Social Engineering: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
'''Social Engineering''' is a type of non-technical retrieval of confidential information or gain of access to computer systems. It makes use of characteristics in human behaviour. |
'''Social Engineering''' is a type of non-technical retrieval of confidential information or gain of access to computer systems. It makes use of characteristics in human behaviour. |
||
== Example: |
== Example: password retrieval via telephone == |
||
''Hi, |
''Hi,'' |
||
this is Mallory Malicious from the IT security company. You know, I'm responsible for improving your network's safety. Excuse me for using your time, but I have changed the security mode. Now all users have to be updated if they are to have access again. Would you please give me your user name and password, so I can adjust your account properly? |
''this is Mallory Malicious from the IT security company. You know, I'm responsible for improving your network's safety. Excuse me for using your time, but I have changed the security mode. Now all users have to be updated if they are to have access again. Would you please give me your user name and password, so I can adjust your account properly?'' |
||
Thank you very much'' |
''Thank you very much'' |
||
'''Obtained user name and password for access on foreign network.''' |
'''Obtained user name and password for access on foreign network.''' |
||
⚫ | |||
''Dear Sir or Madam,'' |
|||
''we, the IT security company are responsible for administering your corporate's network. We caught a security hole. Fixing it is of utmost importance to the company. Please download and install the security fix now:'' |
|||
⚫ | |||
⚫ | |||
''http :// www .reliable-looking-web-address .net/security_fix_2004-11-16.zip'' |
|||
⚫ | |||
⚫ | |||
''Thanks for your cooperation'' |
|||
⚫ | |||
⚫ | |||
'''Installed backdoor or botnet client.''' |
|||
⚫ | |||
== Example: "socially engineered" worm via mail == |
|||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
⚫ | |||
'''Deleted system files and spread a worm.''' |
'''Deleted system files and spread a worm.''' |
Revision as of 20:10, 14 November 2004
Social Engineering is a type of non-technical retrieval of confidential information or gain of access to computer systems. It makes use of characteristics in human behaviour.
Example: password retrieval via telephone
Hi,
this is Mallory Malicious from the IT security company. You know, I'm responsible for improving your network's safety. Excuse me for using your time, but I have changed the security mode. Now all users have to be updated if they are to have access again. Would you please give me your user name and password, so I can adjust your account properly?
Thank you very much
Obtained user name and password for access on foreign network.
Example: backdoor install via mail
Dear Sir or Madam,
we, the IT security company are responsible for administering your corporate's network. We caught a security hole. Fixing it is of utmost importance to the company. Please download and install the security fix now:
http :// www .reliable-looking-web-address .net/security_fix_2004-11-16.zip
Thanks for your cooperation
Installed backdoor or botnet client.
Example: "socially engineered" worm via mail
Hi Alice,
have you heard of this horrible ABC virus? I have been infected! All my files were deleted. It's a total chaos.
If you have this virus you MUST delete it! It hides in your C:\WINDOWS\SYSTEM folder. Look there and delete the EMM386.exe!
Be sure to post this mail to all your friends, too! They might be infected.
Bob
Deleted system files and spread a worm.