Premium Essay

Security Recommendations to Prevent Social Engineering Attacks

In: Computers and Technology

Submitted By rapdogg48
Words 362
Pages 2
Security Recommendations To Prevent Social Engineering Attacks

A social engineering attack is a non technical attack that attacks the mindset of the victim. An intruder prefers this attack, because the human mindset has more weaknesses than many systems do. There are several implementations that can be used to deter social engineering attacks. The following are list of security recommendations to thwart social engineering attacks that must be used by all company employees:
· Do not click on any links in an e-mail instead scan the link with a virus scanner and type the link in the browser instead of clicking on the link.
· Do not open any e-mail attachments without first during a virus scan on the e-mail or e-mail attachments can be blocked.
· Do not talk about company business in front of anyone that is not a part of the company this includes family or friends.
· Do not hold the door open to let anyone in the building instead have them go to the front desk to present their credentials.
· Make sure that all paper company documents are burned in an incinerator.
· Install mantraps where access cards must be used to enter in secure or employee only areas.
· To obtain lost or forgotten passwords the user must come to the help desk with the proper identification and answer 2 security questions and the temporary password must be changed as soon as the account is accessed.
· Internal e-mail addresses should only be given to employees with proper identification that can be verified.
· Do not give out personal information to unsuspecting people or social media.
· Should have the mindset of why someone wants this information or security first and this will make employees weary of giving out any information, instead of employees just having the mindset of being nice and just giving out little information that employees don’t feel is that important.
· Make…...

Similar Documents

Premium Essay

Social Engineering

...SOCIAL ENGINEERING INTRODUCTION Social Engineering is using non-technical means to gain unauthorized access to information or system. Normally a hackers would use exploit a systems vulnerabilities and run scripts to gain access. When hackers deploy social engineering they exploit human nature. Social Engineering is represented by building trust relationships with people who work in the inside of the organization to gain access or who are privilege to sensitive information such as usernames, passwords, and personal identification codes which are needed to gain access to information, networks and equipment. An attacker may appear to be trustworthy and authorized, possibly claiming to be a new employee, repair person, researcher and even offering credentials to support that identity. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility. In the past companies would assume if they setup authentication processes, firewalls, virtual private networks, and network-monitoring the software their network would be safe. Social Engineering bypasses the technical security measures and targets the human element in the organization. SOCIAL ENGINEERING ATTACK Social engineering attacks are personal. Hackers understand that employees are often the weakest link in a security......

Words: 948 - Pages: 4

Premium Essay

On-Line Security: Attacks and Solutions

...EVREN KUCUKKAYA E-COMMERCE SEMINAR Elias A. Hadzilias, PhD NTUA Assignment: On-line security: attacks and solutions 2012 ISG – INTERNATIONAL MBA Table of Context 1. INTRODUCTION ................................................................................................................................... 3 2. MAIN TYPES OF MALWARE ................................................................................................................. 4 2.1. Computer Viruses ............................................................................................................................. 4 2.1. Computer Worms ............................................................................................................................. 5 2.3. Trojan Horses.................................................................................................................................... 6 2.4. Spyware ............................................................................................................................................ 6 2.5. Backdoor........................................................................................................................................... 6 2.6. Spams ............................................................................................................................................... 7 2.7. Keyloggers ....................................................................................................

Words: 5692 - Pages: 23

Premium Essay

On-Line Security: Attacks and Solutions

...EVREN KUCUKKAYA E-COMMERCE SEMINAR Elias A. Hadzilias, PhD NTUA Assignment: On-line security: attacks and solutions 2012 ISG – INTERNATIONAL MBA Table of Context 1. INTRODUCTION ................................................................................................................................... 3 2. MAIN TYPES OF MALWARE ................................................................................................................. 4 2.1. Computer Viruses ............................................................................................................................. 4 2.1. Computer Worms ............................................................................................................................. 5 2.3. Trojan Horses.................................................................................................................................... 6 2.4. Spyware ............................................................................................................................................ 6 2.5. Backdoor........................................................................................................................................... 6 2.6. Spams ............................................................................................................................................... 7 2.7. Keyloggers ....................................................................................................

