Заглавная страница Избранные статьи Случайная статья Познавательные статьи Новые добавления Обратная связь КАТЕГОРИИ: АрхеологияБиология Генетика География Информатика История Логика Маркетинг Математика Менеджмент Механика Педагогика Религия Социология Технологии Физика Философия Финансы Химия Экология ТОП 10 на сайте Приготовление дезинфицирующих растворов различной концентрацииТехника нижней прямой подачи мяча. Франко-прусская война (причины и последствия) Организация работы процедурного кабинета Смысловое и механическое запоминание, их место и роль в усвоении знаний Коммуникативные барьеры и пути их преодоления Обработка изделий медицинского назначения многократного применения Образцы текста публицистического стиля Четыре типа изменения баланса Задачи с ответами для Всероссийской олимпиады по праву Мы поможем в написании ваших работ! ЗНАЕТЕ ЛИ ВЫ?
Влияние общества на человека
Приготовление дезинфицирующих растворов различной концентрации Практические работы по географии для 6 класса Организация работы процедурного кабинета Изменения в неживой природе осенью Уборка процедурного кабинета Сольфеджио. Все правила по сольфеджио Балочные системы. Определение реакций опор и моментов защемления |
Common Social Engineering Methods
Posing as a fellow employee
Posing as an employee of a vendor, partner company, or law enforcement
Posing as someone in authority
Posing as a new employee requesting help
Posing as a vendor or systems manufacturer calling to offer a system patch or update
Offering help if a problem occurs, then making the problem occur, thereby manipulating the victim to call them for help
Sending free software or patch for victim to install
Sending a virus or Trojan Horse as an email attachment
Using a false pop-up window asking user to log in again or sign on with password
Capturing victim keystrokes with expendable computer system or program
Leaving a floppy disk or CD around the workplace with malicious software on it
Using insider lingo and terminology to gain trust Offering a prize for registering at a Web site with username and password Dropping a document or file at company mail room for intraoffice delivery
Modifying fax machine heading to appear to come from an internal location
Asking receptionist to receive then forward a fax
Asking for a file to be transferred to an apparently internal location
Getting a voice mailbox set up so call backs perceive attacker as internal
Pretending to be from remote office and asking for email access locally
Warning Signs of an Attack Refusal to give call back number
Out-of-ordinary request
Claim of authority
Stresses urgency
Threatens negative consequences of non compliance
Shows discomfort when questioned
Name dropping
Compliments or flattery
Flirting
Common Targets of Attacks TARGET TYPE / EXAMPLES
Unaware of value of information Receptionists, telephone operators, administrative assistants, security guards.
Special privileges Help desk or technical support, system administrators, computer operators, telephone system administrators.
Manufacturer / vendor Computer hardware, software manufacturers, voice mail systems vendors.
Specific departments Accounting, human resources.
Factors That Make Companies More Vulnerable To Attacks Large number of employees
Multiple facilities
Information on employee whereabouts left in voice mail messages
Phone extension information made available
Lack of security training
Lack of data classification system
No incident reporting/response plan in place
VERIFICATION AN D DATA CLASSIFICATION These tables and charts will help you to respond to requests for information or action that may be social engineering attacks.
Verification of Identity Procedure ACTION / DESCRIPTION Verify call is internal, and name or extension number matches the identity of the caller.
Callback Look up requester in company directory and call back the listed extension.
Vouching Ask a trusted employee to vouch for requester's identity.
Request enterprise-wide shared secret, such as a password or daily code. Supervisor or manager Contact employee's immediate supervisor and request verification of identity and employment status.
Secure email Request a digitally signed message.
Personal voice recognition For a caller known to employee, validate by caller's voice.
Dynamic passwords Verify against a dynamic password solution such as Secure ID or other strong authentication device.
In person Require requester to appear in person with an employee badge or other identification.
Verification of Employment Status Procedure ACTION / DESCRIPTION Employee directory check Verify that requester is listed in online directory. Requester's manager verification Call requester's manager using phone number listed in company directory.
|
|||||
Последнее изменение этой страницы: 2020-11-11; просмотров: 124; Нарушение авторского права страницы; Мы поможем в написании вашей работы! infopedia.su Все материалы представленные на сайте исключительно с целью ознакомления читателями и не преследуют коммерческих целей или нарушение авторских прав. Обратная связь - 3.133.109.30 (0.009 с.) |