I went
online to the college I am attending to see what the course requirements are to
graduate with a Social Engineering degree and was flummoxed (I finally used
that word… Awesome) to find out there aren't any….. I’m being facetious of
course. You know what a Social Engineer
(SE) is but a lot of people do not. I
walked through my office today and asked some very smart folks what the definition
of an SE is and I was very surprised to find out that only 64% (7 of 11) of my
colleagues knew. Some of these guys and
gals are really smart too, so imagine my surprise if not dismay with my
findings. If they do not know what an SE
is, then I think it is safe to say that the general public is less informed, I
will be generous and say maybe only half know what they are. Maybe it is just the fancy name, “Social
Engineer”, it sounds so non-threatening but official, but either way, very sad.
The
reason for the long winded diatribe is that I continue to get those bank notices
in my e-mail or the SMS on my phone telling me that I need to log into the link
conveniently provided, and look at the issues that have arisen. With all my accounts, I have these types of
notifications set up so I expect to get them from time to time. Here is where I do my due diligence though,
even when I get them I delete them immediately so no one will click on the link
by accident, then log into the web site the way I normally would and see if
there is indeed a problem, if there is, I deal with it. I only use one e-mail account for these types
of notifications but on occasion, I receive one on a different e-mail
account that I have never set up on any account. These I know for sure are
scams.
Social
Engineering is on the rise in the past several years and these con-artists are
really starting to get sophisticated in how they approach their targets (See
how I used Target in this post J), I digress.. We all need to
take a few minutes or even more and do some research on this subject and be on
the lookout for these types of attacks.
So far, I have only focused on e-mails and SMS, a good SE will have many
other types of attacks that they can use to solicit information from you. Other types of “Human Hacking” include Phishing, Pre-texting, Hoaxes, Tailgating, Shoulder Surfing just to name a few.. Take a moment and do a search
on all of these words and get a better understanding of what they are and how
an SE can use them to manipulate you. No
links on this post, don’t want you to think I am trying to scam you. But, I
will ask you to look up a blog by Neil DuPaul (2013) titled: Hacking the mind: How & Why Social
Engineering Works. Found at Veracode.com.
It really discusses these topics in greater detail in a way I could not.
PARTING
SHOTS:
Remember
the movie “The Sting” it is one of my favorites of all time. Today’s SE is a Redford or Newman character
but can CON you from the comfort of their mothers basement. They can reach their hands into your pockets
electronically and you wouldn't know about it until it was way too late and the
damage is done. Be very leery of anyone
you do not know and even leery of those you do, these Con artists can be very
persuasive and even very powerful people.
You ever hear of Bernie Madoff?
No comments:
Post a Comment