Social Engineering Abuses CIS 5370 - Computer Security Kasturi Pore Ravi Vyas What is it? Public Definition from wikipedia.org “Social engineering is the art of manipulating people into performing actions or divulging confidential information” Gartner Research Group :
CIS 5370 - Computer Security
Public Definition from wikipedia.org
“Social engineering is the art of manipulating people into performing actions or divulging confidential information”
Gartner Research Group :
“the manipulation of people, rather than machines, to successfully breach the security systems.”
Kevin Mitinic was incarcerated in February1995 with more 25 charges.
In his book “Art of deception” he stated he did not use any hacking tools or software programs but used social engineering to obtain the passwords and secrets.
Three Israli brothers: Ramy, Muzher, and Shadde Badir had 44 charges against them.
Damages around $2 million
On September 16, 2008 an internet activist group 'anonymous‘gained access to governor Palin's email account email@example.com.
firstname.lastname@example.orgDOB 2/11/64ZIP 99687
The attacker typically sends an email that appears to come from a legitimate source like a bank or credit card company, asking to verify some information and warns of dire consequences if action is not taken
The attacker created a very legitimate sounding copy of an organization’s IVR(Interactive voice response) system. The attacker will send an email urging people to call on the toll free number to verify information. On calling, they will readily give their information
They take advantage of the greed and curiosity of people to propagate malware. They come as email attachments with attractive subject lines which, when opened introduce a virus in the system
These are like physical Trojan horses. The attacker leaves malware infected physical media like CD ROM with legitimate but curious labels around the workplace which when inserted by any attacker will cause the system to be infected.