Sunday, December 2, 2012

Social Engineering

Hello,

Social Engineering is most important part of Hacking process. Many hackers are masters in this.
How social engineering can be take place?
  • Social Engineer may approach you either a telephone or e-mail and pose as a person from your Information Technology Department or Help Desk and may ask for user id, password and other details like systems and network information.
  • A Social Engineer may meet you outside of your work place, or organization and may ask you about your work or How your organization does the things.
  • A Social Engineer may come to your organization to present business needs and may ask for network connectivity to know about network information or any sensitive information.
  • A Social engineer may ask your identity card to know about your personal information about your School, organization etc.
  • The basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information to commit fraud, network intrusion, identity theft or simply disrupt the system and network. 
Security Tips

  •  Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Don't send sensitive information over the Internet before checking a website's security. Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company. 
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.

No comments:

Post a Comment