1.4.9 Social Engineering
(Page 2 of 3)
What has become a new twist on social engineering is several type of scams that dont rely on the old tried and true greed moviation such as the Nigerian Scams84. I have seen a totally new trend of email designed to either get me to be scared that I have been caught with claims that my credit card will be charged at the rate of $2x.yz USD a week for child pornography unless I click on a link to verify accounting information. Obviously this is scam based on fear.
The other tacic is designed on coursity or anger. Short emails that are intended to inflame the reader. The virus based ones are always short emails, probably because the small size of the code is limited to how much random data it can create.
The professional scam artists are hitting businesses with emails like this:
Subject: Charge to VISA CARD
Before I call VISA and make them aware of this Apparent FRAUDULENT charge, what in the hell has been billed to this card !!
VISA CARD (last 4 digits) ....8231
This is the reference # on the statement:
248-423-xxxx-xx (modified by Tcat)
I want Complete details PLEASE !!!!
Madder than hell.....!!!!
Notice the attempt to get personal data from a business such as IP address, phone numbers, etc
Hopfuly you can see why employee education is paramount. While currently the best defense is to encourage telephone dialog where your company calls the victim (the fraud folks are not prepared for this yet) I wouldnt count on this working forever as Kevin revealed in The Art of Deception. Vilange and training is your only defense.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.