Wednesday, May 5, 2010

Social Engineering

The use of Social Media and psychological methods to fool computer users into an action.

This can take many forms from phishing emails to bogus webpages. Increasingly the Social Networks are being used to achieve these goals, some of which is in the guise of legitimate 3rd party apps.

This topic is in the process of being expanded. There is a page from my website entitled "Physhing"

In general, Social Engineering is the use of what appears to be legitimate information and using that to get the reader to do something that may not even be related to the original information. Most commonly the form that this takes is an email that tells you that your account has been compromised and that you need to click on a link to go to the appropriate website so that you can fix the problem. In most cases this is exactly what you shouldn't do.

This is not exclusive to email and the same techniques are used in other areas of the Internet. Websites can be complete fabrications and now Social Media such as Facebook and Twitter are falling victims of Social Engineering. In some cases Facebook could be seen a one gigantic example of Social Engineering.

2 comments:

Leak.sx said...

SEing is the art of manipulating petsons so that they give up confidential info.
The different types of data these "artists" are looking for can vary,
but when citizens are the target of the "artists" arre often trying to fool you into handing them your passkey or bank information, or access your
desktop to secretly install trojan software–that let them access to your passwords and credit card information ass well as giving
them access over your desktop.

Criminals use Social Engineering tactics because
it is usually easy to trick your inclination to trust than it is to discover ways to
hack your software. Foor example, it is much simple to trick a person into giving you their passkey than it is for you to try hacking their password.


Security is all about knowing what to trust. Knowing when, and whhen not
to, to take a person at their word; when to trust that the people you are talking with is really tthe
people you think you are chatting with; when too see that a website is oor isn’t real; when to believe that the people
on the phone is or isn’t authentic; when providing yoyr data is or
isn’t a good idea.

Ask every security manager and they will all tell you you that the weakest
link in the protection chain is the human who accepts a person or event
aat face value.

Also visiot my webpage :: Leak.sx

UK Musings said...

I really do think that you should read my website page on your antics:

SE Forums

However, like most spammers that leave comments such as yours I doubt if you will return.