Free Essay

Social Engineering

In:

Submitted By raquellwelch
Words 1344
Pages 6
Social engineering is one of the most successful types of attacks users can be subjected to. Companies can spend thousands of dollars on top of the line protection for the system, but how do you protect from the user? These type of attacks can happen to the most novice of computer users all the way up to the masters of the IT field. Common social engineering attacks can happen over the phone, in person or even just over the internet without direct social interaction.
A lot of people believe they couldn’t possibly be a victim of social engineering attacks . A quote from Joan Goodchild’s article from Chris Roberts, a security consultant, discuses these feelings: “"So many people look at themselves or the companies they work for and think, 'Why would somebody want something from me? I don't have any money or anything anyone would want,'?" he said. "While you may not, if I can assume your identity, you can pay my bills. Or I can commit crimes in your name. I always try to get people to understand that no matter who the heck you are, or who you represent, you have a value to a criminal. " Popular social engineering attacks happen and are successful because of the need for social compliance. Most people want to help others, especially if that is your job (ie customer service representatives or help desk personnel). Being an employee in customer service can prove challenging when it comes to battling these attacks. “Social engineering is essentially the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. For example, instead of trying to find a software vulnerability, a social engineer might call an employee and pose as an IT support person, trying to trick the employee into divulging his password. ” (Goodchild) Over the phone attacks are so successful because calls can come in any time of the day or night and victims could be giving information to the wrong people without even knowing. Companies have started education employees on the need for verification other than just a name before giving out information. In the medical field, laws such as HIPAA prevent patient information being given out before some verification is given over the phone (such as patient name, address, and health insurance). Victims of these social engineering attacks believe they are doing their jobs or just protecting themselves. In the past some over the phone attacks occurred at night in order to ‘phish’ for information such as credit card and CVV numbers. Again, the attacks are successful in that they play on human need to please the person on the other line if they believe they are doing them a service and want to comply. Some attacks, refered to as ‘vishing’ are voicemails urging you to call a number back to discuss fraudulent charges or credit activity. When it comes to the security and safety of yourself and your finances over the phone, you’re relying on that person’s voice and information they have given you.
Attacks that occur in person can be trickier than over the phone. Delivery personnel are allowed in buildings to come and go during most business hours if they have a uniform complete with the laminated photo name badge. Think about the photo id card, in the area there are countless companies and even branches of the government use these forms of identification to grant employees access. They wear them everywhere during the work week; to and from work, in the business place and out of the office on a normal day. Many people can get an up close and personal look at them for free without the wearer any wiser. Companies and most, if not all, the departments in government enforce the rule of not wearing the identification badges (with all to codes) anywhere but in the building. In some cases, people can obtain entry to buildings by walking in behind another or asking the person before them to hold to door after conveniently forgetting their id badge. These social hackers could gain access to incredibly sensitive information in a matter of minutes without anyone realizing they are present. Imagine the destruction that could occur of someone was able to get into a company ‘s secure system on an unlocked computer or ‘grabbing access cards, installing keystroke loggers, and generally getting away with as much of your business's private information as they can get their hands on.
Social engineering attacks over the internet have been possibly the most successful out of all the types of attacks. These attacks can reach large amounts of people in a short amount of time. Common attacks come from the rise in social networking and use of email. Phishing attacks have come to be the most popular and one of the most famous attacks is the Nigeria scams. Emails came pouring out asking people to send money to help out a Nigerian Prince and they would get their money back and have their investment doubled. It’s a type of attack that is still popular in scams today. Emails are now carefully worded with the correct graphics to look like a legitimate email from your bank, work, even your grandma who wants you to watch a funny video. Other techniques to gather your information include , ads on websites, spim, even VOIP vulnerabilities and spam through the use of VOIP. The internet is becoming more aware of the users presence online, but attacks are still occurring.
Even though these types of attacks occur daily, there are many way to prevent them. One of the best recommendations is to ‘think like a hacker’. Be aware of what you say to strangers in person or on the phone regarding your day to day business. To be sure you are protected from a phone attack, verification should be enforced. Employee to employee
To prevent in person attacks, there are some simple rules that could be in place. When a delivery needs to be made, have an escort from security follow up with the delivery and make sure they leave without having the chance to infiltrate the system. If another person attempts to follow in behind someone in the work place or asking for entry without id, direct them to the front desk to obtain a new card or access code. If they are an employee, they should understand you are trying to maintain the integrity of the company. Internet attacks might be the most popular, but more people are aware of what they should be avoiding and the detection of such. Before opening suspicious emails or messages, read the subject and think “would so-and-so send me this? Does this sound like them? ” Making good critical thinking decisions made here effect the status and safety of your machine and your personal information.. Social engineering is a broad spectrum topic for various ways to attack and infiltrate systems and gain classified or personal information. While the attacks are still occurring, people are now becoming more aware and companies are educating employees on proper ways to handle these types of situations. The attacks may change with time and hacks will continue but the level of success cannot continue as the world becomes more aware.

