[vc_row content_placement=”middle”][vc_column width=”2/3″][vc_wp_text]
[/vc_wp_text][/vc_column][vc_column width=”1/3″][vc_wp_text][xyz-ips snippet=”metadatatime”]
[/vc_wp_text][/vc_column][/vc_row][vc_row content_placement=”middle”][vc_column width=”2/3″][vc_column_text]
Information security is important for every organisation and individual. But there is a fake idea that they can protect their datas with the most expensive cyber security softwers and tools. Not taking into a consideration, that these softwers and tools are as much strong as the weakest link in their organisation. That’s actually the human. The naivety, kindness and curiosity can easily lead to the leak of critical information. A charismatic and creative Social Engineer with good communication skills is able to get to the most sensitive datas with enough time and patience. That how efficient technic we are talking about, David Mitnick can be a good example for it, who is the master of persuasion.
Here are a few article about Kevin Mitnick in hungarian and english:
Social Engineering can be divided attacks in human-based and information technology. The human-based techniques happen face to face at most. Therefore, the danger of duck is bigger. For example, „piggybacking” or „tailgating” is for the delusion the service staff in such a way that the attacker gets into the picked facility. Besides this, asking of providing help can be efficient way too. At the former one, the attacker asks to critical information by helpfulness. Speaking of a user name, a security question or an e-mail address. On the contrary, at the latter one the attacker does a situation where the target person doesn’t query the attacker’s credibility.
It’s interesting to mention, that by getting in this way the attacker can have access not just to sensitive information, but it can site harmful programs on our tools. Like keylogger that stores our keyboard press with. It can see the content of clipboard or watch the visiting of webpages.
On the other hand, attacking with information technology has its own popular way named „phishing”. That could be narrowed by „spear phishing” or „whaling”. It is based on the psychological manipulation that the e-mail or webpage is authentic. So that the deluded person gives personal datas – username, password, bank account and so on – without knowing.
Some useful advice to recognition of phising:
- Always check the domain where the e-mail came from!
- Always check what pages the links show on!
- Check the header for the sender’s name!
- The subject is often about an immediate act (for example an account for paying or back personal data checking)
- Watch the lingual mistakes!
- The sender is like a known address but it seems different (facebak.com)
Check the attachment, what can be tainted![/vc_column_text][vc_separator][vc_column_text]
As a conclusion, always handle the unknown e-mails, phone calls and other personal searchings with a distrust. In the organisation, always inform the users about attacks like this one and also the training must be top priority to avoid sensitive data leak.