Social Engineering

In: Computers and Technology

Submitted By CamelBlue1
Words 977
Pages 4
Social Engineering

IFSM201 May 3, 2014

According to Tipton (2012) social engineering is a method used to influence a person into sharing information or acting in a manner that would result in unauthorized access to information system, network or data. Social engineering is a form of coning or deceiving someone. (Tipton, 2012, p. 1480) . Protecting organizations information is essential for any organization so they are able to stay in business. Impact by information breach can devastate and organization or individual. With all the looming cyber attacks, financial damage done by the attacks could bring the organization down. Organization would lose their customers, because many people would not want to put their information at risk once a security has been breached. Breaching the information happens more often through human error than computer system; once the information is gained from an employee the gate is wide open for the hackers. According to Hadnagy (2010) FBI has reported that 77% of attacks happened because of disgruntled employees. (Hadnagy, 2010, p. 4). Social engineering is widely used by hackers, instead of attempting to break into a system, hackers would try to gain information directly from an employee of an organization. One of the well-known hackers said ”Hackers are breaking the system for profit. Before, it was about intellectual curiosity and pursuit of knowledge and thrill, and now hacking is big business”. Hackers would try to get to know the employee, gain user and server name or secret code, found out system gaps or try to get special access rights. According to Al-Johani (2013) when this happens…...

Similar Documents

Counteracting Social Engineering

...Counteracting Social Engineering John Archibeque BSA 310 Aug. 6, 2012 Social Engineering is the art of tricking people into doing something or giving out secure information by manipulating them with conversation. A person who is skilled in this sort of manipulation can trick people to give up information that normally would be kept secure. If a person is not prepared, they will realize, too late, that they compromised the secure information. There are a few different techniques of social engineering. One form is “Pretexting.” This technique is used to fool a business to give up a customer’s information by supplying a little information to make the victim think you really have the authority to access all their information or account. The pretexter simply prepares answers to questions that might normally be asked by the victim. Another technique is “Phishing.” With this technique, the phisher send an e-mail that looks legitimate to victims asking them to update information for an account they have such as EBay, where they might have credit card information stored. They ask the victim to type in their new credit card information in and some do. A third means of attack is “Baiting.” The attacker might leave an infected disk laying around a business hoping that someone picks it up and installs it in their PC which would then infect it and give them access to their information. These forms of theft or attack happen every day all over the world. It is up to us to......

Words: 273 - Pages: 2

Social Engineering

...SOCIAL ENGINEERING INTRODUCTION Social Engineering is using non-technical means to gain unauthorized access to information or system. Normally a hackers would use exploit a systems vulnerabilities and run scripts to gain access. When hackers deploy social engineering they exploit human nature. Social Engineering is represented by building trust relationships with people who work in the inside of the organization to gain access or who are privilege to sensitive information such as usernames, passwords, and personal identification codes which are needed to gain access to information, networks and equipment. An attacker may appear to be trustworthy and authorized, possibly claiming to be a new employee, repair person, researcher and even offering credentials to support that identity. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility. In the past companies would assume if they setup authentication processes, firewalls, virtual private networks, and network-monitoring the software their network would be safe. Social Engineering bypasses the technical security measures and targets the human element in the organization. SOCIAL ENGINEERING ATTACK Social engineering attacks are personal. Hackers understand that employees are often the weakest link in a security......

Words: 948 - Pages: 4

Social Engineering

...protect our information and our privacy. Computers around the world are connected via the internet and while this connection allows for easy access to information and communication, it also opens the user up to a new form of crime, social engineering. In my ????? class, Professor ???? talked about one particular example of social engineering dating back to ancient times, the Trojan Horse. It is considered one the most well-known examples of social engineering in history; a hollow statue built by the Greeks to allow them access to the city of Troy. This seemingly harmless wood statue was not apparent to be a threat by the Trojans and unfortunately resulted in the fall of the city of Troy to the Greeks. Social engineering works in somewhat the same way. In modern times it is a way for criminals to access your computer, office or confidential information for illegal purposes. In this paper, I will discuss 3 of the most common types of social engineering attacks; phishing, snooping and dumpster diving. Issues Analysis Firs I want to talk about one of the most common types of social engineering, phishing. Phishing is a computer criminal activity that uses a special engineering as a disguise on a website in order to acquire credit card information, social security, and other important information about the user. The first use of phishing started as far back in the 1990s when AOL had to deal with the hackers signing on as employees requesting billing and other information from......