Biblography
Goodchild, Joan. "Social Engineering: The Basics."http://www.csoonline.com/. N.p., 20 12 2012. Web. 1 Jul 2013. <http://www.csoonline.com/article/514063/social-engineering-the-basics>.
Goodchild, Joan. "9 Dirty Tricks: Social Engineers' Favorite Pick-Up Lines." http://www.csoonline.com/. N.p., 16 02 2009. Web. 1 Jul 2013. <http://www.csoonline.com/article/480589/9-dirty-tricks-social-engineers-favorite-pick-up-lines>.
Landesman, Mary http://antivirus.about.com/. N.p., 10 10 2008. Web. 1 Jul 2013. <http://antivirus.about.com/b/2008/10/10/what-are-social-engineering-attacks.htm>.
. webroot.com. N.p.. Web. 1 Jul 2013. <http://www.webroot.com/En_US/consumer/tips/secure-what-is-social-engineering>.

Similar Documents

Free Essay

Social Engineering

...“You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” Kevin Mitnick [4] Social engineering is one of the ways hackers get an access to sensitive information, such as passwords, access codes, credit card numbers, etc. Instead of breaking into a computer system, the persuasive hackers trick people into giving up the information on their own. [1] According to the Security and Risk website, social engineering attacks are very costly for businesses. For example, once hackers get the needed log in information, they can then spy on an organization’s activity and transactions. Annually, an organization can lose thousands of dollars on such attacks. New employees are the primary victims that become the prey of hackers via phishing emails and social networking sites. [2] The most common method of social engineering attacks is phishing or spam scams. The victim receives an urgent email where he or she asked to follow a link to verify the account number or any other “important” data. Hackers use well known organizations and banks’ logos and these kinds of emails are very convincing. There are different variations to this method, though. Instead of phony emails, a victim can receive a phony call from an “authority” or an IT specialist that tries to get the sensitive information from a victim. Also, there are different variations to it when hackers pretend to be some...

Words: 508 - Pages: 3

Free Essay

Kevin Mitnick - Social Engineering and Computer Hacking Mastermind

...Kevin Mitnick – Social Engineering and Computer Hacking Mastermind Shelby Descoteaux Professor Kabay IS 340 A Nov. 22, 2013 Table of Contents Introduction 3 Kevin Mitnick 3 Hackers and Their Motives 3 The Early Years 4 Adolescence 5 Kevin in Trouble 6 Kevin’s Final Visit from the FBI 7 Hacker or Engineer? 8 Impact on Computer Security 8 Conclusion 9 Works Cited 10 Introduction Most people today are aware of the detrimental risk that hackers pose to their computers. They might know about identity theft, viruses, Trojans and worms however what they fail to recognize is how these things are accomplished and if they have actually fallen victim to one of these horrible attacks. But what about attacks with even greater impacts…like someone hacking into the computer system of a car that controls the brakes? Perhaps penetrating the systems that control nuclear power plants? Although it seems unlikely that either of these extremely scary scenarios would ever happen, it is most definitely possible. One researcher for IBM’s Internet Security Systems told the owners of a nuclear power station that he could hack into their system through the Internet. The power station took this as a joke, responding to Scott Lunsford, the IBM researcher, with a laugh in his face saying that it was “impossible”. In response, Scott took up the power plant on their words and proved them wrong. In less than twenty-four hours, Scott’s team had infiltrated the system and in...

