Social Engineering Practices in Business                                           traffic news

 Social Engineering Practices in Business


 
The present computing has taken a significant importance in the field of information and communication technologies. It is the saying well-known? a turned off computer is a secure computer?. But, if the computer is turned off, who is the target? The user. There is a single system in the world that does not depend on a human being, which leads to a technological platform-independent vulnerability. For this reason, the Social engineering continues to be the most widely used method of spread of computer attacks.


Social engineering (IS) is a set of psychological techniques and skills (such as influence, persuasion and suggestion) implemented towards a user directly or indirectly to achieve this to disclose sensitive information or useful data without being aware of any malicious use these can be carried out by working with technology and computers or directly through the personal treatment.


It is a technique you can use certain people, such as private investigators, criminal, or computer criminals, to obtain information, access or privileges in information systems to perform some act that harmed or expose the person or agency committed to risk or abuse. In practice, a social engineer will commonly use the telephone or Internet to mislead people, pretending to be, for example, an employee of any bank or any other company, a co-worker, a technician or a client.Social Engineering Practices in


The report of Net security based on surveys, shows the most common sources of social engineering as threatened by phishing emails (47%) and social networking (39%) sites. The survey found that the new employees (52%) and contractors (44%) were cited as the most susceptible to the techniques of social engineering, with emphasis in that staff of white hackers suspected are the weakest security in organizations links, use of social networking applications to gather personal and professional information of employees of mounting launches phishing attacks.


According to global survey of more than 850 of it and security professionals, 86% of companies recognize the social engineering as a problem of increasing security. 51% of respondents cited economic benefit as the main motivation for the attacks, followed by a competitive advantage and revenge. Rate highest in the attacks was reported by organizations of energy and services (61%) with non profit organizations reported the rate lower (24%), thereby reinforcing the profit as the main reason for the attacks.
Social Engineering Practices in


There are two types of social engineering. A call IS based on computers is to use the oversights that users make to fall into traps such as chains of emails, the hoaxes, spam, Windows pop-up and emails with infections. And the classic; which is based in human resources and, generally direct treatment, that their properties and technological independence can use to make you confess some clues and to obtain access codes.


Using human psychological characteristics as curiosity (which moves us to look at, to respond and to play where should not), fear (fearing, we seek to help in any way or fall easier into the traps because we can not reason with tranquility), confidence (we feel safe against the smaller sample of authority), social engineering is the art of the use of intentional circumstances, but much of the random. Why is that experts will be attentive to any errors you make unless you realize.



Some examples that can be cited:

-The execution of a Trojan virus by the user, attached to an email sent by a box familiar or simply with an interesting title to the recipient as "it's fun, try it," "look at naked Anita", etc.

-The friendly voice of a man or woman, who belongs to the technical support of our company or our supplier's technology, that we are required by telephone information to solve a problem detected in our network.

-Call a user need that they allocated again your password because her has changed during the course of the day and does not remember.

These are crude examples cited merely to plot some previously explained concepts. Purpose of this article is not an in-depth analysis of this subject, but simply provide the reader an overview on the simpler aspects surrounding the management of information.



Examples such as Tupperware, Coca-Cola, Gillette, McDonald's, and other greats of the Marketting are a clear indication of the scope of the processes of influence, as they have managed to introduce the verbal products use people as if they were the cast of the product itself. Someone refers to a "Tupperware" when in fact this referring to a container or bols, same happens to refer to a "gillette" when in fact what we want is a razor blade. All this is possible with proper use of the marketting and influence processes mentioned above.



Even larger companies investing millions of dollars a year in the security of your data, were victims of these attacks, the Bank English First Union, BBVA (Banco Bilbao Vizcaya Argentaria), PayPal (company that allows to make payments through the Internet), Ebay (buying and largest selling Internet company), AOL (company provider of Internet and other services) and VISA credit card, these are some of the companies that have suffered in a way or another "attacks" of Social engineering in the last decade.Social Engineering Practices in


More specifically, an excellent example showing the imagination of the "social engineers", is the audit to which he was subjected in June of this year, an American company dedicated to granting credits, the objective being the show the insecurity of USB flash drives. The company took 20 sample USB sticks, put it files of various types, including a Trojan once launched on any computer would begin to send information to the auditing company servers, and them they were leaving 'forgotten' in the parking lot, smoking areas and other sites of the company under audit.


Twenty reports, fifteen were found by employees of the company in question, and the fifteen ended up being plugged in computers connected to the network of the company, that followed began to send data to the company auditor that allowed them to enter into their systems without any problem.


Security is often a mere illusion. A company can have the best technology, firewalls, systems of detection of intruders, advanced authentication devices and biometric cards, etc and they believe that you are 100% insured. Living an illusion. You need only call dial-up and ready. They are already vulnerable to an attack. "Security is not a product, is a process"


Challenge in business

Constantly security professionals indicate that security through obscurity (is named to the security that is based on ignorance and concealment of failures, rather than anticipate them and resolve them) is the worst option to choose.


Almost every human being has the tools to a social engineering, "the attack", the only difference is the ability and knowledge to make the use of these tools.




What methods are used by the attackers?

Social engineering attacks aimed at home users usually take advantage of basic human emotions to manipulate and persuade people to fall into his tricks, including curiosity, fear and empathy.


-Curiosity: The exploitation of the curiosity of a person could be the sending of an e-mail that supposedly contains a link to see a video about the history of tabloid news. The link, however, lead to a malicious site intended for the installation of malware or steal private information.


-Fear: The tactic of Cyber thieves to instill fear and persuading a person to act in a certain way is through the sending of e-mails from phishing, supposedly of a Bank of the victim. Using the argument that your account has been violated, the message leads to the user to click on a particular link to validate the account. Once again, the link will lead to a malicious site designed to compromise the computer, or steal info.Social Engineering Practices in



From the point of view of psychology, there are certain processes that are automated both in humans and in animals under the relationships with others. Depends on who analyze can be an advantage or a disadvantage. These processes are commonly used in marketing campaigns and business to influence on people.


A description of the basic processes of influence, it would be this:

• Reciprocity - a person makes a favor to another, then the other must return the favour.

• Commitment and consistency - a person said that he would do such a thing and are forced to do it, and should be consistent with their general way of thinking.

• Social evidence - it is easier to do what people do.

• Like it and be Parecidos - likes certain people, or those that are similar to the / it, and tends to be influenced / for them.

• Authority - people recognize certain types of actual or apparent authority, and respect for them.

• Scarcity - the people are attracted by what is little.


Characteristics and because its main tool is the adaptation to different scenarios and personalities, social engineering is more complex to avoid techniques. What can be done is just what you've done, read about how it works and be attentive to different intentions without becoming paranoid or anything similar.Social Engineering Practices in


Social engineering is a great hacker tool, but also as a tool for everyday life, that to suffer its consequences do not need have a computer in the middle. It should not be paranoid, but we must be vigilant, because the most vulnerable of any security system link ourselves.