Social Engineering
Social Engineering: Test To Protect, Part IV
PDF Key Scanner
Goal: Send an email to your customer support department with title – “Acceptable Internet Use Policy” and body “Please carefully review the attached PDF – it contains changes to our Acceptable Internet Use Policy (AIUP). Regards, Human Resources”.
The goal is to get employees to open this PDF.
Description:
This PDF has been [...]
Social Engineering: Test To Protect, Part III
Spoof and Steal
Goal: Spoof your company’s login page. Send an email asking certain employees to click the provided link and login to your companies service to change their password. Hook to use: “due to new company policy you must change your password today and every 90 days henceforth.”
Description: If your company login site is login.yourcompany.com [...]
Social Engineering: Test To Protect, Part II
Switchblade
Goal: Send a letter on your company’s letterhead to each IT manager asking that they take the enclosed USB card (with company insignia), stick it in their computer and copy important 2010 IT policy documents to their drive. “Our 2010 strategy is considered company confidential and for this reason we are not sending it via [...]
Social Engineering: Test To Protect, Part I
Anyone with access to any part of the system, physically or electronically carries at least the same potential security risk as the IT systems themselves.
Social Engineering: Manipulating Caller-Id
It is imperative that organizations consider the bleeding edge of social engineering (emerging methods). Manipulating the caller-id falls squarely into this category.
Social Engineering and Valentines Day
Besides the commercial exploitation of an often uninformed public there is another danger that, according to ESET, can be summarized as “fake sites, false flirting and fraud”.
Recent Comments