Words: 4016 - Pages: 17

Premium Essay

Sec440 Social Engineering

...Recommendations for Security Measures SEC440 Abstract A social engineering attack is a threat that can be both the most effective attack, as well as the most devastating. This paper will detail some of the strategies of identifying and circumventing a social engineering attempt on an organization. I will give real world examples of social engineering attacks and how the attack was able to succeed in easily infiltrating an organization’s IT systems. . Recommendations for Security Measures Dictionary.com defines Social Engineering as “the application of the findings of social science to the solution of actual social problems.” (Dictionary.com, 2011). However in the Information Security world we use this word in a more specific sense. Christopher Hadnagy wrote a great book on this subject called “Social Engineering: The Art of Human Hacking” He defines on his website that Social Engineering is “the act of manipulating a person to accomplish goals that may or may not be in the ‘target’s’ best interest. This may include obtaining information, gaining access, or getting the target to take certain action.” (Hadnagy, 2011). This is the definition of Social Engineering I will be using throughout this paper, and this is perhaps the most dangerous form of attack available to hackers. A Social Engineering attack can be initiated from many different vectors. A phone call could be made by an attacker to extract data. email phishing attacks can be composed to look like a...

Words: 2263 - Pages: 10

Free Essay

Security and Social Engineering

...SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say Something! 1 Objectives Understand the principles of social engineering Define the goals of social engineering Recognize the signs of social engineering Identify ways to protect yourself from social engineering Security is Everyone's Responsibility – See Something, Say Something! 2 What is Social Engineering 1. At its core it is manipulating a person into knowingly or unknowingly giving up information; essentially 'hacking' into a person to steal valuable information. • Psychological manipulation • Trickery or Deception for the purpose of information gathering Security is Everyone's Responsibility – See Something, Say Something! 3 What is Social Engineering 2. It is a way for criminals to gain access to information systems. The purpose of social engineering is usually to secretly install spyware, other malicious software or to trick persons into handing over passwords and/or other sensitive financial or personal information Security is Everyone's Responsibility – See Something, Say Something! 4 What is Social Engineering 3. Social engineering is one of the most effective routes to stealing confidential data from organizations, according to Siemens Enterprise Communications, based in Germany. In a recent Siemens test, 85 percent of office workers were duped...

Words: 608 - Pages: 3

Premium Essay

Social Engineering and Resco Pound

...declared the common goal for its citizens as “to secure to all the citizens of India, justice – Social, Economic and Political”. The eternal value of the constitutionalism is the rule of law which has three facets i.e. rule by law, role under law and rule according to law. Under our constitution, it is the primary responsibility of the state to maintain law and order so that the citizens can enjoy peace and security. The preamble speaks of justice, social economic and political and of equality of status and opportunity. It points out that protecting the interest of the poorer section of the society is the constitutional goal. So this very idea of protecting poor people cannot be promoted without the effective, efficient functions of the legal aid programmes and legal literacy programme. The study relates to the Legal Aid provisions in Constitution and in the code of civil and criminal procedures. 3.1.1 Legal Aid Relevant Constitutional Provisions : Preambular Aspirations and Legal Aid The preamble79 to the Constitution summarises the aims and objectives of the Constitution. It is a legitimate aid in the interpretation of the constitution. It put 79 The Preamble of the Constitution of India declares, WE, THE PEOPLE OF INDIA, having solemnly resolved to constitute India into a SOVEREIGN, SOCIALIST, SECULAR DEMOCRATIC, REPUBLIC and to secure to all its citizens: 1JUSTICE, social, economic and political; LIBERTY of thought, expression, belief, faith and worship; EQUALITY of status...

Words: 21859 - Pages: 88

Premium Essay

It 286 Week 8 Assignment Social Engineering (Latest)

...IT 286 Week 8 Assignment Social Engineering (Latest) Get Tutorial by Clicking on the link below or Copy Paste Link in Your Browser https://hwguiders.com/downloads/286-week-8-assignment-social-engineering-latest/ For More Courses and Exams use this form ( http://hwguiders.com/contact-us/ ) Feel Free to Search your Class through Our Product Categories or From Our Search Bar (http://hwguiders.com/ ) Social Engineering Article Review Malware and phishing are two kinds of computer security issues, which are a growing issue in the world of computer systems these days. With information systems growing faster year-by-year the attacks and those who make them seem to be keeping pace and sometimes even being ahead of the latest software to help protect from these attacks. ASSIGNMENT IS FREE IT 286 Week 8 Assignment Social Engineering (Latest) Get Tutorial by Clicking on the link below or Copy Paste Link in Your Browser https://hwguiders.com/downloads/286-week-8-assignment-social-engineering-latest/ For More Courses and Exams use this form ( http://hwguiders.com/contact-us/ ) Feel Free to Search your Class through Our Product Categories or From Our Search Bar (http://hwguiders.com/ ) Social Engineering Article Review Malware and phishing are two kinds of computer security issues, which are a growing issue in the world of computer systems these days. With information systems growing faster year-by-year the attacks and those who make them seem to...

