Social Engineering Techniques – Pretexting

Social Engineering Techniques – Pretexting

Pretexting is a social engineering technique wherein a hacker uses false pretenses to engage with with his/her intended victim in order to get information from that target. Basically it’s a lie with a made-up story to go along with it. Pretexting is often used to gain trust, and when trust is gained by the pretexter, data and privacy are in danger.

A classic example of pretexting in the offline world is someone pretending to be a pizza delivery guy (or gal) to gain access to the front door of a house. Once the door is open, the would-be criminal can peek inside, look for valuables, guard dogs, and the layout of the home. Pretexting in the online world tends to be electronic, such as IMing with someone over a long period of time and gaining their trust on a social networking site by pretending to be someone they aren’t.

Pretexting can be found anywhere sensitive information or privacy issue are a concern: your home, your work, or even you local cable company.

It would be virtually impossible to steer clear of a master pretexter, but you can keep your eyes (and ears) open (figuratively speaking) for someone online or offline who seems relatively innocuous at first, but then gets a little too nosy. Just remember that loose lips sink ships and you should be fine.

Image courtesy of http://www.flickr.com/photos/flipmovie/.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

The Most Dangerous Threat to Your (Internet) Security.

The Most Dangerous Threat to Your (Internet) Security.

There’s a threat lurking on your computer right now. A presence so fraught with security holes that to expose it to any malicious element on the Internet would likely result in things such as identity theft, spyware, hacked accounts, and worse. What’s this problem? The problem, my friend, is you.

“Only amateurs attack machines; professionals target people.” Bruce Schneier (computer security expert)

So you’re a danger to yourself and others around you when it comes to Internet security… don’t feel bad. We’re all guilty of it. As humans, we’re notoriously good at being bad: we forget to pick up the milk even though our significant other reminded us, we skip a meal and eat way too much later that night, and we certainly get complacent when it comes to Internet security. And that last thing, that’s what we’re talking about. You can deal with your SO and your doctor on those first two. 🙂

We’ve talked about social engineering before, which is an easy way for hackers and phishers to get information out of you. Instead of breaking into your computer they attempt to break into you, using emails, instant messages, and in some cases even phones or talking to you in real life (both of which are much more rare, but still possible). Once they have gained your trust they begin to break down walls and get at what they really want: your sensitive information. Passwords, account numbers, access codes… anything they can get their hands on that might prove valuable.

In order to stop these people from breaking into your life, you have to train yourself to jog your brain out of complacency when it comes to Internet security. Three of the easiest ways to lock out the bad guys are:

  1. Strong passwords:

    Maybe we’re sounding like a broken record here, but a good password is one of the easiest, and best, deterrents to attacks ranging from account privacy to identity theft. Build yourself a better password.

  2. Trust but verify:

    We’re not suggesting that you live your Internet life in a bubble, just use the same precautions you’d use in the real world. Use some of the tips we wrote in our blog post “5 Simple Tips to Staying Secure Online” and that should cover your bases.

  3. Lock down accounts:

    Your privacy is one of your most important assets online. For every service you use, from your bank to Facebook, make sure that you understand how their security and privacy policies affect you and lock down information such as your physical address and home phone number so that only people you want contacting you can do so.

Reducing the amount of information publicly available about you and keeping up with a few easy Internet security tips will go a long way to keeping you safe… from yourself. 🙂

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Online Crooks Spread Holiday Scams, Not Cheer.

Online Crooks Spread Holiday Scams, Not Cheer.

If it’s the end of the year then that means it’s time for Christmas, Hanukkah, Kwanzaa, and the annual ramp up of holiday-related scams, phishing, and other related online naughtiness. If only Santa had enough room on his Naughty List for all of the digital scammers!

It seems like every year the “bad kids” of the online world all seem to come together to get some year-end maliciousness out of their system. Increases in email spam, fake friend requests on social networking sites, and identity theft are part and parcel for the holiday season and this year is no different. If anything the current economic problems in America and the rest of the world make us all more likely to be a victim of holiday scams since we’re all on the hunt for great deals and looking for a way to stretch our holiday budgets.

Here’s a breakdown of some of the more common scams, schemes, and potential problems that you’ll find this year:

  • Fake gift cards

    A perennial favorite, fake gift cards are often touted as being sold for cheaper than their original price (e.g. a $25.00 gift card being sold for $10.00), but many times are either completely fake, stolen and worth no money, or have had most if not all of their value used already. We suggest that you avoid these at all cost unless you get them from the store they are actually from (like Amazon.com gift cards) or another reputable vendor.

