Jump to content

Cyber Security : social engineering or the art of manipulation


GHARIB
 Share

Recommended Posts

Yes, 95% of breaches in cyber security is a consequence of human error.

Human factor is the biggest flaw.

Social engineering is an art, and you all should be aware of this: be careful of your privacy online.

 

DEFCON  LAS VEGAS 2016 demo

 

 

 

 

Edited by GHARIB
  • Surprise 2
  • 100 1
Link to comment
Share on other sites

  • GHARIB changed the title to Cyber Security : social engineering or the art of manipulation

"Spoofed cell phone #" is what fooled the support person.  She already had one 'data point' about him.  

 

When I set up my FB account, I set my birthday as the WW1 Armistice day.  Years later, when I clicked on a link that claimed to be able to predict how long you will live, I got a result of 105 years! 😮 I then wondered how their algorithm deduced that by the answers that I had given and then realized that while FB may block our years-of-birth from the public, they might be giving it to 3rd parties, like this click-bait one. 😄 

 

"105 years"?  I should be around at least until 2023 then!  Woo Hoo! 🎂

 

(ACK!  I just had another thought!  I wonder how far and wide that click-baiter has shared my fake birthday???)

  • Like 1
  • Haha 1
Link to comment
Share on other sites

  • 3 months later...

Well, must agree with the point. From my experience common attacks like stealing emails done through sendinng a malicious link. that leads to hacker`s site with proper forms to fill (usually it says smth like "u r going lack of storage, click to expand" or "your email is expiring"). After user clicks it the hackers have his public IP and are able to start another attacks like scanning victim for vulnerabilities on opened ports or simply performing DoS attack (which usually used to hide their further horizontal/vertical moving through victim`s network).
Recently I faced that hackers after stealing email creds (and usually downloading all it`s contents) left those boxes for like 3 weeks and after they use them to sprad malicious links to the contacts of those postboxes. It gives them an oportunity to perform an attack from trusted email which raises their chances for success.

There are some measures which can protect user like: 1) whitelist access to the mail; 2) using corporate VPN; 3) systematical work with personel that work with corporate email to explain them that clicking on untrusted links and downloading files with certain extensions are not allowed: 4) check headers of received mail; 5) periodically perform pentests.

Edited by em3l1en
  • Thanks 1
Link to comment
Share on other sites

  • 1 month later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.