THE HELPFUL SECURITY GUARD
Swindlers
hope to find a person who's greedy because they are the ones most likely to
fall for a con game. Social engineers, when targeting someone such as a member
of a sanitation crew or a security guard,
hope to find someone who is good-natured, friendly, and trusting of others.
They are the ones most likely to be willing to help. That's just what the
attacker had in mind in the following story.
THE EMERGENCY PATCH
You
would think a tech support guy would understand the dangers of giving access to
the computer network to an outsider. But when that outsider is a clever social
engineer masquerading as a helpful software vendor, the results might not be
what you expect.
THE NEW GIRL
What
kind of information in your company's files might an attacker want to gain
access to? Sometimes it can be something you didn't think you needed to protect
at all.
PREVENTING THE CON
A
social engineer will always prefer to target an employee who is unlikely to
recognize that there is something suspicious about his requests. It makes his
job not only easier, but also less risky—as the stories in this chapter
illustrate.
Asking a coworker or subordinate to do a favor is a
common practice. Social engineers know how to exploit people's natural desire
to help and be a team player. An attacker exploits this positive human trait to
deceive unsuspecting employees into performing actions that advance him toward
his goal. It's important to understand this simple concept so you will be more
likely to recognize when another person is trying to manipulate you.
No comments:
Post a Comment