  • Fake charities

    Organizations like the United Way, Red Cross, and Toys for Tots do wonders for people across the country, but be careful when making a donation. Be sure that the representative you’re talking to is actually working for a charitable organization and not his or her own pocketbook.

  • Holiday e-cards

    Even though the real ones can be fun, e-cards in general have been known to mask trojans and spyware that are installed on your PC without your knowledge. Be especially careful when you receive an e-card in your inbox during the holidays.

  • Lyric websites

    When looking for Christmas carols you might end up finding malware. Many lyric sites are chock-full of advertising, popups, and it’s easy to accidentally click “OK” on a software install button. Be very careful when getting your play list ready for your carolers.

  • Fake websites

    These tend to come out of the woodwork and often look very convincing. Identity theft and stolen credit card numbers are the usual gifts that are given to holiday scam artists when they set up a fake website that copies an online store or charitable website. Check out our post on “How to Spot a Fake Website” for additional details on how to know which are fake and which are real.

  • Online fraud

    eBay, CraigsList, and other online auction and shopping sites have great deals and a lot of hard-to-find gifts. They also have a lot of fraud associated with them since anyone with an email address can set up an account. Make sure to look for user ratings if possible (eBay in particular has a pretty darn good rating system for buyers and sellers) to see what a seller’s track record is like before you click on the buy button.

We hope that you find these tips useful this holiday season, and we wish you and yours the very happiest of holidays! And if you’ve got kids and they’re still young enough to believe in Santa Claus, check out this Naughty or Nice form that asks a few questions and lets them know what list they are on.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Social Engineering: A Digital Con Game.

Social networks such as Facebook, Twitter, and MySpace are wonderful ways to connect with friends and family. Unfortunately they also provide excellent resources for online crooks to gain sensitive information via social engineering, a term synonymous with con games in the world of computer security. By learning what social networking is, you can protect yourself from would-be (virtual) attackers and keep your data safe.

What is “social engineering”?

Social engineering is a non-technical intrusion using human interaction (thus, the “social” in “social engineering”) to gain information which directly, or indirectly, leads to a scam of some kind. The information compromised can be of any variety: passwords, access to computers and/or networks, account information, or anything else that can lead to additional data, money, identity theft, hacked accounts, or other problems for the victims. It’s considered a safer and easier way to run a con since the scammer rarely has to be physically present in front of the victim, so the Internet provides an excellent medium for these kinds of scams.

How does social engineering affect my social networking accounts?

Attempts to phish for information are notorious online, and you should learn how to protect yourself from phishers. Instant and direct messages, emails, chat… all forms of online communication have the potential to be tapped, spoofed, or intercepted. Whether it’s email, a social networking site, or something else, all it takes is one unsecure account and a bit of luck in order to gain access from hundreds, if not thousands, of other users. With access to one unsecured account, the scammer now has the trust of all of their friends and followers of the real account owner. The flood gates are now open for additional phishing attempts, data loss, and other forms of digital mischief.

Social engineering is very simple and very effective. The weakest link in any computer security scenario will always be a human, and social networks are chock full of them. With enough patience it’s only a matter of time before a scammer finds a victim.

How can I protect myself from being a victim?

The easiest way to guard against social engineering is to be skeptical of offers presented in emails, online, and over the phone. Social engineering attempts prey on every aspect of human behavior (greed, compassion, fear, love, etc.) and can even exploit outside events such as natural disasters and current news topics in order to extract information from the victim. Here are a few specific things you can do:

  • Ensure the legitimacy of anyone claiming to be a representative of a company, government office, or organization.
  • Never reveal personal information unless you are certain of their need for the information and that the information will be held in the strictest confidence.
  • Keep your passwords and other account access data secure. No company or it’s representatives should ever ask for your password, no matter how convincing the story they give you.
  • When entering sensitive information online, make sure you’re really on the web site you think you are on. Read our “How to Spot a Fake Website” post to learn more.
  • Never send sensitive and/or personal information via email or instant message to anyone, even friends and relatives. Spoofing emails and IM information is too easy.

If you come across a social engineering attempt, make sure to contact the service you used when the attempt occurred. Most social networking sites, companies, and organizations have a computer security team that handles these issues and you can help stop the spread of these attacks. Listed below are some resources for a few online services regarding safety, abuse, reporting, and/or support. To find out how to report on other sites, check their Help or Support links.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.