Common Social Engineer Things Every Beginner Should Know
1. Poor security practice:
- The user does not follow established security policies or processes.- A result of a lack of security policies, procedures or training within the user's organization.
- An employee creates on good password and then uses it for all accounts.
2. When creating a password, users tend to use names of family, pets, or teams
3. Social engineers attempt to exploit the natural tendencies of people. They do this by first trying to evoke sympathy; if this fails, then by fear of confrontation
4. All of the following are techniques used by a social engineer
- An attacker replaces a blank deposit slip in a bank lobby with one containing his own account number.- An attacker calls up the IT department posing as an employee and requests a password reset.
- An attacker sends a forged e-mail with a link to a bogus web site that has been set to obtain personal information.
5. An attacker watches people as they enter a building requiring a key card. He waits until he see someone who appears to be in a rush and has their hands full. He then intercepts the person, makes quick small talk, offers to help them hold what's in their hands while he swipes in, and follows behind. This is an example of Piggybacking.
6. A person parks his car by an ATM, sets up a small camera discreetly pointed at ATM keypad, and then pretends to be going through bank papers in his car. This would be an example of Shoulder surfing
7. Attackers need a certain amount of information before launching their attack. One common place to find information is to go through the trash of the target to find information that could be useful to the attacker. This process of going through a target's trash is known in the community as Dumpster diving
8. Installing unauthorized hardware such as a communication software and modem may cause a security breach and allow an intruder to have access to an organization's system by opening up a backdoor
9. "Users can't always be sure where the software came from and it may have hidden software inside of it" is the security risks of installing games on an organization's system.
10. All of the following are characteristics of a strong password
- Contains numbers and letters- Contains at least eight characters
- Contains special characters, i.e., *%$#@
Comments
Post a Comment