fbpx
Wikipedia

Social engineering (security)

October 13, 2023

For the influencing of attitudes and social behaviors on a large scale, see social engineering (political science).

In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.[1] It has also been defined as "any act that influences a person to take an action that may or may not be in their best interests."[2]

OPSEC alert

Techniques and terms Edit

All social engineering techniques are based on attributes of human decision-making known as cognitive biases.[3][4]

One example of social engineering is an individual who walks into a building and posts an official-looking announcement to the company bulletin that says the number for the help desk has changed. So, when employees call for help the individual asks them for their passwords and IDs thereby gaining the ability to access the company's private information. Another example of social engineering would be that the hacker contacts the target on a social networking site and starts a conversation with the target. Gradually the hacker gains the trust of the target and then uses that trust to get access to sensitive information like password or bank account details.[5]

Other concepts Edit

Pretexting Edit

Main article: Pretexting

Pretexting (adj. pretextual) is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.[6] An elaborate lie, it most often involves some prior research or setup and the use of this information for impersonation (e.g., date of birth, Social Security number, last bill amount) to establish legitimacy in the mind of the target.[7]

Water holing Edit

Main article: Watering hole attack

Water holing is a targeted social engineering strategy that capitalizes on the trust users have in websites they regularly visit. The victim feels safe to do things they would not do in a different situation. A wary person might, for example, purposefully avoid clicking a link in an unsolicited email, but the same person would not hesitate to follow a link on a website they often visit. So, the attacker prepares a trap for the unwary prey at a favored watering hole. This strategy has been successfully used to gain access to some (supposedly) very secure systems.[8]

Baiting Edit

Baiting is like the real-world Trojan horse that uses physical media and relies on the curiosity or greed of the victim.[9] In this attack, attackers leave malware-infected floppy disks, CD-ROMs, or USB flash drives in locations people will find them (bathrooms, elevators, sidewalks, parking lots, etc.), give them legitimate and curiosity-piquing labels, and wait for victims.

Unless computer controls block infections, insertion compromises PCs "auto-running" media. Hostile devices can also be used.[10] For instance, a "lucky winner" is sent a free digital audio player compromising any computer it is plugged to. A "road apple" (the colloquial term for horse manure, suggesting the device's undesirable nature) is any removable media with malicious software left in opportunistic or conspicuous places. It may be a CD, DVD, or USB flash drive, among other media. Curious people take it and plug it into a computer, infecting the host and any attached networks. Again, hackers may give them enticing labels, such as "Employee Salaries" or "Confidential".[11]

One study published in 2016 had researchers drop 297 USB drives around the campus of the University of Illinois. The drives contained files on them that linked to webpages owned by the researchers. The researchers were able to see how many of the drives had files on them opened, but not how many were inserted into a computer without having a file opened. Of the 297 drives that were dropped, 290 (98%) of them were picked up and 135 (45%) of them "called home".[12]

Examples of social engineers Edit

Susan Headley Edit

Susan Headley became involved in phreaking with Kevin Mitnick and Lewis de Payne in Los Angeles, but later framed them for erasing the system files at US Leasing after a falling out, leading to Mitnick's first conviction. She retired to professional poker.[13]

Mike Ridpath Edit

Mike Ridpath Security consultant, published author, and speaker. Previous member of w00w00. Emphasizes techniques and tactics for social engineering cold calling. Became notable after his talks where he would play recorded calls and explain his thought process on what he was doing to get passwords through the phone and his live demonstrations.[14][15][16][17][18] As a child Ridpath was connected with Badir Brothers and was widely known within the phreaking and hacking community for his articles with popular underground ezines, such as, Phrack, B4B0 and 9x on modifying Oki 900s, blueboxing, satellite hacking and RCMAC.[19][20]

Badir Brothers Edit

Brothers Ramy, Muzher, and Shadde Badir—all of whom were blind from birth—managed to set up an extensive phone and computer fraud scheme in Israel in the 1990s using social engineering, voice impersonation, and Braille-display computers.[21][22]

Christopher J. Hadnagy Edit

Christopher J. Hadnagy is an American social engineer and information technology security consultant. He is best known as an author of 4 books on social engineering and cyber security[23][24][25][26] and founder of Innocent Lives Foundation, an organization that helps tracking and identifying child trafficking by seeking the assistance of information security specialists, using data from open-source intelligence (OSINT) and collaborating with law enforcement.[27][28]

