FAQ - What is Social Engineering?

Problem:

What is social engineering and what relationship does it have to computers?

Solution:

Social Engineering is a term used to describe the efforts of indentity thieves who steal your personal/financial information and/or virus makers who want you to spread viruses for them.

How is this done?

Identity Thieves copy existing legitimate web site artwork and layout from banking fims and companies like EBay, then they use those images to create a site that looks just like the real thing.

Pretending to be those legitimate entities, these con artists send out spam which usually asks people to log in to a web site and fill out a form that asks for various types of personal data; social security numbers, passwords and usernames, bank account numbers, etc. The idea here is to convince the receiver (the dupe) that they are the real bank or Ebay type site. If you are unwary and give them the information they ask for, they have successfully stolen your identity. Expect to see all kinds of transactions using your name, money and good credit. If you find out about it in time, you can close the accounts. If not, you are stuck with the bad credit rating and lost money. These thieves can and DO clean out bank accounts.

A recent example of identity thieves purporting to be from Best Buy:http://help.isu.edu/disppage.php?doc_id=704&sec_id=102

Virus Makers send spam that pretends to be from Microsoft. Some of the email carries an infected payload which our server strips from the message.

A simple example: A fake Microsoft.com email telling people to install an update patch: http://help.isu.edu/disppage.php?doc_id=786&sec_id=102

A more sophisticated example: the Swen/Gibe.F exploit worm. http://help.isu.edu/disppage.php?doc_id=787&sec_id=41 These con artists can be very creative and persuasive. Never give out your personal information on an unsolicited call or respond to an unsolicited email. Contact the real business and ask them if the call or email was legitimate.

U.S. Department of Homeland Security - United States Computer Emergency Readiness Team - (US-CERT) Offical website.

For more information on Phishing and Social Engineering, please visit the US-CERT Cyber Security Tip document ST04-014 - http://www.us-cert.gov/cas/tips/ST04-014.html

Did this document solve or help you with your problem?

Yes   No  

Category: Viruses and Security     Platform: Not Applicable
Document #: 788     Author: Cynthia Senicka    
Last Modified by: Joshua Moor on 05/20/2008