Cyber Security : social engineering or the art of manipulation

[GHARIB]

Yes, 95% of breaches in cyber security is a consequence of human error.

Human factor is the biggest flaw.

Social engineering is an art, and you all should be aware of this: be careful of your privacy online.

 

DEFCON  LAS VEGAS 2016 demo

 

 

 

 

Edited October 23, 2021 by GHARIB

[RedBaird]

"Spoofed cell phone #" is what fooled the support person.  She already had one 'data point' about him.  

 

When I set up my FB account, I set my birthday as the WW1 Armistice day.  Years later, when I clicked on a link that claimed to be able to predict how long you will live, I got a result of 105 years! 😮 I then wondered how their algorithm deduced that by the answers that I had given and then realized that while FB may block our years-of-birth from the public, they might be giving it to 3rd parties, like this click-bait one. 😄 

 

"105 years"?  I should be around at least until 2023 then!  Woo Hoo! 🎂

 

(ACK!  I just had another thought!  I wonder how far and wide that click-baiter has shared my fake birthday???)

[em3l1en]

Well, must agree with the point. From my experience common attacks like stealing emails done through sendinng a malicious link. that leads to hacker`s site with proper forms to fill (usually it says smth like "u r going lack of storage, click to expand" or "your email is expiring"). After user clicks it the hackers have his public IP and are able to start another attacks like scanning victim for vulnerabilities on opened ports or simply performing DoS attack (which usually used to hide their further horizontal/vertical moving through victim`s network).
Recently I faced that hackers after stealing email creds (and usually downloading all it`s contents) left those boxes for like 3 weeks and after they use them to sprad malicious links to the contacts of those postboxes. It gives them an oportunity to perform an attack from trusted email which raises their chances for success.

There are some measures which can protect user like: 1) whitelist access to the mail; 2) using corporate VPN; 3) systematical work with personel that work with corporate email to explain them that clicking on untrusted links and downloading files with certain extensions are not allowed: 4) check headers of received mail; 5) periodically perform pentests.

Edited February 7, 2022 by em3l1en

[GHARIB]

 

[Elf]

I started to scam bait the scammers! That video is good info!

[Vindstot]

Yeah, usually when you get hacked/scammed, you are also responsible for it

But sometimes you can do anything, every precaution, and still get hacked

 

I got e-mails like "you won xy amount of Bitcoin, click this link to claim it". Or "we have recorded you watching porn. we will share your broswer history with the public if you dont send us $$$". These only work because they send it out to 10000 ppl, and maybe 1-2 will pay, and they basically put no effort into that, except sending out one e-mail that can scare naive ppl

I also get SMSs sometimes that "my package has arrived, click here to track it"

If you see a link you are unsure about, you can also right click on it, copy the link, and paste it into google search (so you dont actually load the page) to see if that looks scammy. Like if it is www.googie.com and you think that is google, you can miss it is not exactly that webpage. Or www.sdklj.com, (just made that up now), dont click on that if looks suspicious

 

 

Oh damn.... this is an old topic 😄 I should have checked that before starting to write this. Now I dont want to delete it... 😛 

[Paul Elton]

So if it's raised now again this topic deserves to add here this, not only this particular film but whole youtube chanel. 

 

 

[RedBaird]

3 hours ago, Vindstot said:

I also get SMSs sometimes that "my package has arrived, click here to track it"

 

I sometimes get texts, emails, voicemails or other messages from Amazon, Apple, the US Federal Government, etc.   What makes me laugh is when these "big organizations" have reply-to addresses with "bit.ly" in them!  🤣

 

I sometimes check my Telegram account first thing in the morning and am very ALARMED when I see it has 80-100 messages on it!  What Disaster Has Happened?  It turns out that I have been added to a newly created crypto currency group.  I have started leaving a post to explain to other confused posters that they should hit the "Report and Block" control at the top of the page.  Surprisingly, others reply to the group, asking for more information.  (or are those 'shills' pretending to be interested???)

 

 

[RedBaird]

BTW, FA Staff+ admins will have to 'watch' this topic for spambots!  😄 

 

I don't know how many hundreds of spam-messages I have 'removed from view' over the years or how many spambots I have banned.  The clan must have removed at least 10s of thousands of them!  100s of thousands???  A Million???  I will have to try to find out someday. "Shoveling 💩" is part of our job here.

 

Those little bastards are getting a little trickier, too, changing their techniques over the years. 😠  

 

ADDED:  From what I can see, there may have been 153 spambot-accounts blocked in 2022.  Their number of posts can range from one to a dozen, in a very short time.  That would average almost 3 accounts a week.  I can see the 'blocked posts' in my feed, so my mind exxxagggerated the probable totals.   

 

If 2022 was an average year, then the total number may have been around 2,000 accounts, which is a far cry from "10s of thousands". 😄  

 

 

 

 

 

 

Edited February 1, 2023 by RedBaird
typo again, dammit! ++ ADDED

[Dimo4ka]

Soon AI will catch up with the level of human development and there will be no more human error, it sounds scary, but it looks like it is 😁

 

on the one hand, this is a joke, on the other hand, reality, maybe distant 😋

[SeenSl]

Social engineering is the art of manipulating people into giving up confidential information or performing specific tasks that may be beneficial to the attacker. It typically uses psychological manipulation techniques such as impersonation, phishing, pretexting, and tailgating. Cyber security professionals should be aware of these techniques and take steps to protect their networks from social engineering attacks. Some of the measures that may be taken include educating employees about the risks, implementing measures to verify the identity of individuals, and having a policy in place that outlines the consequences of allowing unauthorized access to the network.

[RedBaird]

10 hours ago, SeenSl said:

Social engineering is the art of manipulating people into giving up confidential information or performing specific tasks that may be beneficial to the attacker. It typically uses psychological manipulation techniques such as impersonation, phishing, pretexting, and tailgating. Cyber security professionals should be aware of these techniques and take steps to protect their networks from social engineering attacks. Some of the measures that may be taken include educating employees about the risks, implementing measures to verify the identity of individuals, and having a policy in place that outlines the consequences of allowing unauthorized access to the network.

 

This post could be from a spambot.  They sometimes post information that is related to content in a topic and later post their actual "payload", a post with a link to their "sponsor" in it.  😄 

[Snuffs99]

Fitting it posts literally after @Dimo4ka says AI will catch up.....that post is sort of proving the theory correct.

 

 

 

Edited March 5, 2023 by Snuffs99

[RedBaird]

7 hours ago, parteekkumar said:

Social engineering is the art of

 

On 3/5/2023 at 11:19 AM, RedBaird said:

This post could be from a spambot. 

 

Different countries.  This topic may be spambot-bait.  😄 

 

We Staff+ will wait until they "prove" the guilt.  (or rather, I will, for sure, just out of curiosity.)

[GHARIB]

On 3/30/2023 at 1:13 PM, RedBaird said:

We Staff+ will wait until they "prove" the guilt.  (or rather, I will, for sure, just out of curiosity.)