Definition of Social Engineering
Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or getting them to do something that is against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes.
|
|
Social Engineering
|
|
Identity Theft
In the first section of this white paper, we discuss some recent high-profile examples of identity theft and how several countries define this type of fraud (Internet-related or not) and its scope. In the second section, we examine both the criminals and their techniques (traditional and new) to better understand how identity theft has evolved in recent years. The third section focuses on the victims and the consequences of identity theft. Using recent studies, we measure the extent of this phenomenon from a quantitative and financial point of view. Finally, we offer recommendations for prevention and protection for individuals and companies.
Read the Article
|
Client-Side Defense Against Web-Based Identity Theft
Web spoofing is a significant problem involving fraudulent email and web sites that trick unsuspecting users into revealing private information. We discuss some aspects of common attacks and propose a framework for client-side defense: a browser plug-in that examines web pages and warns the user when requests for data may be part of a spoof attack. While the plugin, SpoofGuard, has been tested using actual sites obtained through government agencies concerned about the problem, we expect that web spoofing and other forms of identity theft will be continuing problems in coming years.
Read the Article
|
The Science of Social Engineering48 min 14 sec
DefCon 15 at the Riviera Hotel and Casino in Las Vegas, Nevada. The Science of Social Engineering: NLP, Hypnosis and the Science of Persuasion presented by Mike Murray.
Watch the Video
|
Social Engineering, the USB Way
In the past we had used a variety of social engineering tactics to compromise a network. Typically we would hang out with the smokers, sweet-talk a receptionist, or commandeer a meeting room and jack into the network. This time I knew we had to do something different. We heard that employees were talking within the credit union and were telling each other that somebody was going to test the security of the network, including the people element.
Read the Article
|
Corporate Identity Fraud: Life-Cycle Management of Corporate Identity Assets
As organizations move from the "bricks and mortar" way of doing business to the modern market place of bit and bytes, new intangible corporate assets are being created. These assets must be protected. Traditional protections are not appropriate or effective. Therefore, new techniques, technologies and protections are warranted.
Read the Article
|
Mitigation of Social Engineering Attacks in Corporate America
In this paper, I will describe the enemy and his various methods and strategies of attack to access this information. Based on these attack modes, I will propose various methods to mitigate, or even eliminate, the impact of a social engineering assault on a corporate security system. As my conclusion, I will briefly discuss ongoing steps that a security team can take that will help to ensure continual compliance with security policy. Although titled and focused on Corporate America, the concepts discussed in this paper are universally applicable.
Read the Article
|
Social Engineering
A classic social engineering trick is for a hacker to send email claiming to be a system administrator. The hacker will claim to need your password for some important system administration work, and ask you to email it to him/her. As we explain later, it's possible for a hacker to forge email, making it look like it came from somebody you know to be a legitimate system administrator. Often the hacker will send this message to every user on a system, hoping that one or two users will fall for the trick.
Read the Article
|
Social Engineering: The Human Side Of Hacking
Hackers, and possibly even corporate competitors, are breeching companies' network security every day. The latest survey by the Computer Security Institute and the FBI shows that 90% of the 503 companies contacted reported break-ins within the last year.
Read the Article
|
The Weakest Link: Social Engineering
To demonstrate how easily security breaches happen, I asked our department heads to attend a meeting on social engineering. Much to their dismay I explained how within 30 seconds I could break into our system and gain mid-level access to our (then) state-of-the art system, by making one phone call, without using my access code. They didn't believe me; they didn't want to believe the veil of security could dissolve so quickly. So I showed them how it's done. Randomly, I selected one of the department managers, making sure I did not know her personally. I chose Kelly Blake, who happened to be late to the meeting.
Read the Article
|
The Threat of Social Engineering and Your Defense Against It
There are several methods that the malicious individual can use to try to breach the information security defenses of an organization. The human approach, often termed Social Engineering, is one of them. This paper describes Social Engineering and its cost to the organization. It discusses the various forms of Social Engineering, and how they take advantage of human behavior. It also discusses ways to fight and prevent social engineering attacks, and highlights the importance of policy and education in winning the battle.
Read the Article
|
|
|
Page: 1 2 3
Members currently browsing this category:
|
|