Law Edit

In common law, pretexting is an invasion of privacy tort of appropriation.[29]

Pretexting of telephone records Edit

In December 2006, United States Congress approved a Senate sponsored bill making the pretexting of telephone records a federal felony with fines of up to $250,000 and ten years in prison for individuals (or fines of up to $500,000 for companies). It was signed by President George W. Bush on 12 January 2007.[30]

Federal legislation Edit

The 1999 Gramm-Leach-Bliley Act (GLBA) is a U.S. Federal law that specifically addresses pretexting of banking records as an illegal act punishable under federal statutes. When a business entity such as a private investigator, SIU insurance investigator, or an adjuster conducts any type of deception, it falls under the authority of the Federal Trade Commission (FTC). This federal agency has the obligation and authority to ensure that consumers are not subjected to any unfair or deceptive business practices. US Federal Trade Commission Act, Section 5 of the FTCA states, in part: "Whenever the Commission shall have reason to believe that any such person, partnership, or corporation has been or is using any unfair method of competition or unfair or deceptive act or practice in or affecting commerce, and if it shall appear to the Commission that a proceeding by it in respect thereof would be to the interest of the public, it shall issue and serve upon such person, partnership, or corporation a complaint stating its charges in that respect."

The statute states that when someone obtains any personal, non-public information from a financial institution or the consumer, their action is subject to the statute. It relates to the consumer's relationship with the financial institution. For example, a pretexter using false pretenses either to get a consumer's address from the consumer's bank, or to get a consumer to disclose the name of their bank, would be covered. The determining principle is that pretexting only occurs when information is obtained through false pretenses.

While the sale of cell telephone records has gained significant media attention, and telecommunications records are the focus of the two bills currently before the United States Senate, many other types of private records are being bought and sold in the public market. Alongside many advertisements for cell phone records, wireline records and the records associated with calling cards are advertised. As individuals shift to VoIP telephones, it is safe to assume that those records will be offered for sale as well. Currently, it is legal to sell telephone records, but illegal to obtain them.[31]

1st Source Information Specialists Edit

U.S. Rep. Fred Upton (R-Kalamazoo, Michigan), chairman of the Energy and Commerce Subcommittee on Telecommunications and the Internet, expressed concern over the easy access to personal mobile phone records on the Internet during a House Energy & Commerce Committee hearing on "Phone Records For Sale: Why Aren't Phone Records Safe From Pretexting?" Illinois became the first state to sue an online records broker when Attorney General Lisa Madigan sued 1st Source Information Specialists, Inc. A spokeswoman for Madigan's office said. The Florida-based company operates several Web sites that sell mobile telephone records, according to a copy of the suit. The attorneys general of Florida and Missouri quickly followed Madigan's lead, filing suits respectively, against 1st Source Information Specialists and, in Missouri's case, one other records broker – First Data Solutions, Inc.

Several wireless providers, including T-Mobile, Verizon, and Cingular filed earlier lawsuits against records brokers, with Cingular winning an injunction against First Data Solutions and 1st Source Information Specialists. U.S. Senator Charles Schumer (D-New York) introduced legislation in February 2006 aimed at curbing the practice. The Consumer Telephone Records Protection Act of 2006 would create felony criminal penalties for stealing and selling the records of mobile phone, landline, and Voice over Internet Protocol (VoIP) subscribers.

Hewlett Packard Edit

Patricia Dunn, former chairwoman of Hewlett Packard, reported that the HP board hired a private investigation company to delve into who was responsible for leaks within the board. Dunn acknowledged that the company used the practice of pretexting to solicit the telephone records of board members and journalists. Chairman Dunn later apologized for this act and offered to step down from the board if it was desired by board members.[32] Unlike Federal law, California law specifically forbids such pretexting. The four felony charges brought on Dunn were dismissed.[33]

