Hackers, Crackers, Social Engineering, and Phishing-Cyber-Crimes
Because so many people use the web for their day-to-day needs, cyber-crimes is one of the most common identity thefts for both business and private individuals. “People we are our weakest link”! Stay protected on-line from Hackers, Crackers, Social Engineering and Phishing…
A hacker is a person intensely interested in the working of computer operating systems. Hackers are most often computer programmers and possess advanced knowledge of operating systems and programming languages. They often find holes within systems and freely share what they have discovered and never intentionally damage data.
A cracker breaks into and violates they system integrity of the remote machines with malicious intent. They often destroy vital data and cause problems for their targets. Who can be hacked? Anyone!!! Many Government, Banks, Credit Unions, Military Servers, University and Internet Service Providers have been hacked. When a cracker successfully penetrates a site, they gain greater prestige among their fellow hackers.
The Human approach to the Quiet Con Game. “People are our weakest link”! There are several techniques available to a hacker for breaching information security defences of an organization. The human approach termed ‘Social Engineering’ is probably the most difficult to be dealt with. Social Engineering is the art of manipulating people into performing actions or divulging confidential information. Social Engineering – the internet for example is a fertile ground for social engineers that are looking to harvest passwords, or attempts are made to criminally and fraudulently acquire sensitive information such as passwords, usernames and credit card details by masquerading as a trustworthy entity in an electronic communication. The goal of the social engineer is to trick the victim into giving them what they want. They prey on the qualities of human nature.
There are two levels of Social Engineering attempts: the physical and psychological human-based and Technology-based with five major attack vectors that social engineering hackers uses:
- Telephone/Spying and Eavesdropping
- On-Line/Chain Emailing/Pop-Ups
- Waste Management/Dumpster Diving
- Personal Approaches/Direct Approaches
- Reverse Social Engineering/Voice of Authority
Telephone/Telephone Spoofing/Spying and Eavesdropping – Manipulation.
Hackers use telephones to persuade the victim into divulging confidential information. One technique that you maybe familiar with is telephone spoofing which is a practice in which the display number on the recipients caller ID display is actually not from the originating station. It can make the call appear to have come from any phone number the caller wishes. People tend to give high trust in the Caller ID system, therefore, the victim is easily lured into the malicious callers motivation, which is to gain and steal personal information, and money.
Eavesdropping, also known as shoulder surfing is simply when someone is looking over your shoulder and watching everything that you are doing. The shoulder surfer will look over someone’s shoulder to gain access to computers, PIN numbers, and passwords etc. An example, the victim using a computer, whether it be at home or work, or in a public place. It would be so easy to gain access to that computer once the the perpetrator has knowledge of the passwords and user names. Access can also be done remotely by use of cameras and software. Another example of eavesdropping would be someone at an ATM location. Sometimes the ATM locations are not as secluded as we think. All the perpetrator would have to do is gain access to your PIN and they are in! You must be aware of your surroundings.
Phising is a way of attempting to acquire and steal personal information such as usernames, passwords, credit card details or whatever personal information is revealed. It is used to deceive users. This is done by masquerading a trustworthy entity in an electronic format from popular social website’s, online payment processors, banks, ebay, PayPal, auction sites and so on. The perpetrator will lure the unsuspecting public typically by email spoofing or instant messaging. Often the perpetrator directs the victim to enter details at a fake website who’s look and feel are almost identical to the legitimate one either by having the victim reply to an email with the details to enter this information or by getting the victim to enter the details on the web page. Legitimate business will never ask you for your account login details via emails. If you receive such emails claiming to be from your bank, or institution, you can be 100% positive, that this is a phising scam email.
Email bombing is a process of repeatedly sending email messages to a particular victim or address. Often times these messages are constructed using meaningless data to gather additional system and network resources, which intern causes denial of service to the victim.
Email Spamming is a deviation of email bombing. It often sends to hundreds of thousands of users, which expands to many other users. It can be even worse when someone reply’s to the email, as this causes all the original email addresses to receive the reply.
Email spoofing is a form of an email received that appears to have originated from a trusted source such as a friend , a co-worker, or a systems administrator. The email can appear to be from the systems administrator, for example, requesting that all of the users change their passwords to a specified string and threatening to suspended the user accounts if they do not comply. There maybe several forms of email spoofing but they will all have a similar result.
When email bombing and spamming are combined with email spoofing, it much more difficult to determine who actually sent the email.
Because so many people use the web for their day-to-day needs, cyber-crimes is one of the most common identity thefts for both business and private individuals. Many have become victims of cyber-criminals who take advantage of the loopholes in the security. Hackers steel and assume the identity of personal data usually unknowingly to the victim, and these hackers commit fraud and other crimes.
Dumpster diving is a practice of sifting through residential or commercial trash to find items that may have data or personal information on the discarded trash. In the technology world, finding access codes, passwords, written down on sticky notes could carry out an attack on a computer network or gain access to the computer network. If the dumpster diving is done on household trash, this could mean identity theft of your social insurance number, credit card information, and many other financial documents and personal data that is easily stolen.
Personal Approaches/Direct Approaches
Personal approaches can easily be done by persuading the victim to give out confidential information by convincing them they are someone who is a trusted source. A direct approach can be as simple as letting a disguised repairman inside your company’s’ office or building without first checking and verifying their credentials.
Reverse Social Engineering/Voice of Authority
Reverse Social engineering is a practice in which the attacker can get their victims to call them back pertaining to when the attacker has already done reconnaissance and had some luck with the previous attacks. The victim is already at the attacker’s mercy and it’s almost impossible for the victim to tell if they are being attacked.
Using a voice of authority is another technique that attackers may use. Our human nature has a tendency to trust people. Too many of us have seen the negative reactions of our superiors, so naturally, most of us have a fear of getting in trouble. By using an ‘authoritative voice’ gaining access to the system by using threats i.e. “I will have you fired if you don’t give me the password!”