Social engineering is one of the most used ways of obtaining of confidential information and important. This is because it explores with a lot of sophistication to the “failures of security of the human”. Companies invest fortunes in security technologies information and protect physically your systems, but the majority does not have methods that protect your employees of the pitfalls of social engineering. The issue becomes more serious when home users and not working with computer systems are involved.
A definition of acceptable that is to the social engineering is the following: social engineering is any method used for deception or exploitation of the trust of people to obtain information sensitive and important. To do this, the deceiver can pass for the other person, take on another personality, to pretend that this is a professional a certain area, etc.
Social engineering attacks are very frequent, not only on the Internet, but in the day-to-day life of the people. But, by the fact of AbbreviationFinder be a website linked to computing, this article will treat only of the attacks that involve the Internet. Being so, let’s look at some common cases:
Viruses that spread by e-mail: virus creators usually use email for the propagation of his creations.In most cases, it is necessary that the user that receive the e-mail run the attached file to your computer to be contaminated. The creator of the virus to think in a way of making the user click on the attachment. One of the methods the most used is to place a text that arouses the curiosity of the Internet user. Thus, the text can treat sex, love, current news, etc. One of the most classic is the virus I Love You, who came to the e-mail addresses of the people using this same name. To receive the message, many thought that they were a(the) admirer(a) secret(a) and in the expectation of finding out who it was, clicked on the attachment, and defile the computer. Notice that in this case, the author explored a subject that stirs with any person.
Some viruses have the characteristic of spreading very easily and therefore receive the name of worms (worms). Here, the engineering social can also be applied. Imagine, for example, that a worm spreads by e-mail using as subject virtual cards friendship. The Internet user that believe in the message that will contaminate your computer and the worm to propagate, it sends copies of the same message to the contact list of the victim and places the email address her as the sender. When someone on the list receive the message, will think that it was a known that you sent that e-mail and as the subject it is friendship, can you believe that it is even getting a card virtual your friend. The social engineering tactic for this case, explores a subject appropriate to any person: the friendship.
Fake emails (scam): this is one of the types of attack social engineering the most common and is mainly used to get financial information of the person, such as the number of current account and password. In this case, the aspect explored is the trust. A good part of the creators of these e-mails are criminals who want to steal the money present in the bank accounts. However, the systems of the banks are very well protected and almost inviolable! As it is impossible to try to circumvent the security of the systems bank, it is easier to the criminal to try to trick the people to who they provide their information bank. The tactic used is the following: the criminal acquires a list of emails used for SPAM that contains millions address, then go to a website of a bank, very well known, copies the layout of the page and saves it to an interim site, that has the URL similar to the bank’s web site. For example, imagine that the name of the bank is Bank AbbreviationFinder and the site is www.abbreviationfinder.org. The criminal creates a website similar to: www.abbreviationfinder.org or www.imfowester.com or www.infowezter.com finally. On this site, it offers specific fields for the user to enter their confidential data. The next step to send an e-mail to the list acquired using a similar layout to the site. This e-mail is accompanied by a link that takes you to the site false. To make the surfer click on the link, the text of the message you can, for example, suggest an award: “You has just be awarded with 10 thousand reais. Click on the link to update sign-up and receive the award.” As the institution the bank chosen is usually very well-known, the chances that the user who received the e-mail is a client of the bank are great. So, he may think that in fact it was the bank that sent that the message, after all, the e-mail and the web site the link you have the layout of the institution. As a result, the victim naively enter their data and days after you realize that all the money from your account is gone! Notice in such cases, the scammer uses the image of reliability that the bank has to deceive the people.
When the question is a bogus email, the possibilities of scamming are great, because people like to receive e-mails. Thus, false messages that say that the user received a virtual card or won a prize of a large company are common. Independent the subject matter in the e-mails of this type, all trying to convince the Internet user to click on a link or attachment. The way it used to convince the user to do this is a social engineering tactic.
Chat rooms (chat): this is one of the means most dangerous deception and tend to victimize mainly children and adolescents. The danger occurs because the consequence of the coup can bring about physical damage and moral to the person. In the chat rooms, the scammers will gaining the trust of the future victim through the conversation. By this means, he is slowly convincing the person to provide your data, such as phone, home address, address school, etc. A criminal can, for example, go into a chat room to young people and say things that convince a teenager of 13 years of it can be your perfect boyfriend. She then provides its data or mark a meeting in the expectation of seeing your “prince enchanted’. Another example may occur with a boy who, not seeing the time of having her first sexual relationship, believe in the conversation of a supposedly beautiful girl who is dying to meet you. In both cases, the consequences can be terrible. Scams so they can also be applied in adults. For example, with a divorced woman and that uses a chat, hoping to find a new partner.
There are other types of social engineering attack in addition to the cited above. The issue is serious and even a person endowed with much intelligence can be a victim. Just to give you a sense of the scale of the problem, too many hackers reach their goals through engineering techniques social. And all because the human is a being who, unlike of computers, is constantly affected by emotional aspects.
The best weapon against social engineering is information. Anything further the companies use ultra-protected if your employees they do not have the science of scams that can suffer (notice that in this case, the scams social engineering can occur not only over the Internet, but mainly in the own working environment). In the case of home users, parents should inform their children about the dangers, and in the same way, you need to take careful when they are surfing on the Internet.
The big problem is that many Internet users, regardless of age, are “taking their first steps on the Internet” and not have no idea of the dangers existing therein. Many are amazed with the “great network” and tend to believe in everything reading in this environment. Fortunately, many providers of access to The Internet and the media as a whole has given attention the scams existing on the Internet and helped spread of the ways of prevention. But there is still much to be done, and if governments and specialized bodies do not take the subject seriously, the Internet will be just as dangerous as walking alone in a place dark and unknown.