References Edit

  1. ^ Anderson, Ross J. (2008). Security engineering: a guide to building dependable distributed systems (2 ed.). Indianapolis, IN: Wiley. p. 1040. ISBN 978-0-470-06852-6. Chapter 2, page 17
  2. ^ "Social Engineering Defined". Security Through Education. Retrieved 3 October 2021.
  3. ^ Jaco, K: "CSEPS Course Workbook" (2004), unit 3, Jaco Security Publishing.
  4. ^ Kirdemir, Baris (2019). "HOSTILE INFLUENCE AND EMERGING COGNITIVE THREATS IN CYBERSPACE". Centre for Economics and Foreign Policy Studies.
  5. ^ Hatfield, Joseph M (June 2019). "Virtuous human hacking: The ethics of social engineering in penetration-testing". Computers & Security. 83: 354–366. doi:10.1016/j.cose.2019.02.012. S2CID 86565713.
  6. ^ The story of HP pretexting scandal with discussion is available at Davani, Faraz (14 August 2011). "HP Pretexting Scandal by Faraz Davani". Retrieved 15 August 2011 – via Scribd.
  7. ^ "Pretexting: Your Personal Information Revealed", Federal Trade Commission
  8. ^ "Chinese Espionage Campaign Compromises Forbes.com to Target US Defense, Financial Services Companies in Watering Hole Style Attack". invincea.com. 10 February 2015. Retrieved 23 February 2017.
  9. ^ . Light Reading Inc. 7 June 2006. Archived from the original on 13 July 2006. Retrieved 23 April 2014.
  10. ^ (PDF). Archived from the original (PDF) on 11 October 2007. Retrieved 2 March 2012.{{cite web}}: CS1 maint: archived copy as title (link)
  11. ^ Conklin, Wm. Arthur; White, Greg; Cothren, Chuck; Davis, Roger; Williams, Dwayne (2015). Principles of Computer Security, Fourth Edition (Official Comptia Guide). New York: McGraw-Hill Education. pp. 193–194. ISBN 978-0071835978.
  12. ^ Raywood, Dan (4 August 2016). "#BHUSA Dropped USB Experiment Detailed". info security. Retrieved 28 July 2017.
  13. ^ Hafner, Katie (August 1995). "Kevin Mitnick, unplugged". Esquire. 124 (2): 80(9).
  14. ^ Social Engineering: Manipulating the human. Scorpio Net Security Services. 16 May 2013. ISBN 9789351261827. Retrieved 11 April 2012.
  15. ^ Niekerk, Brett van. "Mobile Devices and the Military: useful Tool or Significant Threat". Proceedings of the 4Th Workshop on Ict Uses in Warfare and the Safeguarding of Peace 2012 (Iwsp 2012) and Journal of Information Warfare. academia.edu. Retrieved 11 May 2013.
  16. ^ "Social Engineering: Manipulating the human". YouTube. Retrieved 11 April 2012.
  17. ^ . Ustream.tv. 7 October 2011. Archived from the original on 4 August 2012. Retrieved 11 April 2012.
  18. ^ "Automated Social Engineering". BrightTALK. 29 September 2011. Retrieved 11 April 2012.
  19. ^ "Social Engineering a General Approach" (PDF). Informatica Economica journal. Retrieved 11 January 2015.
  20. ^ "Cyber Crime". Hays. 7 November 2018. ISBN 9781839473036. Retrieved 11 January 2020.
  21. ^ "Wired 12.02: Three Blind Phreaks". Wired. 14 June 1999. Retrieved 11 April 2012.
  22. ^ "Social Engineering A Young Hacker's Tale" (PDF). 15 February 2013. Retrieved 13 January 2020. {{cite journal}}: Cite journal requires |journal= (help)
  23. ^ "43 Best Social Engineering Books of All Time". BookAuthority. Retrieved 22 January 2020.
  24. ^ "Bens Book of the Month Review of Social Engineering The Science of Human Hacking". RSA Conference. 31 August 2018. Retrieved 22 January 2020.
  25. ^ "Book Review: Social Engineering: The Science of Human Hacking". The Ethical Hacker Network. 26 July 2018. Retrieved 22 January 2020.
  26. ^ Hadnagy, Christopher; Fincher, Michele (22 January 2020). "Phishing Dark Waters: The Offensive and Defensive Sides of Malicious E-mails". ISACA. Retrieved 22 January 2020.
  27. ^ "WTVR:"Protect Your Kids from Online Threats"
  28. ^ Larson, Selena (14 August 2017). "Hacker creates organization to unmask child predators". CNN. Retrieved 14 November 2019.
  29. ^ Restatement 2d of Torts § 652C.
  30. ^ "Congress outlaws pretexting". 109th Congress (2005–2006) H.R.4709 – Telephone Records and Privacy Protection Act of 2006. 2007.
  31. ^ Mitnick, K (2002): "The Art of Deception", p. 103 Wiley Publishing Ltd: Indianapolis, Indiana; United States of America. ISBN 0-471-23712-4
  32. ^ HP chairman: Use of pretexting 'embarrassing' Stephen Shankland, 8 September 2006 1:08 PM PDT CNET News.com
  33. ^ "Calif. court drops charges against Dunn". CNET. 14 March 2007. Retrieved 11 April 2012.

