You can have the most secure network in the world. Your password can be so secure that it could take a million years to crack. However there is no protection against a social engineer attack except knowledge.
Picture the scene: A beautiful half-dressed woman on Facebook requests your friendship. You look to see how many friends you have in common… Quite a few of your male friends. You accept her as a friend. Perhaps thinking you will either see more pictures or can form a relationship with her. While you are digging through her profile, she (or he) is digging through yours. In some cases, the attacker has what they need and keep you around just in case they need more. You were a victim of a social engineering attack.
How about this: Your on Facebook and meet a handsome young activist that supports your cause, whatever it is. He is from another country, but the two of you have something in common. He starts asking: “Are those your kids? What are their names? What groups do you support locally? What part of America? What city?” Before long you build a relationship with this strange fellow and in due time, he has what he needs. You were a victim of a social engineering attack.
What is a social engineering attack and what were these two examples looking for?
Social Engineering is defined as a means of gathering information for an attack by relying on the weaknesses of individuals. The specific attack that we are talking about in this article is called impersonation. Impersonation happens when an individual creates a fictitious character and then plays out the role of that person on a victim. This can happen on a broad number of occasions, but one one of the most popular is on Facebook.
What is your Facebook weakness?
Is it the woman that catches your eye? Or the intellectual activist? Perhaps they claim to share the same religion, social status, hobby, political opinion, similar aged kids, marriage, divorce and so on. Their objective is simple. They are trying to get information out of you. Be assured, you are not the only one and they can be very patient.
What do they want?
What can you do with information? How many of you, despite my last article on passwords, include your kids names in your logins? Maybe a combination of your city and hobbies? With a little foreknowledge and educated guessing, they may be able to figure it out. Perhaps they already have your SSN from another scam from another day. Now they need Maiden name, Birth Place and so on. A few patient conversations is all they need to get it out of you. How about the beautiful women? Perhaps all they need is your friendship. They can see everything about you on your profile. And that may be enough. Maybe they send you a link and as a trusted friend that would do anything for a beautiful woman, you click it. Now, your computer is infected or your Facebook account compromised. Now, they can either profit off of you with spam and ads and share them with your friends.
How to protect yourself…
According to Hackers Online Club, there are three precautions that you can take:
1) Don’t believe everyone you meet on the net and tell them every thing about you. Don’t even accidentally say answers to the questions like “What’s you pet’s name?”, “What is your mother’s maiden’s name?”, etc. which are particularly used by your web account providers to remind your passwords.
2) Don’t give your credit card details to anyone your. Remember, it’s not a hard deal for an attacker to crack an e-mail id and chat with you like your friend. Also data through IMs can be easily sniffed.
3) Don’t accept executable files (like *.exe, *.bat, *.vbs, *.scr, etc.) from unknown persons you meet on the net. They might be viruses or Trojans.
Please act carefully, use security software and ask professionals for help. AskSupportNow is working hard to gain influence in the IT Security Realm for the Metro-Detroit Area. For more information, please visit AskSupportNow.com on the about page and ask for information on a free network assessment. If you enjoy our articles, please like us on Facebook, follow us on Twitter and connect with us on LinkedIn.