Words: 5692 - Pages: 23

Premium Essay

Social Engineering

...our information and our privacy. Computers around the world are connected via the internet and while this connection allows for easy access to information and communication, it also opens the user up to a new form of crime, social engineering. In my ????? class, Professor ???? talked about one particular example of social engineering dating back to ancient times, the Trojan Horse. It is considered one the most well-known examples of social engineering in history; a hollow statue built by the Greeks to allow them access to the city of Troy. This seemingly harmless wood statue was not apparent to be a threat by the Trojans and unfortunately resulted in the fall of the city of Troy to the Greeks. Social engineering works in somewhat the same way. In modern times it is a way for criminals to access your computer, office or confidential information for illegal purposes. In this paper, I will discuss 3 of the most common types of social engineering attacks; phishing, snooping and dumpster diving. Issues Analysis Firs I want to talk about one of the most common types of social engineering, phishing. Phishing is a computer criminal activity that uses a special engineering as a disguise on a website in order to acquire credit card information, social security, and other important information about the user. The first use of phishing started as far back in the 1990s when AOL had to deal with the hackers signing on as employees requesting billing and other information from account......

Words: 1031 - Pages: 5

Premium Essay

Social Engineering

... Social Engineering Attacks and Counter intelligence Brian Nance CIS 502 Theories of Security Management Strayer University Prof. (Dr.) Gideon Nwatu May, 5, 2013 Describe what social engineering and counterintelligence are and their potential implications to our national security in regard to the leaked Afghan War Diary and the Iraq War Logs “Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures”. (Rouse, 2006) Social engineering is a con game in where a person breaks into a computer network in the efforts to gain the confidence of an authorized user and to get them to reveal information that will compromise their network security. Social engineering relies on the weakest link, which are human beings. Most social engineering attacks happen when attackers send urgent emails or correspondence to an unsuspecting authorized user of an urgent problem that requires immediate network access. According to (Rouse, 2006) these types of social engineering tactics appeal to vanity, a since of authority, or greed. Attackers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Security experts believe people are more dependent on information than ever and social engineering will remain the greatest threat to any......

Words: 2232 - Pages: 9

Free Essay

Social Engineering Attacks and Counterintelligence

...Table of Contents Ethical and Social Issues In Information System 1 Chapter one 3 Introduction to the Study 3 Context of the Problem 4 Statement of the Problem 5 Research Questions 6 Introduction 6 Research Question 6 Research Question 7 Research Question 7 Significance of the Study 8 Research Design and Methodology 9 Organization of the study 9 Literature Review 10 Introduction 10 References 14 Chapter one Introduction to the Study Ethical and social issues in information system is a combination of the benefits and disadvantages of using computer and computer related devices, social networks versus our ethics, morals and beliefs. The importance and reliability of computer in our day to day running of human life cannot be over emphasized. Social networking platforms may allow organizations to improve communication and productivity by disseminating information among different groups of employees in a more efficient manner, resulting in increased productivity. While it is not meant to be all-inclusive, there are a lot of problems faced by its usage in younger generations, businesses use, and the even medical field. The social media comes with risks as it opens up the possibility for hackers to commit fraud, launch spam and virus attacks, and also increases the......

Words: 3249 - Pages: 13

Free Essay

Social Engineering Attacks and Counterintelligence

...Case Study 2: Social Engineering Attacks and Counterintelligence Marilyn Washington Dr. Gideon U. Nwatu CIS 502 November 3, 2013 Abstract The topic of this paper is “Social Engineering Attacks and Counterintelligence.” Social engineering attacks and counterintelligence have major impacts to our national security. In July 2010, the Afghan War Diary was released in WikiLeaks. In October 2010, WikiLeaks also released the largest military leak in history – the Iraq War Logs revealing the war occupation in Iraq. This type of information is considered as classified data by the Department of Defense. Social Engineering Attacks and Counterintelligence Describe what social engineering and counterintelligence are and their potential implications to our national security in regard to the leaked Afghan War Diary and Iraq War Logs. WikiLeaks is an open website that reveals classified documents to the general public. Voice of America stated that “WikiLeaks releases 400,000 classified US Military files (Pessin, 2010). WikiLeaks is a serious threat to national security. WikiLeaks is a threat for three reasons: reveals the identities of operatives, defaces the name of the USA to foreign countries, and threatens the safety of the USA. A danger of WikiLeaks is it reveals the identities of operatives both foreign and domestic. WikiLeaks allows the names of many allies and operative missions to be posted on a public website. This type of exposure endangers many......

