Software Today social engineering is the most widely used tactic by cyber criminals to trick people into performing actions for gathering critical information, accessing computer systems, committing fraud and so on. It stands for a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. Since the social engineers appeal to the vanity, greed, and authority of people, they find success in most attempts. Of the different social engineering techniques, Phishing especially spear phishing is the most extensively used by social engineers to deceive people. It is a technique employed to get hold of private information. In this form of attack, the phisher sends a fake email that appears to come from a legitimate business like a bank or credit card company. The victims are requested to update their information by clicking a link provided in the email, which is actually a link to a fraudulent web page. It is a serious and dangerous threat as spear phishing attacks are the root cause of security breaches happening in enterprises and organizations. The other kinds of social engineering techniques are Diversion theft, Pretexting, Interactive Voice Response (IVR) or phone phishing, Quid pro quo, Tailgating, Baiting, and so on. Lets look at two other techniques used widely by social engineers. Baiting In this form of attack, the attacker leaves a physical item like a floppy disk, CD or USB flash drive in places where it is sure to be found, for instance, elevator, parking lot, bathroom, or in the lobby. The success of this technique depends on the curiosity or greed of the victim. The device is given a title good enough to arouse the curiosity of the person who picks it up. On inserting such a device into a computer, a malware is instantly installed thereby giving the attacker access to the victims PC or the companys computer network. Tailgating In this form of attack, the attacker gain entry to a restricted area by walking behind a person who has legitimate access. The attacker tricks the legitimate person into believing him by producing a fake identity proof or by providing credible reasons for not being able to produce one. The best way to deal with this problem is to deploy effective solutions to address ‘people risk’. Take for instance, spear phishing attacks which are successful due to the lack of phishing awareness among the employees. Hence, the defense strategy of the enterprises must be to educate employees about Phishing and other social engineering techniques and support them with effective anti-Phishing software. About the Author: 相关的主题文章: