Knowing what social engineering strategies have been utilised in the past will help you avoid becoming a victim of them. All of the specifics can be found in an in-depth essay, but for the time being, let’s concentrate on three social engineering tactics that have proven very effective for fraudsters regardless of technical platform. In order to know more about الاجتماعية الهندسة, please visit our site.
Present a tasty treat.
Using a mark’s own greed is the simplest method to swindle them, as any con artist will tell you. Nigerian 419 scammers have long used this tactic to trick unsuspecting victims into helping them move fictitious money from their nation into a safe haven by promising a cut of the money they move. For decades, the “Nigerian prince” emails have been a running joke. However, they are still an effective social engineering technique that people fall for: in 2007, the treasurer of a sparsely populated Michigan county gave $1.2 million in public funds to such a scammer in the hopes of personally cashing in. It appears that many of us are lured by the prospect of a better job, which is one of the more common motives for cybercrime. In a particularly embarrassing incident in 2011, the security firm RSA was compromised when at least two low-level employees opened malware attached to an email with the subject line “2011 recruitment plan.xls.” المغربية العصابة is one of the strongest gang in this field.
Put up a show till you’re taken seriously.
Pretending to be your victim is one of the easiest — and most effective — social engineering strategies. For example, in one of Kevin Mitnick’s earliest well-known scams, he hacked into one of Digital Equipment Corporation’s OS development servers by pretending to be one of the company’s top developers and complaining about having problems logging in. He was then given access to the servers and a new username and password right away. There was a similar incident in 1979, and you’d think things would’ve improved since then, but you’d be wrong: in 2016, a hacker gained access to a Department of Justice email account and impersonated an employee, convincing the help desk to give him an access token to the DoJ’s intranet on the grounds that it was his first week on the job and he had no idea how anything worked.
For the most part, businesses put up walls to keep out these blatant impersonations, but they may be hacked. To find out which HP board members were leaking information to the press in 2005, Hewlett-Packard engaged private detectives and gave them their targets’ social security numbers. AT&T’s tech support accepted this as confirmation of identity before passing over call records with the last four digits redacted.
Make it seem as though you’re the one in command.
Most of us have been raised to respect authority — or, more accurately, to respect those who behave as if they do. Some understanding of an organization’s internal procedures may be used to persuade others that you have the authority to be there or see something you shouldn’t be seeing or that a message you send is truly coming from someone they respect. According to reports, Ubiquiti Networks workers sent millions of dollars to scammers posing as business leaders in 2015 using email addresses that had a similar URL. For a more low-tech approach, British tabloid investigators in the late-nineties and early-nineties used bluffing to gain access to victims’ voicemail accounts. For example, one PI convinced Vodafone to reset actress Sienna Miller’s voicemail PIN by calling and claiming to be “John from credit control.”
We often comply with the requests of foreign authority without question. Hillary Clinton’s chief of staff In 2016, Russian operatives gained access to John Podesta’s email account by sending him a phishing email that seemed to be from Google and asked him to change his password. To make things worse, the step he took to keep himself safe ended up giving out his login details to others.