Words: 1031 - Pages: 5

Social Engineering

... Social Engineering Attacks and Counter intelligence Brian Nance CIS 502 Theories of Security Management Strayer University Prof. (Dr.) Gideon Nwatu May, 5, 2013 Describe what social engineering and counterintelligence are and their potential implications to our national security in regard to the leaked Afghan War Diary and the Iraq War Logs “Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures”. (Rouse, 2006) Social engineering is a con game in where a person breaks into a computer network in the efforts to gain the confidence of an authorized user and to get them to reveal information that will compromise their network security. Social engineering relies on the weakest link, which are human beings. Most social engineering attacks happen when attackers send urgent emails or correspondence to an unsuspecting authorized user of an urgent problem that requires immediate network access. According to (Rouse, 2006) these types of social engineering tactics appeal to vanity, a since of authority, or greed. Attackers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Security experts believe people are more dependent on information than ever and social engineering will remain the greatest threat to any......

Words: 2232 - Pages: 9

Social Engineering Attacks and Counterintelligence

...Table of Contents Ethical and Social Issues In Information System 1 Chapter one 3 Introduction to the Study 3 Context of the Problem 4 Statement of the Problem 5 Research Questions 6 Introduction 6 Research Question 6 Research Question 7 Research Question 7 Significance of the Study 8 Research Design and Methodology 9 Organization of the study 9 Literature Review 10 Introduction 10 References 14 Chapter one Introduction to the Study Ethical and social issues in information system is a combination of the benefits and disadvantages of using computer and computer related devices, social networks versus our ethics, morals and beliefs. The importance and reliability of computer in our day to day running of human life cannot be over emphasized. Social networking platforms may allow organizations to improve communication and productivity by disseminating information among different groups of employees in a more efficient manner, resulting in increased productivity. While it is not meant to be all-inclusive, there are a lot of problems faced by its usage in younger generations, businesses use, and the even medical field. The social media comes with risks as it opens up the possibility for hackers to commit fraud, launch spam and virus attacks, and also increases the......

Words: 3249 - Pages: 13

Social Engineering Attacks and Counterintelligence

...Case Study 2: Social Engineering Attacks and Counterintelligence Marilyn Washington Dr. Gideon U. Nwatu CIS 502 November 3, 2013 Abstract The topic of this paper is “Social Engineering Attacks and Counterintelligence.” Social engineering attacks and counterintelligence have major impacts to our national security. In July 2010, the Afghan War Diary was released in WikiLeaks. In October 2010, WikiLeaks also released the largest military leak in history – the Iraq War Logs revealing the war occupation in Iraq. This type of information is considered as classified data by the Department of Defense. Social Engineering Attacks and Counterintelligence Describe what social engineering and counterintelligence are and their potential implications to our national security in regard to the leaked Afghan War Diary and Iraq War Logs. WikiLeaks is an open website that reveals classified documents to the general public. Voice of America stated that “WikiLeaks releases 400,000 classified US Military files (Pessin, 2010). WikiLeaks is a serious threat to national security. WikiLeaks is a threat for three reasons: reveals the identities of operatives, defaces the name of the USA to foreign countries, and threatens the safety of the USA. A danger of WikiLeaks is it reveals the identities of operatives both foreign and domestic. WikiLeaks allows the names of many allies and operative missions to be posted on a public website. This type of exposure endangers many......

Words: 1115 - Pages: 5

Social Engineering

...Social Engineering is a threat, often overlooked but regularly exploited; to take advantage of What has long been considered the weakest link in the security chain, the human factor. Social engineering is the practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or internet to trick a person into revealing sensitive information or getting them to do something that is against typical policies. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. There are many type of social engineering such as phishing. Phishing is the act of sending an email pretending to be from an online store like Amazon or eBay, even a bank like Chase or SunTrust, with the intention of gaining personal information from the recipient. The email usually claims that you need to go to a link provided in the email to update your account information and offend times like real. These types of social engineering work well with people who do not know the policies. The best way to stop this is by making sure everyone is up-to-date on policies and know what to look for, like if you do get an email do not us the email link. Use interactive security training games they provide retainable training results an train your employees how to identify cyber security traps within they also have instant feedback when a threat is assessed......