Further reading Edit

  • Boyington, Gregory. (1990). 'Baa Baa Black Sheep' Published by Gregory Boyington ISBN 0-553-26350-1
  • Harley, David. 1998 Re-Floating the Titanic: Dealing with Social Engineering Attacks EICAR Conference.
  • Laribee, Lena. June 2006 Development of methodical social engineering taxonomy project Master's Thesis, Naval Postgraduate School.
  • Leyden, John. 18 April 2003. Office workers give away passwords for a cheap pen. The Register. Retrieved 2004-09-09.
  • Long, Johnny. (2008). No Tech Hacking – A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing Published by Syngress Publishing Inc. ISBN 978-1-59749-215-7
  • Mann, Ian. (2008). Hacking the Human: Social Engineering Techniques and Security Countermeasures Published by Gower Publishing Ltd. ISBN 0-566-08773-1 or ISBN 978-0-566-08773-8
  • Mitnick, Kevin, Kasperavičius, Alexis. (2004). CSEPS Course Workbook. Mitnick Security Publishing.
  • Mitnick, Kevin, Simon, William L., Wozniak, Steve,. (2002). The Art of Deception: Controlling the Human Element of Security Published by Wiley. ISBN 0-471-23712-4 or ISBN 0-7645-4280-X
  • Hadnagy, Christopher, (2011) Social Engineering: The Art of Human Hacking Published by Wiley. ISBN 0-470-63953-9
  • N.J. Evans. (2009). "Information Technology Social Engineering: An Academic Definition and Study of Social Engineering-Analyzing the Human Firewall." Graduate Theses and Dissertations. 10709. https://lib.dr.iastate.edu/etd/10709
  • Z. Wang, L. Sun and H. Zhu. (2020) "Defining Social Engineering in Cybersecurity," in IEEE Access, vol. 8, pp. 85094-85115, doi: 10.1109/ACCESS.2020.2992807.

External links Edit

 
Wikimedia Commons has media related to Social engineering (security).
  • Social Engineering Fundamentals – Securityfocus.com. Retrieved 3 August 2009.
  • . Light Reading Inc. 7 June 2006. Archived from the original on 13 July 2006. Retrieved 23 April 2014.
  • Should Social Engineering be a part of Penetration Testing? – Darknet.org.uk. Retrieved 3 August 2009.
  • "Protecting Consumers' Phone Records", Electronic Privacy Information Center US Committee on Commerce, Science, and Transportation. Retrieved 8 February 2006.
  • Plotkin, Hal. . Retrieved 9 September 2006.

