In this article we will talk about Deception Methods, and in previous article we already discussed about Linux Directory.
A criminal observes, or shoulder surfs, to pick up PINs, access codes or credit card numbers. An attacker can be in close proximity to his victim or the attacker can use binoculars or closed circuit cameras to shoulder surf. That is one reason that a person can only read an ATM screen at certain angles. These types of safeguards make shoulder surfing much more difficult.
“One man’s trash is another man’s treasure”. This phrase can be especially true in the world of dumpster diving which is the process of going through a target’s trash to see what information an organization throws out. Consider securing the trash receptacle. Any sensitive information should be properly disposed of through shredding or the use of burn bags, a container that holds classified or sensitive documents for later destruction by fire.
Impersonation is the action of pretending to be someone else. For example, a recent phone scam targeted taxpayers. A criminal, posing as an IRS employee, told the victims that they owed money to the IRS. The victims must pay immediately through a wire transfer. The impersonator threatened that failure to pay will result in an arrest. Criminals also use impersonation to attack others. They can undermine the credibility of individuals by using website or social media postings.
A hoax is an act intended to deceive or trick. A cyber hoax can cause just as much disruption as an actual breach would cause. A hoax elicits a user reaction. The reaction can create unnecessary fear and irrational behavior. Users pass hoaxes through email and social media.
Piggybacking and Tailgating
Piggybacking occurs when a criminal tags along with an authorized person to gain entry into a secure location or a restricted area. Criminals use several methods to piggyback:
- They give the appearance of being escorted by the authorized individual
- They join a large crowd pretending to be a member
- They target a victim who is careless about the rules of the facility
Tailgating is another term that describes the same practice.
A mantrap prevents piggybacking by using two sets of doors. After individuals enter an outer door, that door must close before entering the inner door.
Forwarding hoax emails and other jokes, funny movies, and non-work-related emails at work may violate the company’s acceptable use policy and result in disciplinary actions.
Organizations need to promote awareness of social engineering tactics and properly educate employees on prevention measures, such as the following:
- Never provide confidential information or credentials via email, chat sessions, in-person, or on the phone to unknown parties.
- Resist the urge to click on enticing emails and website links.
- Keep an eye out for uninitiated or automatic downloads.
- Establish policies and educate employees about those policies.
- When it comes to security, give employees a sense of ownership.
- Do not fall to pressure from unknown individuals.