Tuesday, March 3, 2015

MUST READ: Things you should Know About Social Engineering (Internet Scamming) Part One

Social engineering AKA Internet Scamming, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
The term "social engineering" as an act of psychological manipulation is also associated with the social sciences, but its usage has caught on among computer and information security professionals.

Ways Through Which Social Engineering (Internet Scamming) Is Performed
All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases. One example of social engineering is when you receive an email from your bank requesting you to forward your ATM card details. No bank will require such information via sms, email or even telephone. 

Pretexting. Also known in the UK as blagging or bohoing, is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances. An elaborate lie, it most often involves some prior research or setup and the use of this information for impersonation (e.g., date of birth, BVN, ATM pin/card number, last bill amount) to establish legitimacy in the mind of the target.
Phishing. is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business a bank, or credit card company requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate with company logos and content and has a form requesting everything from a home address to an ATM card's PIN.
For example, early this year my Boss received a supposedly e-mail from yahoo, requiring him to update his yahoo account information with a link provided.
Diversion theft. Diversion theft, also known as the "Corner Game" or "Round the Corner Game", originated in the East End of London.
In summary, diversion theft is a "con" exercised by professional scammers, normally against a transport or courier company. The objective is to persuade the persons responsible for a legitimate delivery that the consignment is requested elsewhere — hence, "round the corner" and it goes to the wrong person (scammer).
Baiting. Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive or CD-ROM, in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.
Quid pro quo. A quid pro quo is when an attacker requests personal information from a party in exchange for something desirable. For example, an attacker could request login credentials in exchange for a free gift.
Spam. Spam is unsolicited junk email.
Spear phishing. Spear phishing is like phishing, but tailored for a specific individual or organization. In these cases, the attacker is likely trying to uncover confidential information specific to the receiving organization in order to obtain financial data or trade secrets.
Tailgating. Tailgating is when an unauthorized party follows an authorized party into an otherwise secure location, usually to steal valuable property or confidential information. This often involves subverting keycard access to a secure building or area by quickly following behind an authorized user and catching the door or other access mechanism before it closes.
I hope this has been informative to you? Part two of this will teach us how to counter Social Engineering (Internet Scamming)

1 comments:

Post a Comment