Social engineering is a technique used by
individuals or groups to basically con a person in order to obtain
access to confidential information. It is a very successful way to
accomplish one's exploiting goals and is often much easier than using
software and other means. Most people are willing to give out
information, if it will help someone else. Helping others is a basic
part of being human, so it can be more easily abused.
There are many different types of attacks such as phishing, dumpster diving, pretending to be a co-worker, tailgating, and link scams. There are many other ways of being a social engineer, so these are just a few I would like to give examples of.
Phishing is commonly done by using email, texting, instant messaging and looks as if it came from a legitimate person, company, or even a popular brand. These messages may ask you to verify personal information or click on a link. It would be nice to win the lottery, but clicking on the 'you just won a million dollars' link within an email will not likely accomplish that goal. It can however accomplish the criminal's goal of installing spyware on your computer or obtaining your contacts list. How many of your friends would then click on the link?
Dumpster diving is exactly what it sounds like. The criminal obtains information from documents thrown in trash bins. Many people tend to just throw unneeded documents and printed emails in the trash without thinking of security risks. Does your trash contain people's names, addresses, account numbers, and maybe correspondence you did not think were important? It would be best to shred anything that may be suspect.
Tailgating may be fun at a ballgame, but can also be a real pain for companies. Tailgating is when one person follows another through a secure doorway or area without having to prove their identity. One example can be when the criminal purposely has something in both hands and follows another through a secured area, where they would normally have to show identity, but are taking advantage of another person's generosity to help them get through.
Pretending to be a co-worker is another way of deceiving a mark in order to get wanted information. A criminal can call a person in the target company and may ask for them to send a certain document that they accidentally deleted or did not receive. They may know others in that company and can provide basic information to satisfy one's curiosity to accomplish this. Always make sure to positively identify a caller before releasing any information.
These are just a few examples of techniques used by social engineers in today's world. Criminals will always find a way to get what they want by using other people as their tools. Your best safeguard is to be aware of others, practice safe data guarding techniques, and keep current of the latest scams happening around you.
There are many different types of attacks such as phishing, dumpster diving, pretending to be a co-worker, tailgating, and link scams. There are many other ways of being a social engineer, so these are just a few I would like to give examples of.
Phishing is commonly done by using email, texting, instant messaging and looks as if it came from a legitimate person, company, or even a popular brand. These messages may ask you to verify personal information or click on a link. It would be nice to win the lottery, but clicking on the 'you just won a million dollars' link within an email will not likely accomplish that goal. It can however accomplish the criminal's goal of installing spyware on your computer or obtaining your contacts list. How many of your friends would then click on the link?
Dumpster diving is exactly what it sounds like. The criminal obtains information from documents thrown in trash bins. Many people tend to just throw unneeded documents and printed emails in the trash without thinking of security risks. Does your trash contain people's names, addresses, account numbers, and maybe correspondence you did not think were important? It would be best to shred anything that may be suspect.
Tailgating may be fun at a ballgame, but can also be a real pain for companies. Tailgating is when one person follows another through a secure doorway or area without having to prove their identity. One example can be when the criminal purposely has something in both hands and follows another through a secured area, where they would normally have to show identity, but are taking advantage of another person's generosity to help them get through.
Pretending to be a co-worker is another way of deceiving a mark in order to get wanted information. A criminal can call a person in the target company and may ask for them to send a certain document that they accidentally deleted or did not receive. They may know others in that company and can provide basic information to satisfy one's curiosity to accomplish this. Always make sure to positively identify a caller before releasing any information.
These are just a few examples of techniques used by social engineers in today's world. Criminals will always find a way to get what they want by using other people as their tools. Your best safeguard is to be aware of others, practice safe data guarding techniques, and keep current of the latest scams happening around you.
المرجو نشر هذا الموضوع
معلومات عن العضو
Ads
Ads