October 13, 2023
social, engineering, security, influencing, attitudes, social, behaviors, large, scale, social, engineering, political, science, context, information, security, social, engineering, psychological, manipulation, people, into, performing, actions, divulging, con. For the influencing of attitudes and social behaviors on a large scale see social engineering political science In the context of information security social engineering is the psychological manipulation of people into performing actions or divulging confidential information A type of confidence trick for the purpose of information gathering fraud or system access it differs from a traditional con in that it is often one of many steps in a more complex fraud scheme 1 It has also been defined as any act that influences a person to take an action that may or may not be in their best interests 2 OPSEC alert Contents 1 Techniques and terms 2 Other concepts 2 1 Pretexting 2 2 Water holing 2 3 Baiting 3 Examples of social engineers 3 1 Susan Headley 3 2 Mike Ridpath 3 3 Badir Brothers 3 4 Christopher J Hadnagy 4 Law 4 1 Pretexting of telephone records 4 2 Federal legislation 4 3 1st Source Information Specialists 4 4 Hewlett Packard 5 References 6 Further reading 7 External linksTechniques and terms EditAll social engineering techniques are based on attributes of human decision making known as cognitive biases 3 4 One example of social engineering is an individual who walks into a building and posts an official looking announcement to the company bulletin that says the number for the help desk has changed So when employees call for help the individual asks them for their passwords and IDs thereby gaining the ability to access the company s private information Another example of social engineering would be that the hacker contacts the target on a social networking site and starts a conversation with the target Gradually the hacker gains the trust of the target and then uses that trust to get access to sensitive information like password or bank account details 5 Other concepts EditPretexting Edit Main article Pretexting Pretexting adj pretextual is the act of creating and using an invented scenario the pretext to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances 6 An elaborate lie it most often involves some prior research or setup and the use of this information for impersonation e g date of birth Social Security number last bill amount to establish legitimacy in the mind of the target 7 Water holing Edit Main article Watering hole attack Water holing is a targeted social engineering strategy that capitalizes on the trust users have in websites they regularly visit The victim feels safe to do things they would not do in a different situation A wary person might for example purposefully avoid clicking a link in an unsolicited email but the same person would not hesitate to follow a link on a website they often visit So the attacker prepares a trap for the unwary prey at a favored watering hole This strategy has been successfully used to gain access to some supposedly very secure systems 8 Baiting Edit Baiting is like the real world Trojan horse that uses physical media and relies on the curiosity or greed of the victim 9 In this attack attackers leave malware infected floppy disks CD ROMs or USB flash drives in locations people will find them bathrooms elevators sidewalks parking lots etc give them legitimate and curiosity piquing labels and wait for victims Unless computer controls block infections insertion compromises PCs auto running media Hostile devices can also be used 10 For instance a lucky winner is sent a free digital audio player compromising any computer it is plugged to A road apple the colloquial term for horse manure suggesting the device s undesirable nature is any removable media with malicious software left in opportunistic or conspicuous places It may be a CD DVD or USB flash drive among other media Curious people take it and plug it into a computer infecting the host and any attached networks Again hackers may give them enticing labels such as Employee Salaries or Confidential 11 One study published in 2016 had researchers drop 297 USB drives around the campus of the University of Illinois The drives contained files on them that linked to webpages owned by the researchers The researchers were able to see how many of the drives had files on them opened but not how many were inserted into a computer without having a file opened Of the 297 drives that were dropped 290 98 of them were picked up and 135 45 of them called home 12 Examples of social engineers EditSusan Headley Edit Susan Headley became involved in phreaking with Kevin Mitnick and Lewis de Payne in Los Angeles but later framed them for erasing the system files at US Leasing after a falling out leading to Mitnick s first conviction She retired to professional poker 13 Mike Ridpath Edit Mike Ridpath Security consultant published author and speaker Previous member of w00w00 Emphasizes techniques and tactics for social engineering cold calling Became notable after his talks where he would play recorded calls and explain his thought process on what he was doing to get passwords through the phone and his live demonstrations 14 15 16 17 18 As a child Ridpath was connected with Badir