Everything You Wanted to Know about
Social Engineering -- But Were Afraid to Ask...
Simple Social Engineering Tricks
The moral of this story? I should get a clue! To be specific,
beware of people trying to get your credit card number over the
phone. Of course that means you can't buy stuff from phone solicitors.
However, phone solicitors are a pestilence on society and should
never get a sale anyhow. Besides, many phone solicitors who have
nothing to do with hacking are also involved in scams.
Next to credit card scamming, perhaps the most common social
engineering tactic is to trick people into giving out their passwords.
Following is an example of a script that some people have used
on AOL Instant Messenger chats:
Hello from America Online! I'm sorry to inform you that there
has been an error in the I/O section of your account database,
and this server's password information has been temporarily destroyed.
We need you, the AOL user, to hit reply and type in your password.
Thank you for your help.
Or it might come as a phone call:
Hello, I'm a tech support person with your Internet Service
Provider. We have a problem with your account and need your password
in order to fix it.
If you are reading this book, you probably are knowledgeable
enough to see through these simple scams. However, even experienced
people can fall for a phone call that goes something like,
Hello, I'm from Cisco. Your coworker, Joe Schmoe, asked me
to help him troubleshoot your border router. It seems something
got glitched in the flash ROM and I need to tftp in some software.
But he's out of the office right now and
could you give
me the password? If I can't fix it right now, I have to leave
in half an hour for an on-site job, and I'd hate for Joe to get
into trouble with his boss if we don't get it fixed right away."
Yes, a social engineer may seem amazingly familiar with how
your network is laid out and who your coworkers are and whether
their phone just got picked up by an answering machine. A talented
social engineer will do his or her homework - in depth.
More on social engineering --->
Back to the index of "Everything You
Wanted to Know About Social Engineering -- But Were Afraid to