Interesting Methods Being Employed by Social Engineers

Wanting to learn more regarding social engineering and what I should be looking out for, I decided to search for some recent methods social engineers have been using to entangle their victims.  I came across an article written by Joan Goodchild, called “5 More Dirty Tricks: Social Engineers’ Latest Pick-Up Lines”, put up on csoonline.com not more than a few weeks ago, which as referenced in the title was exactly what I had been looking for.

The article mentioned a method that requires impersonation on the part of the social engineer. The attacker is to impersonate a Microsoft support employee calling a person and claiming that an unusual amount of errors have been coming from their computer and they would like to help you fix it.  Then the so-called employee proceeds to give the victim a step-by-step on how to view these errors that were mentioned.  The article states that Windows users consistently have a number of errors shown in their event logs because it logs every little error that occurs, however, to the inexperienced user this can look quite worrisome. Now that they have actually seen the errors that are spoken of they are, of course, eager to listen to their attacker on how to solve the problem. The attacker then tells them to go to teamviewer.com, ” a remote access service that will give them control of the machine.” From this point on he or she installs some type of malware in order to access the victims computer at any time.

Link to the article: http://www.csoonline.com/article/690451/5-more-dirty-tricks-social-engineers-latest-pick-up-lines?page=1

Advertisements

2 thoughts on “Interesting Methods Being Employed by Social Engineers

  1. It’s scary how easy this is. Of course there are no internet police, but still. Seems SO easy.

  2. What makes this unsettling for me is that police can’t do anything about harassment online. You can be threatened, harassed, shown all the information that is known about you (including your house, workplace, school), and the authorities can’t do ANYTHING about it unless your assets are touched. I knew a girl who has been through this. Her and her family were threatened. She called the cops, and realized how alone she really was should the harasser follow through on any of his threats. They couldn’t do squat unless her bank or credit assets had been broken into. Only her e-mail was broken into that’s how they got all her information. If anyone knows any good measures to take if this situation already happened let me know, it would be a good resource to have.

Comments are closed.