Brothers and was widely known within the phreaking and hacking community for his articles with popular underground ezines such as Phrack B4B0 and 9x on modifying Oki 900s blueboxing satellite hacking and RCMAC 19 20 Badir Brothers Edit Brothers Ramy Muzher and Shadde Badir all of whom were blind from birth managed to set up an extensive phone and computer fraud scheme in Israel in the 1990s using social engineering voice impersonation and Braille display computers 21 22 Christopher J Hadnagy Edit Christopher J Hadnagy is an American social engineer and information technology security consultant He is best known as an author of 4 books on social engineering and cyber security 23 24 25 26 and founder of Innocent Lives Foundation an organization that helps tracking and identifying child trafficking by seeking the assistance of information security specialists using data from open source intelligence OSINT and collaborating with law enforcement 27 28 Law EditIn common law pretexting is an invasion of privacy tort of appropriation 29 Pretexting of telephone records Edit In December 2006 United States Congress approved a Senate sponsored bill making the pretexting of telephone records a federal felony with fines of up to 250 000 and ten years in prison for individuals or fines of up to 500 000 for companies It was signed by President George W Bush on 12 January 2007 30 Federal legislation Edit The 1999 Gramm Leach Bliley Act GLBA is a U S Federal law that specifically addresses pretexting of banking records as an illegal act punishable under federal statutes When a business entity such as a private investigator SIU insurance investigator or an adjuster conducts any type of deception it falls under the authority of the Federal Trade Commission FTC This federal agency has the obligation and authority to ensure that consumers are not subjected to any unfair or deceptive business practices US Federal Trade Commission Act Section 5 of the FTCA states in part Whenever the Commission shall have reason to believe that any such person partnership or corporation has been or is using any unfair method of competition or unfair or deceptive act or practice in or affecting commerce and if it shall appear to the Commission that a proceeding by it in respect thereof would be to the interest of the public it shall issue and serve upon such person partnership or corporation a complaint stating its charges in that respect The statute states that when someone obtains any personal non public information from a financial institution or the consumer their action is subject to the statute It relates to the consumer s relationship with the financial institution For example a pretexter using false pretenses either to get a consumer s address from the consumer s bank or to get a consumer to disclose the name of their bank would be covered The determining principle is that pretexting only occurs when information is obtained through false pretenses While the sale of cell telephone records has gained significant media attention and telecommunications records are the focus of the two bills currently before the United States Senate many other types of private records are being bought and sold in the public market Alongside many advertisements for cell phone records wireline records and the records associated with calling cards are advertised As individuals shift to VoIP telephones it is safe to assume that those records will be offered for sale as well Currently it is legal to sell telephone records but illegal to obtain them 31 1st Source Information Specialists Edit U S Rep Fred Upton R Kalamazoo Michigan chairman of the Energy and Commerce Subcommittee on Telecommunications and the Internet expressed concern over the easy access to personal mobile phone records on the Internet during a House Energy amp Commerce Committee hearing on Phone Records For Sale Why Aren t Phone Records Safe From Pretexting Illinois became the first state to sue an online records broker when Attorney General Lisa Madigan sued 1st Source Information Specialists Inc A spokeswoman for Madigan s office said The Florida based company operates several Web sites that sell mobile telephone records according to a copy of the suit The attorneys general of Florida and Missouri quickly followed Madigan s lead filing suits respectively against 1st Source Information Specialists and in Missouri s case one other records broker First Data Solutions Inc Several wireless providers including T Mobile Verizon and Cingular filed earlier lawsuits against records brokers with Cingular winning an injunction against First Data Solutions and 1st Source Information Specialists U S Senator Charles Schumer D New York introduced legislation in February 2006 aimed at curbing the practice The Consumer Telephone Records Protection Act of 2006 would create felony criminal penalties for stealing and selling the records of mobile phone landline and Voice over Internet Protocol VoIP subscribers Hewlett Packard Edit Patricia Dunn former chairwoman of Hewlett Packard reported that the HP board hired a private investigation company to delve into who was responsible for leaks within the board Dunn acknowledged that the company used the practice of pretexting to solicit the telephone records of board members and journalists