Social Engineering - The Real E-Terrorism?
One evening, during the graveyard shift, an AOL technical support operator took a call from a hacker. During the hour long conversation the hacker mentioned he had a car for sale. The technical support operator expressed an interest so the hacker sent him an e-mail with a photo of the car attached. When the operator opened the attachment it created a back door that opened a connection out of AOL's network, through the firewall, allowing the hacker full access to the entire internal network of AOL with very little effort on the hacker's part.
The above is a true story and it is an excellent example of one of the biggest threats to an organisation's security - social engineering. It has been described as people hacking and it generally means persuading someone inside a company to volunteer information or assistance.
Examples of techniques employed by hackers include:
- Unobtrusively observing over your shoulder as you key in your password or PIN.
- Calling helpdesks with questions or being overly friendly
- Pretending to be someone in authority.
Social engineering attacks can have devastating consequences for the businesses involved. Accounts can be lost, sensitive information can be compromised, competitive advantage can be wiped out and reputation can be destroyed.
By implementing some simple techniques you can reduce the risk of your organisation becoming a victim or, in the event that you are targeted, keep the consequences to a minimum.
- Make sure that all staff, especially non-IT staff, are aware of the risk of social engineering and what to do in the event of such an attack.
- Conduct regular security awareness training so that all staff are kept up to date with security related issues.
- Implement a formal incident reporting mechanism for all security related incidents to ensure there is a rapid response to any breaches.
- Ensure that the company has security policies and procedures in place, that all staff are aware of them and that they are followed.
- Put an information classification system in place to protect sensitive information.
Conduct regular audits, not only on IT systems but also on policies, procedures and personnel so that any potential weaknesses can be addressed as soon as possible.
About The Author
Rhona Aylward has extensive experience in the area of Quality Management and more recently in Information Security Management. She is a qualified Lead Auditor for BS7799 and CEO for Alpha Squared Solutions Ltd.
www.a2solutions.co.uk, raylward@a2solutions.co.uk
|
|
|
|
|
|
|
Criminals are Fishing For Your Identity
What is Phishing? In a typical Phishing attack, a criminal... Read More
Top 10 tips for Safe Internet Shopping
Over £5 billion pounds was spent on online shopping in... Read More
New Mass Mailing Spamming Internet Trojan for the Windows Platform
May. 16th 2005 - MicroWorld has reported the discovery of... Read More
How to Get Rid of New Sobig.F Virus?
As you know, this time the virus under the name... Read More
Eliminate Adware and Spyware
Everyone should eliminate spyware and adware from your hard drive... Read More
5 Tips For An Unbreakable Password
Despite the current wave of identity theft and corporate security... Read More
Backup and Save your business!
There you are busily typing away on your PC or... Read More
Identity Theft Article ? A Phisher Is Trying To Steal Your Identity!
Sooner or later everyone with an email account will receive... Read More
Whats All This I Hear About Firewalls?
At this point, if you've got the whole "turning the... Read More
Temporary Internet Files - the Good, the Bad, and the Ugly
A little bit of time invested into learning about internet... Read More
Social Engineering - The Real E-Terrorism?
One evening, during the graveyard shift, an AOL technical support... Read More
How to Protect Yourself from Viruses, Spyware, Adware, and Other Nuisances
Spyware/adware is a new major concern for PC users everywhere.... Read More
7 Ways to Spot a PayPal Scam E-Mail
Paypal is a great site and is used by many... Read More
Corporate Security for Your Home Business
The words Corporate Security may conjure up images of a... Read More
Pharming - Another New Scam
Pharming is one of the latest online scams and rapidly... Read More
The Important Steps To Protect Your Kids on the Internet
Internet is the ocean of knowledge. In this ocean you... Read More
Mail Forwarding - Why Would You Do It?
First of all we need to get some terms stated.... Read More
Burning Bridges is Bad, But Firewalls are Good
When you signed up for that ultra-fast DSL or Cable... Read More
How to Protect Yourself Against Online Criminals
Credit card fraud is a growing problem for online businesses... Read More
Phishing - A High Tech Identity Theft With A Low Tech Solution
Have you ever got an email asking you to confirm... Read More
The Top Twelve Threats No Computer User Should Ignore
The internet is undoubtedly a fantastic resource for families and... Read More
Anti-Spyware Protection: Behind How-To Tips
There is no doubt that "how-to articles" have become a... Read More
All About Computer Viruses
Your computer is as slow as molasses. Your mouse freezes... Read More
Email Scams ? Ten Simple Steps To Avoiding Them
According to the Anti-Phishing Working Group (APWG) email scams also... Read More
How Can Someone Get Private Information From My Computer?