Words: 373 - Pages: 2

Social Engineering

...Social Engineering Social engineering has become the most popular method of compromising the security of personal data. The successful use of Social Engineering techniques has provided attackers and hackers the ability to breach computer systems and gain access to sensitive data. Many computer hackers have found that it is easier to trick somebody into giving his or her password than to carry out an elaborate hacking attempt. Social engineering is the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. Social engineering involves the use of manipulation to trick others into providing the needed information that can be used to steal data and or gain access to secured systems. Most victims of social engineering attacks never see their attackers and they seldom realize that they have been hacked or manipulated. I personally have sat through safety briefing about social engineering while in the army. Ever since then I have been very cautious about what information I make available to people. I tend to shred any mail or paperwork with possibly valuable information before throwing it in the waste can. I don’t leave stickers on my vehicle that would possibly reveal where I live. The main goal or focus of social engineering is to use human weakness to gain access to secure systems and or data. Despite the implementation of a wide range of security controls and measures into a......

Words: 630 - Pages: 3

Social Engineering

...Social engineering is one of the most successful types of attacks users can be subjected to. Companies can spend thousands of dollars on top of the line protection for the system, but how do you protect from the user? These type of attacks can happen to the most novice of computer users all the way up to the masters of the IT field. Common social engineering attacks can happen over the phone, in person or even just over the internet without direct social interaction. A lot of people believe they couldn’t possibly be a victim of social engineering attacks . A quote from Joan Goodchild’s article from Chris Roberts, a security consultant, discuses these feelings: “"So many people look at themselves or the companies they work for and think, 'Why would somebody want something from me? I don't have any money or anything anyone would want,'?" he said. "While you may not, if I can assume your identity, you can pay my bills. Or I can commit crimes in your name. I always try to get people to understand that no matter who the heck you are, or who you represent, you have a value to a criminal. " Popular social engineering attacks happen and are successful because of the need for social compliance. Most people want to help others, especially if that is your job (ie customer service representatives or help desk personnel). Being an employee in customer service can prove challenging when it comes to battling these attacks. “Social engineering is......

Words: 1344 - Pages: 6

Social Engineering

...Please list some ways in which a social engineering system hacker can attempt to gain information about a user’s login ID and password. There are two common types of Social engineering 1. Human-Based using personal interaction to collect the desired information. Some techniques are as follows: • Pretending an Employee or Valid User: the hacker access inside the facility to gather information from different sources such as trashcans, desktops, or computer systems. • posing as an Important User: the hackers introduce themselves as an important user such as high-level manager who needs immediate assistance to gain access to a c to be in a position of authority. • Identity Theft: by stealing the employee's identity or fake Id. • Using a Third Person; In this approach, a hacker shows having permission from an authorized source to use a system, especially in a situation that authorized source cannot be contacted for verification because he is on vacation. • Calling Technical Support for assistance is a classic social-engineering technique as help desk personnel are trained to help users, which makes them good source for attacks. • Shoulder Surfing is an approach of gathering passwords by watching over a person's shoulder while they log in to the system. 1. Computer-Based happen when computer software attempts to retrieve the desired information. It can include • Email attachments by sending malware to victim's system, • Fake websites • Pop-up windows • Phishing...

Words: 271 - Pages: 2

Social Engineering

...“You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” Kevin Mitnick [4] Social engineering is one of the ways hackers get an access to sensitive information, such as passwords, access codes, credit card numbers, etc. Instead of breaking into a computer system, the persuasive hackers trick people into giving up the information on their own. [1] According to the Security and Risk website, social engineering attacks are very costly for businesses. For example, once hackers get the needed log in information, they can then spy on an organization’s activity and transactions. Annually, an organization can lose thousands of dollars on such attacks. New employees are the primary victims that become the prey of hackers via phishing emails and social networking sites. [2] The most common method of social engineering attacks is phishing or spam scams. The victim receives an urgent email where he or she asked to follow a link to verify the account number or any other “important” data. Hackers use well known organizations and banks’ logos and these kinds of emails are very convincing. There are different variations to this method, though. Instead of phony emails, a victim can receive a phony call from an “authority” or an IT specialist that tries to get the sensitive information from a victim. Also, there are different variations to it when hackers pretend to be......