Words: 2210 - Pages: 9

Premium Essay

Social Engineering

...Social Engineering is a threat, often overlooked but regularly exploited; to take advantage of What has long been considered the weakest link in the security chain, the human factor. Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or internet to trick a person into revealing sensitive information or getting them to do something that is against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. There are many type of social engineering such as phishing. Phishing is the act of sending an email pretending to be from an online store like Amazon or eBay, even a bank like Chase or SunTrust, with the intention of gaining personal information from the recipient. The email usually claims that you need to go to a link provided in the email to update your account information and offend times like real. These types of social engineering work well with people who do not know the policies. The best way to stop this is by making sure everyone is up-to-date on policies and know what to look for, like if you do get an email do not us the email link. Use interactive security training games they provide retainable training results an train your employees how to identify cyber security traps within they also have instant feedback when a threat is assessed incorrectly...

Words: 373 - Pages: 2

Premium Essay

Social Engineering

...Social Engineering Attacks and Counter intelligence Brian Nance CIS 502 Theories of Security Management Strayer University Prof. (Dr.) Gideon Nwatu May, 5, 2013 Describe what social engineering and counterintelligence are and their potential implications to our national security in regard to the leaked Afghan War Diary and the Iraq War Logs “Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures”. (Rouse, 2006) Social engineering is a con game in where a person breaks into a computer network in the efforts to gain the confidence of an authorized user and to get them to reveal information that will compromise their network security. Social engineering relies on the weakest link, which are human beings. Most social engineering attacks happen when attackers send urgent emails or correspondence to an unsuspecting authorized user of an urgent problem that requires immediate network access. According to (Rouse, 2006) these types of social engineering tactics appeal to vanity, a since of authority, or greed. Attackers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Security experts believe people are more dependent on information than ever and social engineering will remain the greatest threat to any security system...

Words: 2232 - Pages: 9

Free Essay

Social Engineering

...Social Engineering Social engineering has become the most popular method of compromising the security of personal data. The successful use of Social Engineering techniques has provided attackers and hackers the ability to breach computer systems and gain access to sensitive data. Many computer hackers have found that it is easier to trick somebody into giving his or her password than to carry out an elaborate hacking attempt. Social engineering is the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. Social engineering involves the use of manipulation to trick others into providing the needed information that can be used to steal data and or gain access to secured systems. Most victims of social engineering attacks never see their attackers and they seldom realize that they have been hacked or manipulated. I personally have sat through safety briefing about social engineering while in the army. Ever since then I have been very cautious about what information I make available to people. I tend to shred any mail or paperwork with possibly valuable information before throwing it in the waste can. I don’t leave stickers on my vehicle that would possibly reveal where I live. The main goal or focus of social engineering is to use human weakness to gain access to secure systems and or data. Despite the implementation of a wide range of security controls and measures into a secured...

Words: 630 - Pages: 3

Premium Essay

Social Engineering

...SOCIAL ENGINEERING INTRODUCTION Social Engineering is using non-technical means to gain unauthorized access to information or system. Normally a hackers would use exploit a systems vulnerabilities and run scripts to gain access. When hackers deploy social engineering they exploit human nature. Social Engineering is represented by building trust relationships with people who work in the inside of the organization to gain access or who are privilege to sensitive information such as usernames, passwords, and personal identification codes which are needed to gain access to information, networks and equipment. An attacker may appear to be trustworthy and authorized, possibly claiming to be a new employee, repair person, researcher and even offering credentials to support that identity. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility. In the past companies would assume if they setup authentication processes, firewalls, virtual private networks, and network-monitoring the software their network would be safe. Social Engineering bypasses the technical security measures and targets the human element in the organization. SOCIAL ENGINEERING ATTACK Social engineering attacks are personal. Hackers understand that employees are often the weakest link in a security system...

Words: 948 - Pages: 4

Premium Essay

Social Engineering

...protect our information and our privacy. Computers around the world are connected via the internet and while this connection allows for easy access to information and communication, it also opens the user up to a new form of crime, social engineering. In my ????? class, Professor ???? talked about one particular example of social engineering dating back to ancient times, the Trojan Horse. It is considered one the most well-known examples of social engineering in history; a hollow statue built by the Greeks to allow them access to the city of Troy. This seemingly harmless wood statue was not apparent to be a threat by the Trojans and unfortunately resulted in the fall of the city of Troy to the Greeks. Social engineering works in somewhat the same way. In modern times it is a way for criminals to access your computer, office or confidential information for illegal purposes. In this paper, I will discuss 3 of the most common types of social engineering attacks; phishing, snooping and dumpster diving. Issues Analysis Firs I want to talk about one of the most common types of social engineering, phishing. Phishing is a computer criminal activity that uses a special engineering as a disguise on a website in order to acquire credit card information, social security, and other important information about the user. The first use of phishing started...

