 |
free hosting image hosting hosting reseller online album e-shop famous people |  |
  |
||
|
free hosting image hosting hosting reseller online album e-shop famous people | |
|
||
Introduction
Social engineering is a technique used by black hats to steal information. Phishing is one of those techniques. Social engineering involves clever deception in order to get something from someone they wouldn't usually give away. In this essay I will attempt to explain some of the concepts behind social engineering and phishing in particular.
The concept of social engineering
The modern cracker often encounters security systems that are very hard to break. A file that is encrypted in a 2048 bit encryption algorithm is a good example. Online shopping and banking is relatively secure these days. But criminals never rest. They will find a way. Social engineering is much
An example of an IRC social engineering trick
On IRC, nickserv and chanserv is used to identify people on the network, people frequently send their passwords to nickserv and chanserv, and this is safe. However, if nickserv were to go offline for some reason, someone could change their nickname to nickserv, effectively capturing everyone's passwords. A common typographical mistake could also be used for instance, nikserv, nickserve, bickserv, and so on and so on. If someone were to make a typo, then they could possibly lose their IRC identity to a malicious user.
Another example of IRC social engineering, one that I have personally seen, is that a person would tell you that they are a system administrator, and they need your password. Getting a nickserv password might seem harmless to some, but since your real e-mail address is contained in your nickserv information, this could open a door to further abuse.
Fake websites, mailing lists, etc
The web is an open network, which means people can easily set up a website, hosting "seemingly harmless" content such as applications, and embed Trojans or virusses in them. A fake website is not really fake, it only lies about content. Being wary about giving credit card information should be the first thing someone learns on the internet. A website can gather information by telling people that they have certain content, that has to be paid for, when a user enters his/her credit card info, the cracker then uses that information for obvious ends.
Above: An example of how a cracker can mimick the hotmail website to get into your e-mail. was taken from a tuturial by HDD-Slayer
Phishing
Phishing is one of the easiest ways to get users passwords, credit card information etc. Phishing is when a cracker sends out a bunch of e-mails, possible claiming that it is your bank, and they require your password and username for administrative purposes. Be ware, this e-mail will look very real. Phishing can of course be used for other purposes too, but I wont explore those here.
End of essay
Social engineering is one of the most effective ways of gaining access to private information because human error will always exist. It is best to view everything with a close eye and when in doubt, go without.
©2006 Tjaart Blignaut
