You’ve probably heard about social engineering, but have your users? Do your users know they are the single biggest threat to the security of your organization? Social engineering comes in many forms. Users must be educated on the creative ways attackers leverage social engineering to take advantage of human nature. Demonstrating social engineering for Professor Tim Richardson's E-Business Strategies class (MGD415). We found an old McDonald's cup someone had thrown away outside of McDonald's, filled it with a bottle of water and told the drive-thru it was too cold...free latte. What Is "Social Engineering"?
Social engineering is also called social hacking or social cracking. Social engineering is stealing important security information such as ID or passwords, not by technically but by socially. Popular example is picking through trash of a company or an organization and finding discs that contain secret documents or important data. Even you may use a paper shredder, it can be reconnected. Also, it is other way calls and asks information by lying about his/her identity. In a company, perpetrators may pass himself off as a boss, call to system management center, and say “I forgot passwords, so please tell me again”. There are a lot of other ways. Companies have to set up exacting rules of important data to prevent social engineering.
Social Engineering describes methods of influencing people with the goal of illegally obtaining sensitive data (e.g. passwords, credit card information). Social Engineers observe the personal environment of their victims and use fake identities to gain secret information or free services. In most cases Social Engineering is used to infiltrate third party computer systems to spy on sensitive data; in that case social engineering is also called Social Hacking. An early form of social engineering first appeared in the 1980′s and was named phreaking. Phreakers called phone companies and claimed to be system administrators and asked for passwords which they used to connect illegally and free of charge to the internet. A more modern form of social engineering is called phishing. Phishers pose as corporate and public administrators and request password information from the target organization’s user base. The most common form of phishing is called ‘fraud mailing,’ where the victim is sent a fake e-mail, usually from their bank. The letter includes a link that redirects the victim to a fake website to login to their account. The main mode of social engineering however, is still faked phone calls: the social engineer calls employees of a company and impersonates a technician who needs sensitive data to complete important technical operations. In advance the attacker has gathered information about work routines of the target company from public sources or former raid attempts. The invader tries to confuse his victims and to seem trustful, using trade language and involving the victims in small talk. Further the assaulter pretends authority to frighten his victims. In some cases the employee actually requested technical support and is expecting such a phone call. The prevention of social engineering is difficult. The invader abuses typical human behavior like helpfulness in emergency situations, and general mistrust would disturb the efficient and trustful team work of an organization. The most effective way to avoid social engineering is to assure the identity of the caller. This can already be done by asking for the caller’s name and phone number and to politely ask for patience, even if the caller’s issue seems to be very urgent. Well known social engineers include Kevin Mitnick,who became one of the most wanted persons of the United States of America because of successfully invading government systems such as the Pentagon and the NSA, and Frank Abagnale, who was the subject of the film ‘Catch Me If You Can. Hackers using Social Engineering attacks are getting much better at...
Please join StudyMode to read the full document