Home > Social engineering (computer security)

A contemporary example of a social engineering attack is the use of e-mail attachments that contain malicious payloads (that, for instance, use the victim's machine to send massive quantities of spam). After earlier malicious e-mails led software vendors to disable automatic execution of attachments, users now have to explicitly activate attachments for this to occur. Many users, however, will blindly click on any attachments they receive, thus allowing the attack to work.

Perhaps the simplest, but still effective attack is tricking a user into thinking one is an administrator and requesting a password for debugging purposes. Users of Internet systems frequently receive messages that request password or credit card information in order to "set up their account" or "reactivate settings" or some other benign operation in what are called phishing attacks. Users of these systems must be warned early and frequently to not to divulge sensitive information, passwords or otherwise, to people claiming to be administrators. In reality, administrators of computer systems rarely, if ever, need to know the user's password to perform administrative tasks. However, even this might not be necessary — in an Infosecurity survey, 90% of office workers gave away their password in exchange for a cheap pen.

It is important to note, however, that its not always so direct. One of the biggest problems in Windows computers is spyware, which is malicious software in which the user runs executable code that promises to do something but does other tasks in the background. This typically happens by offering a downloadable program which does a task (Weatherbug, for example), or via the internet by secretly inserting code intended to exploit holes in the user's system security.

Training users about security policies and ensuring that they are followed is the primary defence against social engineering.

One of the most famous social engineers in recent history is Kevin Mitnick.

References

• John Leyden, April 18, 20032003 is a common year starting on Wednesday (link will take you to calendar), and also: The International Year of Freshwater The European Disability Year Summary Perhaps the defining global event of the year 2003 was the Invasion of Iraq launched by the U. Office workers give away passwords for a cheap pen. The RegisterThe Register ( El Reg to its staff) is a British technology news website focusing on the computer industry. It was founded by John Lettice and Mike Magee in 1994. Mike Magee left The Register in 2001 to start The Inquirer after some controversy. The Regis. Retrieved 20042004 is a leap year starting on Thursday (the link is to a full 2004 calendar), and has also been designated the: International Year of Rice International Year to Commemorate the Struggle against Slavery and its Abolition Elections are to be held in 73 co- 09-09 .
• Kevin D. Mitnick, William L. Simon, Steve WozniakStephen Wozniak ( Polish: Wozniak, nickname The) Woz or Wizard of Woz (born August 11, 1950) is credited with initiating the entry of computers into private homes. Although his contribution may be seen as a compilation of a few well-known ideas that have. The Art of Deception: Controlling the Human Element of Security. John Wiley & Sons, 20022002 is a common year starting on Tuesday (see link for calendar). 2002 was the first palindromic year since 1991 and the last until 2112. 2002 was also designated: International Year of Ecotourism and Mountains National Science Year in the United Kingdom. BooksEnthsiast.com.