Words: 508 - Pages: 3

It 286 Week 8 Assignment Social Engineering (Latest)

...IT 286 Week 8 Assignment Social Engineering (Latest) Get Tutorial by Clicking on the link below or Copy Paste Link in Your Browser http://hwguiders.com/downloads/286-week-8-assignment-social-engineering-latest/ For More Courses and Exams use this form ( http://hwguiders.com/contact-us/ ) Feel Free to Search your Class through Our Product Categories or From Our Search Bar (http://hwguiders.com/ ) Social Engineering Article Review Malware and phishing are two kinds of computer security issues, which are a growing issue in the world of computer systems these days. With information systems growing faster year-by-year the attacks and those who make them seem to be keeping pace and sometimes even being ahead of the latest software to help protect from these attacks. ASSIGNMENT IS FREE IT 286 Week 8 Assignment Social Engineering (Latest) Get Tutorial by Clicking on the link below or Copy Paste Link in Your Browser http://hwguiders.com/downloads/286-week-8-assignment-social-engineering-latest/ For More Courses and Exams use this form ( http://hwguiders.com/contact-us/ ) Feel Free to Search your Class through Our Product Categories or From Our Search Bar (http://hwguiders.com/ ) Social Engineering Article Review Malware and phishing are two kinds of computer security issues, which are a growing issue in the world of computer systems these days. With information systems growing faster year-by-year the attacks and those who make them seem to...

Words: 2210 - Pages: 9

Security and Social Engineering

...SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say Something! 1 Objectives Understand the principles of social engineering Define the goals of social engineering Recognize the signs of social engineering Identify ways to protect yourself from social engineering Security is Everyone's Responsibility – See Something, Say Something! 2 What is Social Engineering 1. At its core it is manipulating a person into knowingly or unknowingly giving up information; essentially 'hacking' into a person to steal valuable information. • Psychological manipulation • Trickery or Deception for the purpose of information gathering Security is Everyone's Responsibility – See Something, Say Something! 3 What is Social Engineering 2. It is a way for criminals to gain access to information systems. The purpose of social engineering is usually to secretly install spyware, other malicious software or to trick persons into handing over passwords and/or other sensitive financial or personal information Security is Everyone's Responsibility – See Something, Say Something! 4 What is Social Engineering 3. Social engineering is one of the most effective routes to stealing confidential data from organizations, according to Siemens Enterprise Communications, based in Germany. In a recent Siemens test, 85 percent of office workers were......

Words: 608 - Pages: 3

Social Engineering and Resco Pound

...declared the common goal for its citizens as “to secure to all the citizens of India, justice – Social, Economic and Political”. The eternal value of the constitutionalism is the rule of law which has three facets i.e. rule by law, role under law and rule according to law. Under our constitution, it is the primary responsibility of the state to maintain law and order so that the citizens can enjoy peace and security. The preamble speaks of justice, social economic and political and of equality of status and opportunity. It points out that protecting the interest of the poorer section of the society is the constitutional goal. So this very idea of protecting poor people cannot be promoted without the effective, efficient functions of the legal aid programmes and legal literacy programme. The study relates to the Legal Aid provisions in Constitution and in the code of civil and criminal procedures. 3.1.1 Legal Aid Relevant Constitutional Provisions : Preambular Aspirations and Legal Aid The preamble79 to the Constitution summarises the aims and objectives of the Constitution. It is a legitimate aid in the interpretation of the constitution. It put 79 The Preamble of the Constitution of India declares, WE, THE PEOPLE OF INDIA, having solemnly resolved to constitute India into a SOVEREIGN, SOCIALIST, SECULAR DEMOCRATIC, REPUBLIC and to secure to all its citizens: 1JUSTICE, social, economic and political; LIBERTY of thought, expression, belief, faith and worship; EQUALITY of......

Words: 21859 - Pages: 88

Sec440 Social Engineering

...Recommendations for Security Measures SEC440 Abstract A social engineering attack is a threat that can be both the most effective attack, as well as the most devastating. This paper will detail some of the strategies of identifying and circumventing a social engineering attempt on an organization. I will give real world examples of social engineering attacks and how the attack was able to succeed in easily infiltrating an organization’s IT systems. . Recommendations for Security Measures Dictionary.com defines Social Engineering as “the application of the findings of social science to the solution of actual social problems.” (Dictionary.com, 2011). However in the Information Security world we use this word in a more specific sense. Christopher Hadnagy wrote a great book on this subject called “Social Engineering: The Art of Human Hacking” He defines on his website that Social Engineering is “the act of manipulating a person to accomplish goals that may or may not be in the ‘target’s’ best interest. This may include obtaining information, gaining access, or getting the target to take certain action.” (Hadnagy, 2011). This is the definition of Social Engineering I will be using throughout this paper, and this is perhaps the most dangerous form of attack available to hackers. A Social Engineering attack can be initiated from many different vectors. A phone call could be made by an attacker to extract data. email phishing attacks can be composed to look like......

Words: 2263 - Pages: 10