From the "Ask Booster" column in the June 17, 2005... Read More
Phishing - Learn To Identify It
Phishing: (fish'ing) (n.)This is when someone sends you an email... Read More
HackAttack
P C. owners are constantly at risk from attacks by... Read More
What Every Internet Marketer Should Know About Spyware
If you run any type of Internet business, Adware and... Read More
Wireless Network Security
Working from home has its advantages, including no commute, a... Read More
DOS Attacks: Instigation and Mitigation
During the release of a new software product specialized to... Read More
Viruses and Worms: The Problems and Their Solutions
History and BackgroundThe virus was one of the first ever... Read More
Fishing for Fortunes. Scam!
Spelt phishing, but pronounced as above, this despicable act is... Read More
Is That Free Stuff Like An iPod Or Desktop Computer Really Free?
Have you seen the web site, www.freestuff.com? Or have you... Read More
Blogs as Safe Haven for Cybercriminals?
To blog or not to blog? Well, why not? Lots... Read More
Phishing: A Scary Way of Life
The Federal Bureau of Investigation has identified "phishing" as the... Read More
Top Five Online Scams
The top five online scams on the Internet hit nearly... Read More
Make Money Online - Latest Scam Disclosed
Before we start, I want to make it clear that... Read More
Cybercriminals Trick: Targeted Trojan-Containing Emails
Threats we ordinary Web users face online leave us no... Read More
Viruses and Worms, Protection from Disaster
Virus damage estimated at $55 billion in 2003. "SINGAPORE -... Read More
Data Security; Are Your Company Assets Really Secure?
Is your data secure? Think again. Securing data is unlike... Read More
How to Protect Yourself from Viruses, Spyware, Adware, and Other Nuisances
Spyware/adware is a new major concern for PC users everywhere.... Read More
5 Tips For An Unbreakable Password
Despite the current wave of identity theft and corporate security... Read More
Virus and Adware - Fix them Both!
We all get the odd virus now and then, but... Read More
8 Surefire Ways to Spot an EBAY Scam E-Mail and Protect Yourself from Identity Theft
Ebay is a great site and is used by many... Read More
Desktop Security Software Risks - Part 1
This is the second in a series of articles highlighting... Read More
Backup and Save your business!
There you are busily typing away on your PC or... Read More
Dialing Up a Scam: Avoiding the Auto-Dialer Virus
For many, the daily walk to the mailbox evokes mixed... Read More
How to Know Whether an Email is a Fake or Not
A few nights ago I received an email from "2CO"... Read More
Phishing ? Its Signs and Your Options
Phishing is the act of some individual sending an email... Read More
Password Security and Safety
There is nothing more important that password security in world... Read More
Another Fine Mess!
I'm in the Anti-Spyware business, and I'm doing a lot... Read More
5 Simple Steps to Protect your Digital Downloads
A couple of days ago, I was searching for a... Read More
Five Excellent Indie Encryption And Security Solutions You Have Not Heard About
Geek SuperheroGeek Superhero watches your computer for changes, immediately notifying... Read More
Top 10 tips for Safe Internet Shopping
Over £5 billion pounds was spent on online shopping in... Read More
How to Protect Yourself Against Online Criminals
Credit card fraud is a growing problem for online businesses... Read More
All About Computer Viruses
Your computer is as slow as molasses. Your mouse freezes... Read More
Traditional Antivirus Programs Useless Against New Unidentified Viruses!
Every now and then you can read about a new... Read More
Hacking the Body Via PDA Wireless Device
First I would like to stress I am condoning the... Read More
Email Hoaxes, Urban Legends, Scams, Spams, And Other CyberJunk
The trash folder in my main inbox hit 4000 today.... Read More
Its War I Tell You!
There are ways to insure security though. You can get... Read More
Identity Theft - Dont Blame The Internet
Identity theft ? also known as ID theft, identity fraud... Read More
Internet Identity Theft - How You Can Shield Yourself
With the advent of the World Wide Web, a whole... Read More
Internet Shopping - How Safe Is It?
Millions of people make purchases online, but many people are... Read More
Spyware Removal
Spyware SolutionProbably Today's Biggest Computer Problem. You Suffer Without Knowing... Read More
Ransom Trojan Uses Cryptography for Malicious Purpose
Every day millions of people go online to find information,... Read More
Why you Must Secure your Digital Product and Thank You Web Page
A couple of years back, I paid my dues the... Read More
Internet Security |