Blog: Preecher on LiveVideo.com

Gender: Male
Status: Taken
Age: 34
Sign: Aquarius
State: Florida
Country:

United States

Email Blog to a Friend

	Today	Week	Total
Posts	0	0	7
Comments	1	1	1
Views	2	10	423
Thumbs Up	0	0	0

Blog Archive

2008

May

Social engineering
You Are Being Watched
Comcast Domain Hacked
Its Been Awhile
Whats Up
Crazy People
Wal-Mart

THURSDAY, MAY 29, 2008 (10:01 PM)

Return to Preecher's blog

Social engineering

(I'm feeling accomplished)

Social engineering is the art of manipulating people into performing actions or divulging confidential information.[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access and in most cases the attacker never comes face-to-face with the victim.

Social engineering techniques and terms

Pretexting
Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a target to release information or perform an action and is typically done over the telephone. It's more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information (e.g. for impersonation: date of birth, Social Security Number, last bill amount) to establish legitimacy in the mind of the target.

This technique is often used to trick a business into disclosing customer information, and is used by private investigators to obtain telephone records, utility records, banking records and other information directly from junior company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager (e.g., to make account changes, get specific balances, etc).

As most U.S. companies still authenticate a client by asking only for a Social Security Number, date of birth, or mother's maiden name, the method is effective in many situations and will likely continue to be a security problem in the future.

Pretexting can also be used to impersonate co-workers, police, bank, tax authorities or insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the target. The pretexter must simply prepare answers to questions that might be asked by the target. In some cases all that is needed is a voice of the right gender, an earnest tone and an ability to think on one's feet.

Voice over IP programs are starting to become a standard in pretexting, as it is harder to track an IP address than a phone number, making the pretexter less vulnerable to capture.

Phishing

Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an email that appears to come from a legitimate business — a bank, or credit card company — requesting "verification" of information and warning of some dire consequence if it is not done. The letter usually contains a link to a fraudulent web page that looks legitimate — with company logos and content — and has a form requesting everything from a home address to an ATM card's PIN.

For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay’s site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately

Category: Web, HTML, Tech

64 Views | 0 Thumb Up | 1 Comment

Add Comment | Email

Comments & Responses

Post Comment

Posted Jun 17, 08 by SanDiegoWebDesign
And Blogging is a technique for sharing tons of useless, keyword laden information!