Archive for April, 2010

Social Engineering Warning

Friday, April 2nd, 2010

Social Engineering is at the root of almost all malicious attacks online these days.

What is Social Engineering?
Social Engineering is a technique used by malicious attackers to make people believe the attacker is someone they are not. ¬†A recent example: ¬†An attacker hacks someone’s email account and goes through all of their email trying to find some identifying material they can use to appear like the owner of the hacked account. ¬†The attacker then sends out emails to everyone in the address book of the hacked account and sends and email saying that they were traveling to Europe and lost all of their money, passport and whatever else they had with them. ¬†They are asking you to send a few thousand dollars to an address in Europe to they can pay their hotel bill and come back home. ¬†This may sounds convincing, but it is 100% fake.

How do I protect myself from Social Engineering?
Following this simple rule can protect you from almost everything. ¬†If something looks somewhat suspicious, it probably is. ¬†If you ever get an email from someone that is out of the ordinary, verify that it came from the sender before doing what it says. ¬†NEVER click a link or reply to an email with login information to any site. ¬†Also, never trust someone calling you on the phone. ¬†Caller ID can be spoofed and cannot be relied upon. ¬†If a company calls you asking to verify your information, take the person’s name and call them back with the companies number in the phone book or on their website.

Other forms of Social Engineering to be aware of.
One common form of Social Engineering today is websites posing as antiviruses.  Never click on something that claims to be your antivirus, but is not.  If you have Norton, ignore messages from anything other than Norton.  If you have McAffe, only pay attention to the McAffe messages.  If you get a message from some other antivirus, close the window.  If when you close the window it tries to download a file, click NO and close the larger browser window.