Words: 1115 - Pages: 5

Free Essay

Social Engineering

...Social Engineering Social engineering has become the most popular method of compromising the security of personal data. The successful use of Social Engineering techniques has provided attackers and hackers the ability to breach computer systems and gain access to sensitive data. Many computer hackers have found that it is easier to trick somebody into giving his or her password than to carry out an elaborate hacking attempt. Social engineering is the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. Social engineering involves the use of manipulation to trick others into providing the needed information that can be used to steal data and or gain access to secured systems. Most victims of social engineering attacks never see their attackers and they seldom realize that they have been hacked or manipulated. I personally have sat through safety briefing about social engineering while in the army. Ever since then I have been very cautious about what information I make available to people. I tend to shred any mail or paperwork with possibly valuable information before throwing it in the waste can. I don’t leave stickers on my vehicle that would possibly reveal where I live. The main goal or focus of social engineering is to use human weakness to gain access to secure systems and or data. Despite the implementation of a wide range of security controls and measures into a......

Words: 630 - Pages: 3

Free Essay

Social Engineering

...Social engineering is one of the most successful types of attacks users can be subjected to. Companies can spend thousands of dollars on top of the line protection for the system, but how do you protect from the user? These type of attacks can happen to the most novice of computer users all the way up to the masters of the IT field. Common social engineering attacks can happen over the phone, in person or even just over the internet without direct social interaction. A lot of people believe they couldn’t possibly be a victim of social engineering attacks . A quote from Joan Goodchild’s article from Chris Roberts, a security consultant, discuses these feelings: “"So many people look at themselves or the companies they work for and think, 'Why would somebody want something from me? I don't have any money or anything anyone would want,'?" he said. "While you may not, if I can assume your identity, you can pay my bills. Or I can commit crimes in your name. I always try to get people to understand that no matter who the heck you are, or who you represent, you have a value to a criminal. " Popular social engineering attacks happen and are successful because of the need for social compliance. Most people want to help others, especially if that is your job (ie customer service representatives or help desk personnel). Being an employee in customer service can prove challenging when it comes to battling these attacks. “Social engineering is......

Words: 1344 - Pages: 6

Premium Essay

Social Engineering

...Social Engineering IFSM201 May 3, 2014 According to Tipton (2012) social engineering is a method used to influence a person into sharing information or acting in a manner that would result in unauthorized access to information system, network or data. Social engineering is a form of coning or deceiving someone. (Tipton, 2012, p. 1480) . Protecting organizations information is essential for any organization so they are able to stay in business. Impact by information breach can devastate and organization or individual. With all the looming cyber attacks, financial damage done by the attacks could bring the organization down. Organization would lose their customers, because many people would not want to put their information at risk once a security has been breached. Breaching the information happens more often through human error than computer system; once the information is gained from an employee the gate is wide open for the hackers. According to Hadnagy (2010) FBI has reported that 77% of attacks happened because of disgruntled employees. (Hadnagy, 2010, p. 4). Social engineering is widely used by hackers, instead of attempting to break into a system, hackers would try to gain information directly from an employee of an......

Words: 977 - Pages: 4

Free Essay

Social Engineering

...“You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” Kevin Mitnick [4] Social engineering is one of the ways hackers get an access to sensitive information, such as passwords, access codes, credit card numbers, etc. Instead of breaking into a computer system, the persuasive hackers trick people into giving up the information on their own. [1] According to the Security and Risk website, social engineering attacks are very costly for businesses. For example, once hackers get the needed log in information, they can then spy on an organization’s activity and transactions. Annually, an organization can lose thousands of dollars on such attacks. New employees are the primary victims that become the prey of hackers via phishing emails and social networking sites. [2] The most common method of social engineering attacks is phishing or spam scams. The victim receives an urgent email where he or she asked to follow a link to verify the account number or any other “important” data. Hackers use well known organizations and banks’ logos and these kinds of emails are very convincing. There are different variations to this method, though. Instead of phony emails, a victim can receive a phony call from an “authority” or an IT specialist that tries to get the sensitive information from a victim. Also, there are different variations to it when hackers pretend to be......

