Security News

Patches

Site Menu
  • Home Page
    •
  • New AO Newsletters
    •
  • New Downloads
    •
  • Fight-Back!
    •
  • Discussion Forums
    •
  • Active Threads RSS
    •
  • Top Links List
    •
  • Security Events
    •
  • Hacker Jargon
    •
  • Site FAQ
    •
  • IP Locator
    •

    Tutorial Menu
  • Main Index
    •
  • AO Related
  • Hardware
    •
  • IRC
    •
  • Networking
    •
  • Newbie Questions
    •
  • Operating Systems
    •
  • Programming
    •
  • Security
    •
  • Web
    •

    Downloads Menu
  • Main Index
    •
  • Antivirus
    •
  • Cryptography
    •
  • Firewalls
    •
  • Forensics
    •
  • Honeypots
    •
  • Intrusion Detection
    •
  • Keyboard Loggers
    •
  • Password Generators
    •
  • Port Scanners
    •
  • Spam Blockers
    •
  • Spyware Removers
    •

    Social Engineering:

    This method isn't as romantic as it sounds. It basically involves the hacker lying to a user, in order for them to obtain information, in this case, your password. Here's one simple example of social engineering.

    The phone rings:

    You: Hello?
    Hacker: Hi, this is Mike from Dial-Ups-USA.
    You: Ah, you're the ones I get my Internet access through, right?
    Hacker: Yeah. That's why I'm calling. Have you tried to access your e-mail today?
    You: No, I've had a busy day, why?
    Hacker: I know how those go. I've had a busy today too. We had a problem with our mail server. It crashed and all of the user accounts were deleted.
    You: Oh, I guess you have been busy then. How long will my account be down?
    Hacker: Well, hopefully within the next few minutes. I'm the lucky guy that got chosen to call all of our users and re-establish their accounts. Do you remember what your username is?
    You: Username?
    Hacker: Yes, that would be the part of your e-mail address that comes before the @ sign.
    You: Oh, that would be 'John20' then.
    Hacker: Ok, great. I'll add that in here right now.
    You: Ok, thanks.
    Hacker: What would you like your password to be?
    You: Do I need to pick a new one, or can I use the same one that I used before?
    Hacker: You can go ahead and use the same one as before.
    You: Ok, make it 'YouGotMe' again. This way I won't have to try to remember a new one.
    Hacker: Give me a minute to enter it.....Ok, you're all set. The account should be re-activated within the next 10 minutes or so.
    You: Ok thanks, I appreciate that.
    Hacker: No problem, have a nice day.
    You: You too...

    I can hear you saying it now. "I'd never fall for something like that." Hackers pray on one simple fact about the average user. If something seems "wrong" to a user, or "out of the ordinary", they almost ALWAYS assume it's because they aren't the expert "Well, I'm not sure what he's talking about, but I don't know a lot about computers, so he must be right."

    How do you protect yourself from this type of attack? Have self confidence, and use your common sense. If it walks like a hacker and talks like a hacker, it's probably a hacker.



    All times are GMT +1. The time now is 07:35 AM.

    Contact Us - AntiOnline.com - Archive - Top


    Powered by vBulletin® Version 3.8.4
    Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.

    Back To The Fight-Back! Index