Archive for hacking

Social Engineering

Posted in School with tags , , on November 2, 2008 by Lance Strzok

Social Engineering

1. What are the different kinds of social engineering schemes? Describe at least three different types.

A) IVR- The use of Interactive Voice Response systems or systems that sound like them to get customers to give up their information to the IVR or get forwarded to a customer service person (bad guy) who will try to resolve your problems for you when the IVR appears to fail.

B) Baiting- Leaving a disk or thumbdrive with juicy title on it inside or near the targeted company that when inserted into a machine on the network likely enables the hacker access to the network or causes damage to the network security.

C) Quid Pro Quo- An attacker calls random numbers in a company posing as an IT support person and offers to help solve a problem for a user and requires information from the user to help them. May be started by causing problems with the network to begin with, followed up with the calls to the users.

2. How prevalent are social engineering schemes such as phishing? Are the rates of such attacks growing or diminishing?

It appears that the frequency of phishing is increasing and that there are some efforts for finding and dealing with phishing problems. An example of one of these efforts is discussed at the URL below.

http://www.cio.com/article/143952/Microsoft_Plays_Detective_to_Determine_Phishing_Frequency

3. List the necessary steps you should take to ensure you do not become a victim.

Use a firewall, use phishing filters, don’t use media you don’t know anything about, scan media before use, be aware of schemes and don’t give out information.

4. List several key organizations that can help if you are a victim of this type.

http://www.usdoj.gov/criminal/fraud/websites/idtheft.html

http://www.fbi.gov/

http://www.fdic.gov/consumers/consumer/news/cnfall97/wallet.html

http://www.treas.gov/usss/

Advertisements