* Different avenues of persuasion * Perception that affect social interaction * Techniques for persuasion and influence.
Social engineers use many different methods to get out information from peoples. To retrieve desired information they can use computer based methods refers to software action or human based methods that refers to person-to-person communication, sometime even both. They can calling and pretend vice president or someone from tech support group, looking over a shoulder or even going through the trash. They can send you spam, chain letters and viruses and do much more to get necessary information! Here is one example of social engineering prepares by Melissa Guenther, LLC. : Mr.Smith: Hello? Caller: Hello, Mr. Smith. This is Fred Jones in tech support. Due to some disk space constraints, we re going to be moving some user s home directories to another disk at 8:00 this evening. Your account will be part of this move, and will be unavailable temporarily. Mr.Smith: Uh, okay. I ll be home by then, anyway. Caller: Good. Be sure to log off before you leave. I just need to check a couple of things. What was your username again, smith? Mr.Smith: Yes. It s smith. None of my files will be lost in the move, will they? Caller: No sir. But I ll check your account just to make sure. What was the password on that account, so I can get in to check your files? Mr.Smith: My password is tuesday, in lower case letters. Caller: Okay, Mr. Smith, thank you for your help. I ll make sure to check you account and verify all the files are there. Mr.Smith: Thank you. Bye. From this conversation we can see how clever and east they cheat information, allow us thinking that we are useful! Statistic said that, at the most risk to social engineering fraud is elderly, because they tend to be more trusting and less familiar with technology. But always there is possibility that everyone can become a victim of social engineer! Because it is so important, make information security awareness training like a part of daily life!
Article source: information security awareness
Bookmark it:


No comments:
Post a Comment