gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed typos and changed some wording for clarity. (#28926)

Browse Source
This commit is contained in:
Andrew Mackie
2019-06-25 00:40:22 -07:00
committed by Huyen Nguyen
parent 231d388d8b
commit 8786caf103
1 changed files with 14 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
guide/english/security/social-engineering/index.md
View File

@ -8,37 +8,36 @@ Social Engineering is the art of gaining access to a secured system or resource
#### Traits of a good Social Engineering Hacker #### Traits of a good Social Engineering Hacker
* Demonstrates high emotional intelligence * Demonstrates high emotional intelligence
* Intuitive understanding of human psychology * Has an intuitive understanding of human psychology
* Charming and persuasive * Is charming and persuasive
* Patient and observant * Is patient and observant
* Adept at predicting human behavior based on exploiting the human need to be helpful, curious, greedy and vain * Is adept at predicting human behavior based on exploiting the human need to be helpful, curious, greedy and vain
#### Some examples of Social Engineering hacks #### Some examples of Social Engineering hacks
* Baiting: Leaving a malware infected USB at a coffee shop in the hope that someone is curious enough to plug it in and check it out. Once the person plugs the USB in, malware is installed on their computer. See "More Information" for a Black Hat talk about leaving infected USB drives behind for potential targets and the results of such attacks. * Baiting: Leaving a malware-infected USB at a coffee shop in the hope that someone will be curious enough to plug it in and check it out. Once the person plugs the USB in, malware is installed on their computer. See "More Information" for a Black Hat talk about leaving infected USB drives behind for potential targets and the results of such attacks.
* Pretexting: Telling lies to gain access to private information. An example would be impersonating a bank officer and asking people for personal information to 'confirm their account'. See "More Inforamtion" for a Pre-texting example where a social engineer makes changes to a target's cell phone account with very little known information. * Pretexting: Telling lies to gain access to private information. An example would be impersonating a bank officer and asking people for personal information to "confirm their account." See "More Information" for a pretexting example where a social engineer makes changes to a target's cell phone account with very little known information.
* Phishing: Sending an email which looks like it is from a trusted source to bait the user into clicking a link (to install malware) or replying with private information. * Phishing: Sending an email which looks like it is from a trusted source to bait the user into clicking a link (to install malware) or replying with private information.
See "More Information" for a link to test your phishing knowledge and see if you can tell the differece between a real e-mail and a phishing e-mail. See "More Information" for a link to test your phishing knowledge and see if you can tell the difference between a real email and a phishing email.
* Infiltrating: Impersonating someone legitimate in order to gain physical access to a secured location; for example, accessing an office by pretending to be the coffee-machine repair person.
* Lastly, the 419 scam, also known as Advanced-Fee Scam, is a real life example of social engineering. In Nigeria and other third world countries, people would manipulate people by connecting with people using emotional connections in order to scam money. Usually strategies would include: third world poor country status in need of donations or informing people they won scam money and asking for account numbers. These emails would be very convincing and many have fallen victims to these scams. * Lastly, the 419 scam, also known as Advanced-Fee Scam, is a real life example of social engineering. In Nigeria and other third world countries, people would manipulate people by connecting with people using emotional connections in order to scam money. Usually strategies would include: third world poor country status in need of donations or informing people they won scam money and asking for account numbers. These emails would be very convincing and many have fallen victims to these scams.
* Infiltrating: impersonating someone legitimate in order to gain physical access to a building/office etc., e.g. the coffee machine repair person
#### Prevention and Security #### Prevention and Security
Because Social Engineering requires little computer experience, it is a readily-available tool for individuals who wish to access sensitive data. Because Social Engineering requires little computer expertise, it is a readily-available tool for individuals who wish to access sensitive data.
The steps that an idividual can take to protect themselves from these attacks include: The steps that an individual can take to protect themselves from these attacks include:
* Avoid sharing sensitive data at all, if possible. * Avoid sharing sensitive data at all, if possible.
* If you must share, verify the source before giving them sensitive data. * If you must share, verify the source before giving them sensitive data.
* Be aware of random emails or phone numbers claiming to be friends, family, coworkers, institutuions, etc. * Be aware of random emails or phone calls claiming to be friends, family, coworkers, institutions, etc.
* Be aware of people in real life asking for information they shouldn't necessarily reqire. * Be aware of people in real life asking for information they shouldn't necessarily require.
* Destroy important documents before throwing them away. * Destroy important documents before throwing them away.
In general, the more you know about these attacks, the better prepared you are. Be concsious of who you share information with and why. In general, the more you know about these attacks, the better prepared you will be to combat them. Be conscious of who you share information with and why.
#### More Information: #### More Information:
* [What is Social Engineering?](https://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering) * [What is Social Engineering?](https://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering)