Tech cons: When social engineering is, well, kinda anti-social

Technology Decoded IMAGEBy Paolo Chlebecek

Picture this: You’re in the lending industry. You get an email from your boss and he says to send one of your accounts a respectably sized loan as it’s gone through approval. As a good employee, you do as you’re told and send off the money through your normal routine of channels. Once the money has been sent and confirmed, you find out it wasn’t your boss but someone who has used an email with only one letter different. The deed is done and the money is gone. What can you do?

Sadly this is no longer an uncommon event. This is usually the work of clever hackers or criminal organizations that target certain companies or individuals. After getting in your email — whether directly through your computer, hacking or even guessing password to the server where your e-mail is stored — they read your email and wait. A carefully formulated scam takes some time, but these evil folks are experts in this field. They have lots of experience and are very adept at trickery.

How can the average person protect themselves? No amount of anti-anything software can keep this away. One term for this exploitation is “social engineering,” i.e. psychological manipulation of people into performing actions or divulging confidential information. It’s the old con game gone digital. It’s been around for a while and will keep rearing its ugly head for the foreseeable future. Longer, probably.

The unfortunate victim in the example above was duped only because the email address and body was extremely close to the typical request. This is what is called pretexting. This is an elaborate lie involving some prior research or setup and the use of this information for pretense to establish legitimacy in the eyes of the target. And it’s only one tool in the big bag of tricks being used these days.

There are also diversions, where the objective is to persuade the person responsible for a legitimate delivery that the item is needed elsewhere. Of course, there’s phishing; you receive an email that appears to come from a legitimate business requesting verification of information. There’s also baiting, which is when you find a CD-ROM or USB flash drive in an obvious location like a bathroom, elevator, sidewalk, parking lot, or just the office floor. It looks like someone just dropped it and instead it has malware on it that could infect your systems. And there’s the even, i.e. quid pro quo, which just means something for something. This is when a criminal calls a company and dials extensions claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem. They will then “help” solve the problem, but in reality, have the user type commands that give the criminal access or launch malware.

There are many more ways evil organizations can gain access to your important data. But it takes diligence for you and everyone involved to keep them at bay. One approach is to train employees how, when, where, and even why sensitive information should be used. Speaking of which, it’s important to be clear about what information is sensitive and evaluating its exposure to social engineering.

Sometimes the simplest measures are the most effective. If a person’s identify can’t be verified, then, per training, an employee should politely refuse to divulge information. Unannounced tests of security protocols work wonders, too. Last, but not least, using Dumpsters or waste bins with locks on them can help, too.

While we can’t defeat every attempt to dupe us, we can sure try. …

*****

Paolo Chlebecek is founder and owner of PaoloTek, which he started in 2003. He loves dogs of all sorts and oddly finds himself driving around town between 2 p.m. and 3 p.m. every weekday. Wave hi when you see him or contact him at Paolo@PaoloTek.Com.

Tags: , , , , , , , ,

4,990 Responses to Tech cons: When social engineering is, well, kinda anti-social

  1. دوربین

    Fantastic weblog! I found it while surfing about on Yahoo Information. Do you have any ideas on how to get listed in Yahoo Information? I have been trying for a although but I by no means seem to be to get there! Cheers

  2. دوربین

    usually posts some amazingly intriguing things like this. If youre new to this website

  3. دوربین

    Hello there colleagues, how is all, and what you would like for to say about this post, in my look at its truly incredible developed for me.

  4. دوربین

    Hello there! Do you know if they make any plugins to aid with Search Motor Optimization? I’m trying to get my website to rank for some focused key phrases but I’m not observing quite very good outcomes. If you know of any make sure you share. Value it!

  5. college scholarships

    […]always a major fan of linking to bloggers that I appreciate but do not get a good deal of link really like from[…]

  6. دوربین

    If you are going for most exceptional contents like myself, just go to see this internet site each day simply because it presents characteristic contents, many thanks

  7. کابینت

    My developer is making an attempt to persuade me to shift to .web from PHP. I have constantly disliked the thought simply because of the costs. But he’s tryiong none the considerably less. I have been using Movable-type on a variety of internet sites f…

  8. کابینت

    Fantastic story, reckoned we could merge many unrelated info, nevertheless genuinely really value having a look for, whoa did 1 certain master about Mid East has got a whole lot much more problerms also

  9. کابینت

    Howdy there! Do you know if they make any plugins to aid with Research Engine Optimization? I’m making an attempt to get my weblog to rank for some targeted keywords and phrases but I’m not looking at quite good benefits. If you know of any remember to…

  10. کابینت

    Wonderful blog! I discovered it although browsing all around on Yahoo News. Do you have any tips on how to get listed in Yahoo Information? I’ve been attempting for a even though but I in no way seem to be to get there! Cheers

  11. vpn ایفون

    One was produced only for demonstrating seconds and small although a distinct one utilizing minute graduations is manufactured for implying several hours.

Leave a Reply

Celebrating art and science in Greater Prescott.

↓ More ↓