These "Nigerian prince" emails have been a running joke for decades, but they're still an effective social engineering technique that people fall for: in 2007 the treasurer of a sparsely populated Michigan county gave $1.2 million in public funds to such a scammer in the hopes of personally cashing in. This is the foundation of the classic Nigerian 419 scam, in which the scammer tries to convince the victim to help get supposedly ill-gotten cash out of their own country into a safe bank, offering a portion of the funds in exchange. As any con artist will tell you, the easiest way to scam a mark is to exploit their own greed. We've got all the details in an extensive article on the subject, but for the moment let's focus on three social engineering techniques - independent of technological platforms - that have been successful for scammers in a big way. Social engineering examplesĪ good way to get a sense of what social engineering tactics you should look out for is to know about what's been used in the past. A smishing text uses social dynamics to entice you with a free gift card, but once you tap the link and download malicious code, your attackers will be using their technical skills to gain control of your device and exploit it. This brings up another important point, which is that social engineering can represent a single step in a larger attack chain. For instance, you might not think of phishing or smishing as types of social engineering attacks, but both rely on tricking you-by pretending to be someone you trust or tempting you with something you want-into downloading malware onto your device. While some classic examples of social engineering take place in the "real world"-a man in a FedEx uniform bluffing his way into an office building, for example-much of our daily social interaction takes place online, and that's where most social engineering attacks happen as well. The phrase "social engineering" encompasses a wide range of behaviors, and what they all have in common is that they exploit certain universal human qualities: greed, curiosity, politeness, deference to authority, and so on. Even if you've got all the bells and whistles when it comes to securing your data center, your cloud deployments, your building's physical security, and you've invested in defensive technologies, have the right security policies and processes in place and measure their effectiveness and continuously improve, still a crafty social engineer can weasel his way right through (or around).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |