Filtered Geek

Recently Hotmail has had a security breach, that has now spread to over 30,000 Gmail and Yahoo mail account (further reading here). Email is such a wonderful thing to have, but it is also one of the more dangerous areas of the internet. Keeping safe is not just large company's problems, it is your's as well.

What Is Social Engineering?

Social Engineering  isn't new, in simple terms, social engineering is the act of convincing someone to do something that they do not realize is wrong. Trying to trick someone to do something has been around probably as long as humans have began to socialize. Deception is key, gain someone's trust (or apparent trust) and you would be surprised what they will do for you.

Social engineering is basically, getting what you want from someone else. Ever convince a friend to come to the movies, when they already had plans? Got that cashier to believe you didn't wear those shoes before returning them, even if you wore them dancing the night before. All can be classified as social engineering.

Social Engineering and Computers

Well now that you understand at least at a high level what social engineering is, start to think of what can happen in the world of technology. The Filtered Geek has at least three books on his book shelf (A good one - The Art Of Deception), that talks about computer horror stories with company's, all stemming from social engineering. A quick example; ever been sitting at your desk and get a phone call from the IT department? Was it the IT department? hopefully yes, but there are documented cases where a rather smart fella, has posed as employees and gained the trust of people. Once the person has the trust, you would be surprised what someone will tell someone. Just imagine this IT guy telling you his sad story, about how the boss needs software audits to be done by closing, and he is falling way behind, but if you could only help him out he would be most grateful. You feel sorry for the fellow employee, and you help him out by giving him some information about your computer, maybe even your login, because he's IT.

Woah, Wait a Second

How can you be SURE he is IT? Exactly! this isn't the only way social engineering can occur, but bear in mind if you are a victim of it, you probably don't even know it!

So what about those emails you get from places like PayPal, or your bank.

THE NUMBER 1 RULE OF SECURITY IS TRUST NO ONE

If you ever get a unsolicited email from anyplace that holds value, like banks, auction sites, anywhere that has your personal information, be VERY weary of it. When in doubt open your browser window, and manually go to the site, login, and try to confirm the information. Links in email can take you ANYWHERE, and it takes about 5 minutes of skill to spoof an email, and not much longer to type a fairly convincing one up. A hacker would love to convince you (social engineering) to click a link in a fake email, and get your password, while you don't even know you have been duped!

Microsoft has a useful site that also outlines some ways to keep you safe from these tactics online

Filtering The Filter

• Be very weary people claiming to be someone, especially when you can not confirm it.
• Don't click links in email and login. Go the site on your own and login
• Trust is what social engineers prey on, watch who you give it to.
• DON'T CLICK ON LINKS IN EMAIL