Social engineering attack is a kind of network attacks making use of social engineering.
Social engineering is, exactly speaking, not a science, but an art and know-side surgery. Social engineering, making use of human weaknesses, is an art and subject to entrap people by means that obeys people’s will and satisfies people’s desires. It is not a science because it is not always successful and cannot always be repeated. And it will automatically lapse in many cases when it is full information. The tricks of social engineering also contain a wide range of flexible ideas as well as changing factors. Social engineering is a means used by people to gain their own interests by such hazards means as deception and injury by taking advantage of human instinct, curiosity, trust, and human desire to get things on the cheap and other weaknesses.
In reality, there are many crimes that make use of social engineering. Short messages fraud such as the bank credit card number fraud and telephone fraud such as the fraud of promoting products in the name of celebrities are the examples of applying social engineering.
In recent years, there are more hackers turning to carry out network attack taking advantage of human weaknesses, the social engineering. Accidents caused by using social engineering to break through the information security and protection have shown a trend of rising and even flooding.
Rich Mogull, the research director of Information Security and Risk of Gartner Group said, “Social Engineering is the biggest security risk in the coming decade and it is the Social Engineering instead of hackers or destructive behaviors that will cause many of the most destructive behaviors.” Some information security experts predicted that social engineering will be, in the future, the major confrontation field for information system intrusion and anti intrusion.
The Art of Deception published by Kevin Mitnick can be rated as a classic social engineering. The book describes in detail the use of social engineering to attack network in many ways, which requires little technological foundation. But what is frightening is that one can easily sneak into the most stringent network system once he know how to take advantage of people’s weaknesses such as credulity, forgetfulness, timidity and desire to get things on the cheap and so on. Kevin Mitnick was able to put his talent to the limit when he was at an early age, entering unwittingly and magically the network system of the United States Department of Defense, IBM, etc and obtain the administrator privileges, which are next to impossible. Recently popular free download software bundled by malwares, free music containing viruses, phishing, junk e-mails containing spywares are the recent representative application of social engineering.
Social engineering attacks are not the traditional areas of information security. They are also called “Nontraditional Information Security”.
Traditional information security methods cannot solve non-traditional threats to information security. Generally speaking, to address non-traditional threats to information security, we had better use social engineering to counter social engineering attacks. Concretely, adequate feedback should be provided for the user so that he can make accurate judgments to avoid being defrauded and to add more control mechanisms as well as technology. The user, therefore, can prevent social engineering attacks, even in the case of wrong decisions.
Nowadays, at the Internet Age “Information Is at your Fingertips”, many people have got their own e-mail, MSN, and other communication tools to keep in touch with friends and families. There even many people registered in the social networking site on their own accounts, which will undoubtedly facilitate our work and life to a considerable extent. The biggest risk of social networking site lies in its damage to personal information and other information. It may result in the fact that your photos are sent to an adult website, discrediting your image. It may also lead to the fact that the confidential information of your online bank card is stolen and your company’s business secrets are “revealed to the world”.
The main tricks of Phishing:
1) Fake identity and targeted personal information attacks
2) Making junk e-mails and Zombie networks
3) Changed social network applications
4) The confusion of personal information and professional information
5) Cross-site scripting attacks and request forgery
6) Identity theft
7) Corporate spies Phishing attacks can be divided into two aspects from the perspective of prevention. One aspect is to limit the resources of Phishing attacks.
Generally we can control the resources used by Phishing attacks, for example, WEB loopholes can be repaired directly by the Web service provider; mail service providers can use the reverse resolution domain mail server to remind the user whether he has received anonymous e-mails; Phishing URL link spread by IM software can be blocked by the IM service providers. The other aspect is the uncontrollable behaviors. For example, for browser bugs, we must patch to defend the Phishing attacks initiated by the attacker’s direct using of client software bugs, or security software manufacturers can also provide functions to repair the client software bugs. In the meantime, the major websites have the obligation to protect the privacy of all users and to remind all users to prevent Phishing, to increase security awareness of all users, carrying out active defense against Phishing attacks.
More Removal Guides
Still having trouble on dealing with tricky virus infections, stubborn errors, unwanted programs or any other headachy computer problems? Do not hesitate anymore! What you definitely need is a more specific, accurate and customized solution toward your specific issue in your specific computer system. Tee Support recommends to you an award-winning anti-malware tool that gives you the easiest and most effective automatic solutions.Click Here to Download the Most Popular Anti-malware Now!