Trust and Deception Social Engineering

Trust and Deception: Social Engineering

Trust and Deception: Social Engineering

Manipulation builds a false sense of security and trust resulting in a desirable response for the manipulator. In technology, manipulation of words and actions to convince a user to provide secure information or download harmful software or viruses is known as social engineering. There are many forms of manipulation/deception used in social engineering. Let us review four of these techniques in more detail.

Phishing is a common technique used to trick computer users into sharing secure information or installing malware. The most cunning phishing scam warned against phishing scams. This scam sent an email from Intuit payroll services to trick the receiver into opening a link to a website containing malware. The individual used financial service language to convince the receiver that they were from Intuit and alerted the receiver if the email message appears to come from Intuit but feel it is a phishing email, to forward it to [email protected]. The best way to detect and protect from these kinds of emails is to access the website associated with the link in a web browser instead of clicking on it. Turning off auto fill provides added protection as well. Similar to phishing is baiting.

Baiting uses the natural curiosity of a victim. A good example of a baiting scheme sees a CD with company logo labeled “Layoffs 2013 – Confidential.” The victim is curious if their name is on the CD. They load the CD and open an excel file with names designated for layoff. Most of the names are unfamiliar, and the victim does not see their name. However, when the victim opened the file, script installed a keylogger on your computer to log your keystrokes. To avoid being baited, your best defense is not to load CDs or USB drives unless you are confident of the source. You can also purchase CD and USB blockers for your computer. The next technique is pretexting which uses manipulation to achieve its goal.

Pretexting involves manipulation to obtain privileged data or encourage an action. A good example of this would be a person impersonating an IT services auditor to convince the company’s physical security staff to provide access to the building. A pretexter usually has all the right information and sounds authoritative. If the details do not add up, or you get a gut feeling that it doesn’t seem truthful, do not engage. Contact the IT department or those in authority who can verify the information. Another form of social engineering, shoulder surfing, also takes advantage of a victim’s vulnerability.

Shoulder surfing involves observing password keystrokes on a keyboard or an ATM. For example, an ATM camera at the Bank of America in Los Angeles showed a suspect standing at a customer’s shoulder while they enter the PIN. The customer leaves while the transaction is still active allowing the suspect to make another transaction. Fortunately, the customer, cautious of the suspect’s movements, double checked the account transactions after using the ATM to verify withdrawals. To deter shoulder surfers from obtaining information, always be aware of those around you, block the view of those around you while entering information, and always make sure the transaction has ended or, if you are using a keyboard, to log off or lock your computer before stepping away.

The best way to recognize social engineering techniques is to learn from experts who have either been a social engineer or who have been attacked by a social engineer. Awareness is the key to creating a secure environment. Technology cannot solve all the problems of information security leaving users vulnerable targets.

References

Schneier, B. (n.d.). Social Engineering: People Hacking. Retrieved November 19, 2015, from http://www.emrisk.com/knowledge-center/newsletters/social-engineering-people-hacking

Rouse, M. (2014, November). What is social engineering? – Definition from WhatIs.com. Retrieved November 19, 2015, from http://searchsecurity.techtarget.com/definition/social-engineering

Sterling, B. (2013, October 10). Phishing scam warns against phishing scams. Retrieved November 19, 2015, from http://www.wired.com/2013/10/phishing-scam-warns-against-phishing-scams/

Christensen, B. (2012, March 14). Intuit “Payroll Processing Request” Malware Email. Retrieved November 19, 2015, from http://www.hoax-slayer.com/intuit-malware-emails.shtml

Dachis, A. (2014, October 17). How to Boost Your Phishing Detection Skills and Avoid Email Scams. Retrieved November 19, 2015, from http://lifehacker.com/5873050/how-to-boost-your-phishing-scam-detection-skills

5 Social Engineering Attacks to Watch Out For. (n.d.). Retrieved November 19, 2015. Retrieved from http://www.tripwire.com/state-of-security/security-awareness/5-social-engineerin

Lambert, P. (2013, November 26). Social engineering red flags and tips for training users – TechRepublic. Retrieved November 19, 2015, from http://www.techrepublic.com/blog/it-security/social-engineering-red-flags-and-tips-for-training-users/

Hanson, J. (n.d.). Spy Secrets That Can Save Your Life Deluxe. Retrieved November 19, 2015, from https://books.google.com/books?id=PTlDCgAAQBAJ&pg=PT90&lpg=PT90&dq=die+hard+4+pretexting+scene&source=bl&ots=9-XjsR4zRs&sig=NIYIevsKKSYsEdVH8QZv_zCAUyg&hl=en&sa=X&ved=0CCkQ6AEwA2oVChMIia3q8N6dyQIVArYaCh0UQwrq#v=onepage&q=die%20hard%204%20pretexting%20scene&f=falsehttps://books.google.com/books?id=PTlDCgAAQBAJ&pg=PT90&lpg=PT90&dq=die+hard+4+pretexting+scene&source=bl&ots=9-XjsR4zRs&sig=NIYIevsKKSYsEdVH8QZv_zCAUyg&hl=en&sa=X&ved=0CCkQ6AEwA2oVChMIia3q8N6dyQIVArYaCh0UQwrq#v=onepage&q=die%20hard%204%20pretexting%20scene&f=false

Kravets, D. (2012, March 27). FBI Says Citibank Gave Paul Allen’s Debit Card to Thief. Retrieved November 19, 2015, from http://www.wired.com/2012/03/paul-allen-debit-card-caper/

Park, C. (2014, October 30). LAPD warns of ‘shoulder surfer’ accessing ATM accounts in Panorama City – MyNewsLA.com. Retrieved November 19, 2015, from http://mynewsla.com/crime/2014/10/30/lapd-detectives-warn-shoulder/

Place an Order

Plagiarism Free!

Scroll to Top