Joel Esler, handler from Dshield posted a very good example of Social Engineering. It is worth looking at.
Social Engineering, just by asking!
Published: 2007-11-21,Last Updated: 2007-11-21 15:03:38 UTCby Joel Esler (Version: 1)
A reader wrote in to tell us about a spam he received that read like this:
"I'm a computer engineer at Islamic University of Gaza(IUG), the network of my university hacked in the last few months , now I design a secure model to repair the network security system in IUG but my experience still little, so I hope that I can obtain a diagram or flowchart or map of your university network security system to study it and see how can apply it in IUG system."
I guess that's a good way of getting information about your network innards instead of hacking it "hey, can you just send me your visio diagram!? That'd be great, kthnkx!"
Bold.
Gotta watch out for that Social Engineering. It's the basis of all those bank, visa, mastercard, etc... spams. Phishes, and whatever other things are out there now-a-days. Counting on a "uneducated" user to click and fill out some information.
Joel Esler
http://handlers.sans.org/jesler
No comments:
Post a Comment