Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 1:  General Security Concepts (Domain 1.0; 30%)
      9  1.4  Attacks

Previous Topic/Section
1.4.8  Mathematical
Previous Page
Pages in Current Topic/Section
1
2
3
Next Page
1.4.10  Birthday
Next Topic/Section

1.4.9  Social Engineering
(Page 2 of 3)

2004 Update



What has become a new twist on social engineering is several type of scams that don’t rely on the old tried and true greed moviation such as the Nigerian Scams84. I have seen a totally new trend of email designed to either get me to be scared that I have been ‘caught’ with claims that my credit card will be charged at the rate of $2x.yz USD a week for child pornography unless I click on a link to “verify” accounting information. Obviously this is scam based on fear.

The other tacic is designed on coursity or anger. Short emails that are intended to inflame the reader. The virus based ones are always short emails, probably because the small size of the code is limited to how much random data it can create.

The professional scam artists are hitting businesses with emails like this:

Subject: Charge to VISA CARD
Hello,
Before I call VISA and make them aware of  this Apparent FRAUDULENT charge, what in the hell has been billed to this card !!
VISA CARD (last 4 digits)  ....8231
STATEMENT / Transaction DETAILS:
February 12th 2004
1085.15 CAN
(801.00 US)
This is the reference # on the statement:
248-423-xxxx-xx (modified by Tcat)
I want Complete details PLEASE !!!!
-What EXACTLY was ordered......
-Was this an online or verbal purchase?
-If it was online, I want complete details...ie: IP ADDRESSING, names, numbers etc.....
-If it was verbal, I want detailed information from the person who took the call, etc.....
Signed,
Madder than hell.....!!!!

Notice the attempt to get personal data from a business such as IP address, phone numbers, etc…

Hopfuly you can see why employee education is paramount. While currently the best defense is to encourage telephone dialog where your company calls the “victim” (the fraud folks are not prepared for this yet) I wouldn’t count on this working forever as Kevin revealed in “The Art of Deception”. Vilange and training is your only defense.


 __________________

84. http://home.rica.net/alphae/419coal/

Previous Topic/Section
1.4.8  Mathematical
Previous Page
Pages in Current Topic/Section
1
2
3
Next Page
1.4.10  Birthday
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.