Social Engineering Attacks

stakhousstakhous Member Posts: 5 ■□□□□□□□□□
in Security+
I have read through a lot of resources for the Security+ exam pertaining to Social Engineering attacks. I wanted to ask some of you on this forum what social engineering attack you guys/girls think is the most prevalent?

Cheers
...
· Share on FacebookShare on Twitter

Comments

  • lordylordy Member Posts: 632 ■■■■□□□□□□
    I would assume that SE through email is the most common one.

    Many people still do not know that the sending address of an email can be easily faked and therefor can be victims of these attacks.

    On the other hand it's probably popular because it's cheap, easy to do and pretty anonymous.

    Regards,
    Lordy
    Working on CCNP: [X] SWITCH --- [ ] ROUTE --- [ ] TSHOOT
    Goal for 2014: RHCA
    Goal for 2015: CCDP
    · Share on FacebookShare on Twitter
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    Although social engineering attacks by telephone are commonly uses as examples in social engineering papers, I agree that SE through email is the most common one.

    Here's a thought: social engineering involves impersonation, and could be looked at as the non-technical equivalent of spoofing. In a phishing attack these two usually come together as the sender address is spoofed, in an attempt to social engineer the target (which does involve more than just spoofing the address, the content of the email has to be convincing.

    Here's another one: social engineering attacks through email can be divided into two main categories. Personal and public attacks. The first is targetted at a single person/company and the contents is targetted to that entity personally. The second is a phishing attack in which a large public is targetted with the same content. The first is obviously more like a classical Kevin Mitnick social engineering attack in which a telephone call is made to fool a target into disclosing information.
    LinkedIn - FaceBook
    · Share on FacebookShare on Twitter
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    << has been suckered in by one of those. Easy to happen when your mind is away with the faries and you are not concentrating on the job in hand.
    www.supercross.com
    FIM website of the year 2007
    · Share on FacebookShare on Twitter
  • cdad2000cdad2000 Member Posts: 323
    Call me old fashion, I prefer telephone impersonation like my ideal kevin M.
    · Share on FacebookShare on Twitter
  • darkuserdarkuser Member Posts: 620 ■■■□□□□□□□
    kevin also had a female making calls for him....

    http://www.takedown.com/index.html
    rm -rf /
    · Share on FacebookShare on Twitter
  • Chivalry1Chivalry1 Member Posts: 569
    Yes absolutely by email. Many SE attacks are accredited to spoofed email headers. I have seen it in relation to email claiming to be from the IT department.
    "The recipe for perpetual ignorance is: be satisfied with your opinions and
    content with your knowledge. " Elbert Hubbard (1856 - 1915)
    · Share on FacebookShare on Twitter
Sign In or Register to comment.