Securing the Human

Published on February 2017 | Categories: Documents | Downloads: 21 | Comments: 0 | Views: 121
of 1
Download PDF   Embed   Report

Comments

Content

Social engineering
Now let s learn how cyber criminals compromise our computers and steal our informa
tion. One of the main techniques cyber criminals use is called social engineerin
g. Social engineering is the art of human manipulation or lying. It is when an a
ttacker pretends to be someone or something you know or trust, such as your bank
, a legitimate organization or even a friend or co-worker. They then use that tr
ust to get what they want, often by simply asking for it. Let s take a look at a r
eal world example of a social engineering attack.
You receive a phone call from someone claiming to be from a computer support com
pany. They explain your computer is behaving abnormally, such as scanning the In
ternet, and believe it is infected with a virus. They have been tasked to invest
igate the issue and help you secure your computer. They then use a variety of te
chnical terms and take you through confusing steps to convince you your computer
is infected.
For example they may ask you if there are specific files on your computer and ex
plain how to find them. When you locate these files, the caller will then confir
m your computer is infected, when in reality these files are nothing more than c
ommon system files that every computer has.
Or perhaps they ask you to download and install a program to give them remote ac
cess to your computer. The caller will explain that he or she is taking actions
to investigate the virus infection, when in reality they are disabling key servi
ces to scare you into believing that your computer is badly infected.
Once they have tricked you into believing your computer is infected, they will t
hen pressure you into buying their security software. However, the software they
are selling is not security software; it is actually an infected program that w
ill give them total control of your computer. In the end, not only has the cyber
criminal fooled you into infecting your computer for them, but you just paid th
em to do it.
Social engineering attacks like these are not limited to just phone calls; crimi
nals can use almost any technology to fool you, including email, instant messagi
ng or even do it in person.
Remember, social engineering is nothing more than the cyber criminal building tr
ust with you, then abusing that trust to get what they want. If you get an email
, message or phone call that seems odd or suspicious, it may be an attack. Commo
n indicators of a social engineering attack include people asking for informatio
n they should not have access to or creating a sense of urgency. If you believe
someone is attempting to trick or fool you, simply hang up the phone or ignore t
he email and contact the help desk or information security team right away.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close