Words: 508 - Pages: 3

Free Essay

Security Attack

...Information Systems Security By: Jessica Burnheimer, Kathleen Cline, Brian Weiss Outline for Group paper I. Introduction II. Issues concerning Information Systems Security A. Define IS security B. Why IS security is necessary? C. History and Back round of IS security D. Current issues concerning IS security 1.) Spamming 2.) Hacking 3.) Jamming 4.) Malicious software 5.) Sniffing 6.) Spoofing 7.) Identity Theft III. Solutions to contemporary IS security issues A. Solutions for “Spamming” B. Solutions for “Hacking” C. Solutions for “Jamming” D. Solutions for “Malicious Software” E. Solutions for “Sniffing” F. Solutions for “Spoofing” G. Solutions for “Identity Theft” IV. The Future of Information Systems Security A. New technologies and techniques effecting the future of Information Systems Security B. Tips and information regarding maintaining a Secure Information System C. How security issues will continue to shape Information Systems Management V. Conclusion Abstract The purpose of this paper is to discuss the pressing issues pertaining to Information Systems security. We will be covering the history of Information Systems Security, the current security issues, and why it is important to be knowledgeable in Information Systems security. Also, we will cover some solutions to the issues......

Words: 4780 - Pages: 20

Free Essay

Security and Social Engineering

...SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say Something! 1 Objectives Understand the principles of social engineering Define the goals of social engineering Recognize the signs of social engineering Identify ways to protect yourself from social engineering Security is Everyone's Responsibility – See Something, Say Something! 2 What is Social Engineering 1. At its core it is manipulating a person into knowingly or unknowingly giving up information; essentially 'hacking' into a person to steal valuable information. • Psychological manipulation • Trickery or Deception for the purpose of information gathering Security is Everyone's Responsibility – See Something, Say Something! 3 What is Social Engineering 2. It is a way for criminals to gain access to information systems. The purpose of social engineering is usually to secretly install spyware, other malicious software or to trick persons into handing over passwords and/or other sensitive financial or personal information Security is Everyone's Responsibility – See Something, Say Something! 4 What is Social Engineering 3. Social engineering is one of the most effective routes to stealing confidential data from organizations, according to Siemens Enterprise Communications, based in Germany. In a recent Siemens test, 85 percent of office workers were......

Words: 608 - Pages: 3

Premium Essay

Sec440 Social Engineering

...Recommendations for Security Measures SEC440 Abstract A social engineering attack is a threat that can be both the most effective attack, as well as the most devastating. This paper will detail some of the strategies of identifying and circumventing a social engineering attempt on an organization. I will give real world examples of social engineering attacks and how the attack was able to succeed in easily infiltrating an organization’s IT systems. . Recommendations for Security Measures Dictionary.com defines Social Engineering as “the application of the findings of social science to the solution of actual social problems.” (Dictionary.com, 2011). However in the Information Security world we use this word in a more specific sense. Christopher Hadnagy wrote a great book on this subject called “Social Engineering: The Art of Human Hacking” He defines on his website that Social Engineering is “the act of manipulating a person to accomplish goals that may or may not be in the ‘target’s’ best interest. This may include obtaining information, gaining access, or getting the target to take certain action.” (Hadnagy, 2011). This is the definition of Social Engineering I will be using throughout this paper, and this is perhaps the most dangerous form of attack available to hackers. A Social Engineering attack can be initiated from many different vectors. A phone call could be made by an attacker to extract data. email phishing attacks can be composed to look like......

Words: 2263 - Pages: 10

Free Essay

Security Recommendations

...1) General Rules a) If it sounds too good to be true, it is. b) Need to know. Only give information to those people who need to know it and whose identity and security rights are known. c) People visiting our company in person should be watched carefully. 2) Around the Office d) Do not leave your computer logged in while you are not present. e) Do not allow a visitor to access your computer. f) Do not allow a visitor to plug a flash drive or CD into your computer g) Do not leave your computer logged in while you are not present. h) Shred all computer printouts as they are discarded. i) Shred all letters, memos and other paper. j) If in doubt SHRED IT! k) Computer Rooms should be locked at all times. l) Report suspicious behavior to security at once 3) On Your Computer m) Password Recommendations i) Passwords must be changed every 30 days ii) Passwords must be a least 8 characters. Characters should include at least 1 Capital Letter, 1 Small Letter, 1 number and 1 special character like; @#?|<>)(*&^%$ iii) Forgotten passwords can only be reset by visiting the help desk or IT support department in person and provide company identification card. n) Recognizing Phishing and Online Scams iv) If it sounds too good to be true, it is. v) If the message does not appear to be authentic, it probably is not. ...

Words: 884 - Pages: 4