Social Engineering: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
'''Social Engineering''' is a type of non-technical retrieval of confidential information or gain of access to computer systems. It makes use of characteristics in human behaviour.
'''Social Engineering''' is a type of non-technical retrieval of confidential information or gain of access to computer systems. It makes use of characteristics in human behaviour.


== Example: telephone call ==
== Example: password retrieval via telephone ==
''Hi,
''Hi,''


this is Mallory Malicious from the IT security company. You know, I'm responsible for improving your network's safety. Excuse me for using your time, but I have changed the security mode. Now all users have to be updated if they are to have access again. Would you please give me your user name and password, so I can adjust your account properly?
''this is Mallory Malicious from the IT security company. You know, I'm responsible for improving your network's safety. Excuse me for using your time, but I have changed the security mode. Now all users have to be updated if they are to have access again. Would you please give me your user name and password, so I can adjust your account properly?''


Thank you very much''
''Thank you very much''


'''Obtained user name and password for access on foreign network.'''
'''Obtained user name and password for access on foreign network.'''


== Example: backdoor install via mail ==
''Dear Sir or Madam,''


''we, the IT security company are responsible for administering your corporate's network. We caught a security hole. Fixing it is of utmost importance to the company. Please download and install the security fix now:''
== Example: virus warning in a mail ==
''Hi Alice,


''http :// www .reliable-looking-web-address .net/security_fix_2004-11-16.zip''
have you heard of this horrible ABC virus?
I have been infected! All my files were deleted. It's a total chaos.


''Thanks for your cooperation''
If you have this virus you MUST delete it!
It hides in your C:\WINDOWS\SYSTEM folder. Look there and delete the EMM386.exe!


'''Installed backdoor or botnet client.'''
Have this mail posted to all your friends, too! They might be infected.


== Example: "socially engineered" worm via mail ==
Bob''
''Hi Alice,''

''have you heard of this horrible ABC virus?''
''I have been infected! All my files were deleted. It's a total chaos.''

''If you have this virus you MUST delete it!''
''It hides in your C:\WINDOWS\SYSTEM folder. Look there and delete the EMM386.exe!''

''Be sure to post this mail to all your friends, too! They might be infected.''

''Bob''


'''Deleted system files and spread a worm.'''
'''Deleted system files and spread a worm.'''

Revision as of 20:10, 14 November 2004

Social Engineering is a type of non-technical retrieval of confidential information or gain of access to computer systems. It makes use of characteristics in human behaviour.

Example: password retrieval via telephone

Hi,

this is Mallory Malicious from the IT security company. You know, I'm responsible for improving your network's safety. Excuse me for using your time, but I have changed the security mode. Now all users have to be updated if they are to have access again. Would you please give me your user name and password, so I can adjust your account properly?

Thank you very much

Obtained user name and password for access on foreign network.

Example: backdoor install via mail

Dear Sir or Madam,

we, the IT security company are responsible for administering your corporate's network. We caught a security hole. Fixing it is of utmost importance to the company. Please download and install the security fix now:

http :// www .reliable-looking-web-address .net/security_fix_2004-11-16.zip

Thanks for your cooperation

Installed backdoor or botnet client.

Example: "socially engineered" worm via mail

Hi Alice,

have you heard of this horrible ABC virus? I have been infected! All my files were deleted. It's a total chaos.

If you have this virus you MUST delete it! It hides in your C:\WINDOWS\SYSTEM folder. Look there and delete the EMM386.exe!

Be sure to post this mail to all your friends, too! They might be infected.

Bob

Deleted system files and spread a worm.