Posts Subscribe to Revolution ChurchComments

Your Ad Here
IVC Inc. Match.com

Social Engineering Facts


Social engineering exploits human nature by convincing someone to reveal information or perform an activity. Examples of social engineering include:

Impersonating support staff or management, either in person or over the phone.
Asking for someone to hold open a door rather than using a key for entrance.
Spoofed e-mails that ask for information or ask for tasks to be performed (such as delete a file or go to a Web site and enter sensitive information).
Looking on desks for usernames and passwords.
Specific social engineering attacks include:
Attack Description
Dumpster diving
Dumpster diving is the process of looking in the trash for sensitive information that has not been properly disposed of.

Shoulder surfing

Shoulder surfing involves looking over the shoulder of someone working on a computer.

Piggybacking

Piggybacking refers to an attacker entering a secured building by following an authorized employee.

Masquerading

Masquerading refers to convincing personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access.
The attacker usually poses as a member of senior management.
A scenario of distress is fabricated to the user to convince them that their actions are necessary.

Eavesdropping

Eavesdropping refers to an unauthorized person listening to conversations of employees or other authorized personnel discussing sensitive topics.
Phishing Phishing uses an e-mail and a spoofed Web site to gain sensitive information. In a phishing attack:

A fraudulent message that appears to be legitimate is sent to a target.
The message requests the target to visit a Web site which also appears to be legitimate.
The fraudulent Web site requests the slave to provide sensitive information such as the account number and password.

Hoax virus
information e-mails is a form of a phishing attack. This type of attack preys on e-mail recipients who are fearful and will believe most information if it is presented in a professional manner. All too often, the victims of these attacks fail to double check the information or instructions with a reputable third party antivirus software vendor before implementing the recommendations. Usually these hoax messages instruct the reader to delete key system files or download Trojan horses.

screenshot Of reader Lens

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Advertisement

 

Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com