Tech cons: When social engineering is, well, kinda anti-social

Technology Decoded IMAGEBy Paolo Chlebecek

Picture this: You’re in the lending industry. You get an email from your boss and he says to send one of your accounts a respectably sized loan as it’s gone through approval. As a good employee, you do as you’re told and send off the money through your normal routine of channels. Once the money has been sent and confirmed, you find out it wasn’t your boss but someone who has used an email with only one letter different. The deed is done and the money is gone. What can you do?

Sadly this is no longer an uncommon event. This is usually the work of clever hackers or criminal organizations that target certain companies or individuals. After getting in your email — whether directly through your computer, hacking or even guessing password to the server where your e-mail is stored — they read your email and wait. A carefully formulated scam takes some time, but these evil folks are experts in this field. They have lots of experience and are very adept at trickery.

How can the average person protect themselves? No amount of anti-anything software can keep this away. One term for this exploitation is “social engineering,” i.e. psychological manipulation of people into performing actions or divulging confidential information. It’s the old con game gone digital. It’s been around for a while and will keep rearing its ugly head for the foreseeable future. Longer, probably.

The unfortunate victim in the example above was duped only because the email address and body was extremely close to the typical request. This is what is called pretexting. This is an elaborate lie involving some prior research or setup and the use of this information for pretense to establish legitimacy in the eyes of the target. And it’s only one tool in the big bag of tricks being used these days.

There are also diversions, where the objective is to persuade the person responsible for a legitimate delivery that the item is needed elsewhere. Of course, there’s phishing; you receive an email that appears to come from a legitimate business requesting verification of information. There’s also baiting, which is when you find a CD-ROM or USB flash drive in an obvious location like a bathroom, elevator, sidewalk, parking lot, or just the office floor. It looks like someone just dropped it and instead it has malware on it that could infect your systems. And there’s the even, i.e. quid pro quo, which just means something for something. This is when a criminal calls a company and dials extensions claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem. They will then “help” solve the problem, but in reality, have the user type commands that give the criminal access or launch malware.

There are many more ways evil organizations can gain access to your important data. But it takes diligence for you and everyone involved to keep them at bay. One approach is to train employees how, when, where, and even why sensitive information should be used. Speaking of which, it’s important to be clear about what information is sensitive and evaluating its exposure to social engineering.

Sometimes the simplest measures are the most effective. If a person’s identify can’t be verified, then, per training, an employee should politely refuse to divulge information. Unannounced tests of security protocols work wonders, too. Last, but not least, using Dumpsters or waste bins with locks on them can help, too.

While we can’t defeat every attempt to dupe us, we can sure try. …

*****

Paolo Chlebecek is founder and owner of PaoloTek, which he started in 2003. He loves dogs of all sorts and oddly finds himself driving around town between 2 p.m. and 3 p.m. every weekday. Wave hi when you see him or contact him at Paolo@PaoloTek.Com.

Tags: , , , , , , , ,

4,744 Responses to Tech cons: When social engineering is, well, kinda anti-social

  1. Adult Social Network

    […]Every as soon as inside a while we pick out blogs that we study. Listed beneath would be the most recent websites that we decide on […]

  2. ترمیم مو

    Does your web site have a contact web page? I’m obtaining a challenging time locating it but, I’d like to shoot you an e-mail. I’ve acquired some imaginative tips for your website you may well be intrigued in hearing. Either way, excellent weblog and I…

  3. where is my guardian angel

    […]please stop by the web pages we adhere to, like this 1, because it represents our picks from the web[…]

  4. dieting steps and weightloss advice

    […]Every the moment inside a though we pick blogs that we study. Listed beneath are the latest web sites that we decide on […]

  5. love horoscopes provides secret advantages to enhance your love life

    […]although sites we backlink to beneath are considerably not connected to ours, we feel they are essentially really worth a go as a result of, so possess a look[…]

  6. ERC20 says:

    ERC20

    […]that is the finish of this report. Right here you will come across some sites that we feel you’ll enjoy, just click the links over[…]

  7. ترمیم مو

    Publish far more, thats all I have to say. Virtually, it looks as though you relied on the online video to make your point. You obviously know what youre chatting about, why waste your intelligence on just publishing films to your internet site when yo…

  8. ترمیم مو

    I’m actually loving the theme/design of your world wide web internet site. Do you at any time operate into any internet browser compatibility troubles? A little amount of my weblog viewers have complained about my site not doing work accurately in Expl…

  9. Shoulder brace

    […]usually posts some extremely exciting stuff like this. If you’re new to this site[…]

  10. Gleitcreme says:

    Gleitcreme

    […]check beneath, are some totally unrelated websites to ours, having said that, they’re most trustworthy sources that we use[…]

  11. molybdenum wire

    […]we prefer to honor quite a few other online web sites on the internet, even though they aren’t linked to us, by linking to them. Beneath are some webpages worth checking out[…]

  12. Scissor lift rental miami

    […]check beneath, are some absolutely unrelated sites to ours, nonetheless, they may be most trustworthy sources that we use[…]

Leave a Reply

Celebrating art and science in Greater Prescott.

↓ More ↓