators ... - Chattanooga Times Free Press
Opinion: Sensible legislation would 'sentence' gun security violators ... Chattanooga Times Free Press
Law firm fined $200,000 over 'poor data security' that led to ... The Record by Recorded Future
Senators Introduce Bipartisan Bill to Tackle National Security ... Senator Mark Warner
Ukraine-Russia updates: Kyiv seeks UN Security Council meeting Al Jazeera English
FACT SHEET: President Biden Signs National Security ... The White House
Dope Security nabs $16M led by GV to build out secure web gateways designed to work on endpoints, not in the cloud - TechCrunch
Dope Security nabs $16M led by GV to build out secure web gateways designed to work on endpoints, not in the cloud TechCrunch
TSA issues new cybersecurity requirements for airport and aircraft ... - Transportation Security Administration
TSA issues new cybersecurity requirements for airport and aircraft ... Transportation Security Administration
Remarks by Ambassador Linda Thomas-Greenfield at a UN Security ... - United States Mission to the United Nations
Remarks by Ambassador Linda Thomas-Greenfield at a UN Security ... United States Mission to the United Nations
The Case for a Security Guarantee for Ukraine Foreign Affairs Magazine
TikTok Pushed by U.S. to Resolve National Security Concerns The New York Times
FACT SHEET: President Biden’s Budget Strengthens Border ... The White House
Biden’s Cybersecurity Strategy Assigns Responsibility to Tech Firms The New York Times
Biden Administration Announces Additional Security Assistance for ... Department of Defense
After Denver school shooting, an outcry erupts over security The Associated Press
Why keeping Bitcoin mining in the U.S. helps the economy and national security—and even the environment - Fortune
Why keeping Bitcoin mining in the U.S. helps the economy and national security—and even the environment Fortune
Topeka senator calls for security as frustrations flare at Kansas anti ... - The Topeka Capital-Journal
Topeka senator calls for security as frustrations flare at Kansas anti ... The Topeka Capital-Journal
Feds Charge NY Man as BreachForums Boss “Pompompurin ... Krebs on Security
US Cyber Challenge offers online competitions in information ... Veterans Affairs (.gov)
Climate Security & Resilience Program State Magazine
What is computer security?Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system.
Internet Small Business and Fraud
Be careful of sites that promise to send you "instant pins". These companies usually have lax credit card security and can afford customer charge backs from fraudulent transactions.
How to Thwart the Barbarian Spyware!
Today,on most internet user's computers, we have theability to employ software, along with ourintelligence, to prevent viruses and spyware.To put this article into proper perspective, we'll useMedieval defense tactics.
Identity Theft - Dont Blame The Internet
Identity theft - also known as ID theft, identity fraud and ID fraud - describes a type of fraud where a criminal adopts someone else's identity in order to profit illegally. It is one of the fastest growing forms of fraud in many developed countries.
SCAMS - Be Aware - And Report When Necessary
The Internet is a vast International Network of people and businesses - and a place where people can make a fairly decent living. However, it is also a place where certain unsavory characters can freely roam - to take your dollars and run.
How To Clean the Spies In Your Computer?
Manual Spy Bot Removal > BookedSpaceBookedSpace is an Internet Explorer Browser Helper Object used to show advertising.Free PC Health Check - find bad files fast! How many corrupt and redundant files are lurking inside your PC ready to cause harmful errors? Find these harmful "time-bomb" files instantly and keep your computer ERROR FREE 24 hours a day!VariantsBookedSpace/Remanent : early variant (around July 2003) with filename rem00001.
Identity Theft -- 10 Simple Ways to Protect Your Good Name!
Identity Theft is one of the most serious problems facing Internet users. Identity Theft is exactly as the name states -- someone steals your Identity and commits fraud in your name.
Spyware, What It Is, What It Does, And How To Stop It
Spyware is software that runs on a personal computer without the knowledge or consent of the owner of that computer. The Spyware then collects personal information about the user or users of the infected computer.
Adware and Spyware: The Problems and Their Solutions
The Threat10 years ago you could probably have run no Internet security applications and still have come out after a browse of the Internet with a virus and malware free computer, but this situation is no longer apparent. Several years ago, before I knew of the dangers of the Internet, I had absolutely no spyware or adware protection.
Spyware Programs Are Out To Get You!
The average computer is packed with hidden software that can secretly spy on online habits.The US net provider EarthLink said it uncovered an average of 28 spyware programs on each PC scanned during the first three months of the year.
Dont Allow Hackers to Take Out Money from Your Bank Account
If you know what is the 'Fishing' then it's very easyto understand the definition of 'Phishing'. Justreplace letter 'F' from the word Fishing with 'Ph'.
Data Security; Are Your Company Assets Really Secure?
Is your data secure? Think again. Securing data is unlike any other corporate asset, and is likely the biggest challenge your company faces today.
Spyware Protection Software
Spyware protection software is the easiest way of removing spyware from your computer and keeping it away. It detects and removes all pieces of spyware and adware automatically.
A New Era of Computer Security
Computer security for most can be described in 2 words, firewall and antivirus.Until recently could one install a firewall and an antivirus program and feel quite secure.
How Can Someone Get Private Information From My Computer?
From the "Ask Booster" column in the June 17, 2005 issue of Booster's Auction News, a free ezine for online auction sellers and enthusiasts.Dear Booster,How can someone get private information from my computer?Thank you,Evan S.
Temporary Internet Files - the Good, the Bad, and the Ugly
A little bit of time invested into learning about internet security can go a long way in preventing mishaps on your computer. Temporary internet files are not something we should be afraid of, but we should certainly be careful in how much we trust them and how we deal with them.
Pharming - Another New Scam
Pharming is one of the latest online scams and rapidly growing threat that has been showing up on the Internet. It's a new way for criminals to try to get into your computer so they can steal your personal data.
Hacked: Who Else Is Using Your Computer?
A friend called me one day and asked if I would stop by to look at his computer. He said it was running abnormally slow and he had found something on his hard-drive he could not explain.
Lottery Scam, What It is and how to Avoid It?
Internet scams and frauds are on the rise! The quantity of scam emails with various fraud schemes any email account receives today is simply overwhelming! There is this infamous Nigerian 419 scam, which is by far the most widely circulated one. I wrote about it in one of our ezine articles not long ago.
Phishing: An Interesting Twist On A Common Scam
After Two Security Assessments I Must Be Secure, Right?---------------------------------------Imagine you are the CIO of a national financial institution and you've recently deployed a state of the art online transaction service for your customers. To make sure your company's network perimeter is secure, you executed two external security assessments and penetration tests.
|home | site map|