Sunday, November 28, 2010

SOCIAL ENGINEERING

What kind of Engineering is this ?


Social engineering
is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. This also refers to Reverse Engineering.



Phishing:

Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate bank or credit card company, requesting verification of information and warning of some dire consequence if it is not provided.
The e-mail usually contains a link to a fraudulent web page that seems legitimate with company logos and content and has a form requesting everything from a home address to an ATM card's PIN. 



  


Pretexting:

This technique can be used to trick a business into disclosing customer information as well as by private investigators to obtain telephone records, utility records, banking records and other information directly from junior company service representatives.

A high profile case of pretexting occurred in 2006 in which HP hired private investigators to investigate a large leak of confidential information. The private investigators impersonated HP board members and several journalists in attempts to gain call records and other personal information.



 

Vishing:

Vishing or Phone Phishing is the criminal practice of using social engineering over the telephone system, most often using features facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward.

This technique uses a rogue Interactive voice response (IVR) system to recreate a legitimate-sounding copy of a bank or other institution's IVR system.




 

Baiting:


Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the victim.
In this attack, the attacker leaves a malware infected floppy disk,
CD ROM, or USB flash drive in a location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and curiosity-piquing label, and simply waits for the victim to use the device.





 


Notable Social Engineers:


Kevin David Mitnick (born August 6, 1963) is a computer security consultant and author. In the late 20th century, he was convicted of various computer- and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States.

He popularized the term social engineering, pointing out that it is much easier to trick someone into giving a password for a system than to spend the effort to crack into the system.






Films on Social Engg:



Catch Me If You Can is a 2002 American biopic-crime film based on the life of Frank Abagnale Jr., who, before his 19th birthday, successfully conned millions of dollars by posing as a Pan American World Airways pilot, a Georgia doctor and Louisiana attorney and parish prosecutor.

His primary crime was cheque forgery, becoming so skillful that the FBI eventually turned to him for help in catching other cheque forgers.





 

Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...

No comments:

Post a Comment

If you like this post, comment please...