Words: 1031 - Pages: 5

Premium Essay

Social Engineering

...Social Engineering IFSM201 May 3, 2014 According to Tipton (2012) social engineering is a method used to influence a person into sharing information or acting in a manner that would result in unauthorized access to information system, network or data. Social engineering is a form of coning or deceiving someone. (Tipton, 2012, p. 1480) . Protecting organizations information is essential for any organization so they are able to stay in business. Impact by information breach can devastate and organization or individual. With all the looming cyber attacks, financial damage done by the attacks could bring the organization down. Organization would lose their customers, because many people would not want to put their information at risk once a security has been breached. Breaching the information happens more often through human error than computer system; once the information is gained from an employee the gate is wide open for the hackers. According to Hadnagy (2010) FBI has reported that 77% of attacks happened because of disgruntled employees. (Hadnagy, 2010, p. 4). Social engineering is widely used by hackers, instead of attempting to break into a system, hackers would try to gain information directly from an employee of an organization...

Words: 977 - Pages: 4

Free Essay

Social Engineering

...Please list some ways in which a social engineering system hacker can attempt to gain information about a user’s login ID and password. There are two common types of Social engineering 1. Human-Based using personal interaction to collect the desired information. Some techniques are as follows: • Pretending an Employee or Valid User: the hacker access inside the facility to gather information from different sources such as trashcans, desktops, or computer systems. • posing as an Important User: the hackers introduce themselves as an important user such as high-level manager who needs immediate assistance to gain access to a c to be in a position of authority. • Identity Theft: by stealing the employee's identity or fake Id. • Using a Third Person; In this approach, a hacker shows having permission from an authorized source to use a system, especially in a situation that authorized source cannot be contacted for verification because he is on vacation. • Calling Technical Support for assistance is a classic social-engineering technique as help desk personnel are trained to help users, which makes them good source for attacks. • Shoulder Surfing is an approach of gathering passwords by watching over a person's shoulder while they log in to the system. 1. Computer-Based happen when computer software attempts to retrieve the desired information. It can include • Email attachments by sending malware to victim's system, • Fake websites • Pop-up windows • Phishing...

Words: 271 - Pages: 2

Free Essay

Counteracting Social Engineering

...Counteracting Social Engineering John Archibeque BSA 310 Aug. 6, 2012 Social Engineering is the art of tricking people into doing something or giving out secure information by manipulating them with conversation. A person who is skilled in this sort of manipulation can trick people to give up information that normally would be kept secure. If a person is not prepared, they will realize, too late, that they compromised the secure information. There are a few different techniques of social engineering. One form is “Pretexting.” This technique is used to fool a business to give up a customer’s information by supplying a little information to make the victim think you really have the authority to access all their information or account. The pretexter simply prepares answers to questions that might normally be asked by the victim. Another technique is “Phishing.” With this technique, the phisher send an e-mail that looks legitimate to victims asking them to update information for an account they have such as EBay, where they might have credit card information stored. They ask the victim to type in their new credit card information in and some do. A third means of attack is “Baiting.” The attacker might leave an infected disk laying around a business hoping that someone picks it up and installs it in their PC which would then infect it and give them access to their information. These forms of theft or attack happen every day all over the world. It is up to us to make...

Words: 273 - Pages: 2

Free Essay

Cyber Crime

...purpose of this paper. To make sure how important systems security is to our country. In 2001 and 2002 Gary McKinnon hacked into US military computer networks. He Deleted important files in the operating systems in the US army’s district in Washington. Shutting down 2000 computers for 24 hours. He deleted weapons logs and crashed 300 computers for munition’s delivery to the US NAVY. He also broke into NASA networks to search for evidence of UFO cover-ups. In 2009, Albert Gonzalez helped steal about 36 million credit card numbers from TJX ,which cost the company about 160 million Dollars. Literature Review Social engineering is a practice of obtaining confidential information by manipulating users in social communication. In The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick. The Book talks about social engineering and how it is used to gain information in financial, manufacturing, medical, and legal companies to gain access to their networks. I thought this book was important reading for company’s...

Words: 689 - Pages: 3