Monday, January 18, 2010

Everybody should be aware of Social Engineering

Online criminals can use sophisticated technology to try to gain access to your computer, or they can use something simpler and more insidious: social engineering.

Social engineering is a way for criminals to gain access to your computer. The purpose of social engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.

Types of social engineering
  • Phishing
  • Spear Phishing
  • E-mail hoaxes

Phishing: Fraudulent e-mail messages and Web sites

The most common form of social engineering is the phishing scam. Phishing scams employ fraudulent e-mail messages or Web sites that try to fool you into divulging personal information.

For example, you might receive an e-mail message that appears to come from your bank or other financial institution that asks you to update your account information. The e-mail message provides a link that appears to go to a legitimate site, but really takes you to a spoofed or fake Web site.

If you enter your login, password, or other sensitive information, a criminal could use it to steal your identity.

Phishing e-mail messages often include misspellings, poor use of grammar, threats, and exaggerations. For more information about phishing, see Recognize phishing scams and fraudulent e-mails.

If you think you might already be a victim, see What to do if you've responded to a phishing scam.


Spear phishing: Focused attacks that seem to come from people you know

Spear phishing is any highly targeted e-mail scam; but they usually are employed in a business environment.

Spear phishers send e-mail messages that appears genuine to all the employees or members within a certain company, government agency, organization, or group.

The message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT. It might include requests for user names or passwords or might contain malicious software, like a trojan or a virus.

Spear phishing is a more sophisticated type of social engineering than phishing, but the techniques you can use to avoid being fooled are the same.

E-mail hoaxes: Look out for easy money promises

E-mail hoaxes come in many different forms, ranging from a scam that requests your help getting money out of a foreign country (often Nigeria) to a promise that you've won a lottery.

The common element is that you're usually promised a large sum of money for little or no effort on your part.

The scammer tries to get you to send money or reveal financial information that they can use to steal your money or your identity, or both.





Via [Microsoft ]


Bookmark and Share