Social Engineering
You
may have probably received phone calls at some time saying that you have won a
huge sum of money, calls originating from unknown numbers. If anyone responds
to these calls either due to greed, or ignorance, they are surely heading for
trouble. What they are basically doing, is to try and get confidential
information out of you, or get you to deposit some amount of money in some
account to help you get the huge sum of money they claim that you have won.
This and various other techniques used by fraudsters to get you to give out
information, forms part of a concept known as Social Engineering.
Social
Engineering is the
art of getting confidential information from people using techniques like Phishing
(when a malicious user sends email disguised as mail coming from a trusted
source), Baiting (when an attacker coaxes you to install malware on your
computer by providing you some incentive to do that, and you unknowingly fall
for the bail), Pretexting (someone for example trying to call you and
getting your bank information under the pretext of calling from your bank) and
using Scare ware (someone sending you a message to say your phone is
infected with virus and then forcing you to buy a software to take care of it)
etc.… There are a whole lot of other techniques fraudsters use to get
confidential information.
Here
is a classic example of one such incident. One of my uncles who is a Doctor
(and has very little knowledge of Technology), gets a phone call from a
fraudster claiming to be from Google saying “We suspect your account is
being abused, can you please give us your username and password so we can track
the culprits”. Guess what? My uncle gave them his Gmail user id and
password over the phone.
The
fraudster logins into my uncles account and does the following;
- Changes the password
effectively blocking the email account
- The fraudster logs in and from
my uncles account send mail to all the contacts saying “I am in London and
met with an accident and am hospitalized, please send US$ 1000/- to this
account” and gave details of a Bank account in a London bank
You
will be surprised that three people actually sent money to the fraudsters
account and my uncle was not even aware of this for many days.
Just
imagine the consequence of losing your mail account and losing all your
contacts, or you lose your bank card etc... So here is what you can do to avoid
Social Engineering techniques used by fraudsters.
- Never give out any information,
confidential or other wise to any one on the phone
- If someone calls you and tells
your credit card has been compromised, do not give any information, call
the Bank directly.
- Don’t leave any copies of
digital data like passwords etc. written on paper slips etc. anywhere on
the office table etc.
- Be careful of information you
give out to any one, specially strangers and casual acquaintances.
- Most importantly don’t leave
your personal computers, laptops in office unlocked even for a second.
No comments:
Post a Comment