AntiOnline's Fight-Back! - Computer Security

	Site Menu
Home Page New AO Newsletters New Downloads Fight-Back! Discussion Forums Active Threads RSS Top Links List Security Events Hacker Jargon Site FAQ IP Locator

	Tutorial Menu
Main Index AO Related Hardware IRC Networking Newbie Questions Operating Systems Programming Security Web

	Downloads Menu
Main Index Antivirus Cryptography Firewalls Forensics Honeypots Intrusion Detection Keyboard Loggers Password Generators Port Scanners Spam Blockers Spyware Removers

Social Engineering:

This method isn't as romantic as it sounds. It basically involves the hacker lying to a user, in order for them to obtain information, in this case, your password. Here's one simple example of social engineering.

The phone rings:

You: Hello?
Hacker: Hi, this is Mike from Dial-Ups-USA.
You: Ah, you're the ones I get my Internet access through, right?
Hacker: Yeah. That's why I'm calling. Have you tried to access your e-mail today?
You: No, I've had a busy day, why?
Hacker: I know how those go. I've had a busy today too. We had a problem with our mail server. It crashed and all of the user accounts were deleted.
You: Oh, I guess you have been busy then. How long will my account be down?

Hacker: Well, hopefully within the next few minutes. I'm the lucky guy that got chosen to call all of our users and re-establish their accounts. Do you remember what your username is?
You: Username?
Hacker: Yes, that would be the part of your e-mail address that comes before the @ sign.
You: Oh, that would be 'John20' then.
Hacker: Ok, great. I'll add that in here right now.
You: Ok, thanks.
Hacker: What would you like your password to be?
You: Do I need to pick a new one, or can I use the same one that I used before?
Hacker: You can go ahead and use the same one as before.
You: Ok, make it 'YouGotMe' again. This way I won't have to try to remember a new one.
Hacker: Give me a minute to enter it.....Ok, you're all set. The account should be re-activated within the next 10 minutes or so.
You: Ok thanks, I appreciate that.
Hacker: No problem, have a nice day.
You: You too...

I can hear you saying it now. "I'd never fall for something like that." Hackers pray on one simple fact about the average user. If something seems "wrong" to a user, or "out of the ordinary", they almost ALWAYS assume it's because they aren't the expert "Well, I'm not sure what he's talking about, but I don't know a lot about computers, so he must be right."

How do you protect yourself from this type of attack? Have self confidence, and use your common sense. If it walks like a hacker and talks like a hacker, it's probably a hacker.

All times are GMT. The time now is 10:46 PM.