|
|
ICT-Hotlist Topic
What is Social engineering and the seven Weaknesses?
Published : 2014-01-30.
Last updated : 2020-10-31.
According to the research report
"Cisco 2010 Annual Security Report"(page 19) internet attacks occur not only by flawed technology, but mostly because of naive
users. The report presents a list of seven fatal weaknesses that cybercriminals use for social engineering, whether in the form
of e-mails, social networks, chat or phone. These seven weaknesses are:
-
Sex Appeal
- Tempting users by pretending to be an attractive man or woman. People need to take caution when suddenly an unknown flirter
pops up. The attacker might have less romantic intentions.
-
Greed
- When something is too good to be true, it probably is. People considering getting an iPod for free, or expect a percentage
of a Nigerian money transfer should better restrain themselves.
-
Vanity
- Scammers try to convince victims that they are chosen, winners or belong to a very select group of people to receive this
special offer. Unfortunately we have to conclude that we all are not so unique.
-
Trust
- Internet criminals pretending to be employees of a well-known and reliable brand derive their trust from this brand. On the
other hand, scammers try to impersonate a well-known person who can be trusted. Users of ICT systems must ask themselves
whether this unexpected e-mail or phone call is really originating from the sender or caller.
-
Sloth
- By using shortened URLs in mails that appear to originate from banks etc., lazy people are lured to a website under the
pretext to validate data or to verify that the e-mail is legitimate. Instead of asking themselves why that e-mail with the
reference (link) to that funny movie on YouTube is sent to them, they just click on the links.
-
Compassion
- With heartbreaking personal stories or exploiting known major natural disasters scammers induce pity to receive donations.
Recipients of these messages must be very skeptical.
-
Urgency
- People are tempted to react immediately because an offer expires, or because colleagues need some information quickly. When
mails or phone calls use an urgency construction, users should not respond immediately but take their time to assess the source
of the message.
Scripts and programming examples disclaimer
Unless stated otherwise, the script sources and programming examples provided are copyrighted freeware.
You may modify them, as long as a reference to the original code and hyperlink to the source page is included in the modified code and documentation.
However, it is not allowed to publish (copies of) scripts and programming examples on your own site, blog, vlog, or distribute them on paper or any other medium, without prior written consent.
Many of the techniques used in these scripts, including but not limited to modifying the registry or system files and settings, impose a risk of rendering the Operating System inoperable and loss of data.
Make sure you have verified full backups and the associated restore software available before running any script or programming example.
Use these scripts and programming examples entirely at your own risk. All liability claims against the author in relation to material or non-material losses caused by the use, misuse or non-use of the information provided, or the use of incorrect or incomplete information, are excluded. All content is subject to change and provided without obligation.
|