Chairman Dunn later apologized for this act and offered to step down from the board if it was desired by board members 32 Unlike Federal law California law specifically forbids such pretexting The four felony charges brought on Dunn were dismissed 33 References Edit Anderson Ross J 2008 Security engineering a guide to building dependable distributed systems 2 ed Indianapolis IN Wiley p 1040 ISBN 978 0 470 06852 6 Chapter 2 page 17 Social Engineering Defined Security Through Education Retrieved 3 October 2021 Jaco K CSEPS Course Workbook 2004 unit 3 Jaco Security Publishing Kirdemir Baris 2019 HOSTILE INFLUENCE AND EMERGING COGNITIVE THREATS IN CYBERSPACE Centre for Economics and Foreign Policy Studies Hatfield Joseph M June 2019 Virtuous human hacking The ethics of social engineering in penetration testing Computers amp Security 83 354 366 doi 10 1016 j cose 2019 02 012 S2CID 86565713 The story of HP pretexting scandal with discussion is available at Davani Faraz 14 August 2011 HP Pretexting Scandal by Faraz Davani Retrieved 15 August 2011 via Scribd Pretexting Your Personal Information Revealed Federal Trade Commission Chinese Espionage Campaign Compromises Forbes com to Target US Defense Financial Services Companies in Watering Hole Style Attack invincea com 10 February 2015 Retrieved 23 February 2017 Social Engineering the USB Way Light Reading Inc 7 June 2006 Archived from the original on 13 July 2006 Retrieved 23 April 2014 Archived copy PDF Archived from the original PDF on 11 October 2007 Retrieved 2 March 2012 a href Template Cite web html title Template Cite web cite web a CS1 maint archived copy as title link Conklin Wm Arthur White Greg Cothren Chuck Davis Roger Williams Dwayne 2015 Principles of Computer Security Fourth Edition Official Comptia Guide New York McGraw Hill Education pp 193 194 ISBN 978 0071835978 Raywood Dan 4 August 2016 BHUSA Dropped USB Experiment Detailed info security Retrieved 28 July 2017 Hafner Katie August 1995 Kevin Mitnick unplugged Esquire 124 2 80 9 Social Engineering Manipulating the human Scorpio Net Security Services 16 May 2013 ISBN 9789351261827 Retrieved 11 April 2012 Niekerk Brett van Mobile Devices and the Military useful Tool or Significant Threat Proceedings of the 4Th Workshop on Ict Uses in Warfare and the Safeguarding of Peace 2012 Iwsp 2012 and Journal of Information Warfare academia edu Retrieved 11 May 2013 Social Engineering Manipulating the human YouTube Retrieved 11 April 2012 BsidesPDX Track 1 10 07 11 02 52PM BsidesPDX Track 1 10 07 11 02 52PM BsidesPDX on USTREAM Conference Ustream tv 7 October 2011 Archived from the original on 4 August 2012 Retrieved 11 April 2012 Automated Social Engineering BrightTALK 29 September 2011 Retrieved 11 April 2012 Social Engineering a General Approach PDF Informatica Economica journal Retrieved 11 January 2015 Cyber Crime Hays 7 November 2018 ISBN 9781839473036 Retrieved 11 January 2020 Wired 12 02 Three Blind Phreaks Wired 14 June 1999 Retrieved 11 April 2012 Social Engineering A Young Hacker s Tale PDF 15 February 2013 Retrieved 13 January 2020 a href Template Cite journal html title Template Cite journal cite journal a Cite journal requires journal help 43 Best Social Engineering Books of All Time BookAuthority Retrieved 22 January 2020 Bens Book of the Month Review of Social Engineering The Science of Human Hacking RSA Conference 31 August 2018 Retrieved 22 January 2020 Book Review Social Engineering The Science of Human Hacking The Ethical Hacker Network 26 July 2018 Retrieved 22 January 2020 Hadnagy Christopher Fincher Michele 22 January 2020 Phishing Dark Waters The Offensive and Defensive Sides of Malicious E mails ISACA Retrieved 22 January 2020 WTVR Protect Your Kids from Online Threats Larson Selena 14 August 2017 Hacker creates organization to unmask child predators CNN Retrieved 14 November 2019 Restatement 2d of Torts 652C Congress outlaws pretexting 109th Congress 2005 2006 H R 4709 Telephone Records and Privacy Protection Act of 2006 2007 Mitnick K 2002 The Art of Deception p 103 Wiley Publishing Ltd Indianapolis Indiana United States of America ISBN 0 471 23712 4 HP chairman Use of pretexting embarrassing Stephen Shankland 8 September 2006 1 08 PM PDT CNET News com Calif court drops charges against Dunn CNET 14 March 2007 Retrieved 11 April 2012 Further reading EditBoyington Gregory 1990 Baa Baa Black Sheep Published by Gregory Boyington ISBN 0 553 26350 1 Harley David 1998 Re Floating the Titanic Dealing with Social Engineering Attacks EICAR Conference Laribee Lena June 2006 Development of methodical social engineering taxonomy project Master s Thesis Naval Postgraduate School Leyden John 18 April 2003 Office workers give away passwords for a cheap pen The Register Retrieved 2004 09 09 Long Johnny 2008 No Tech Hacking A Guide to Social Engineering Dumpster Diving and Shoulder Surfing Published by Syngress Publishing Inc ISBN 978 1 59749 215 7 Mann Ian 2008 Hacking the Human Social Engineering Techniques and Security Countermeasures Published by Gower Publishing Ltd ISBN 0 566 08773 1 or ISBN 978 0 566 08773 8 Mitnick Kevin Kasperavicius Alexis 2004 CSEPS Course Workbook Mitnick Security Publishing Mitnick Kevin Simon William L Wozniak Steve 2002 The Art of Deception Controlling the Human Element of Security Published by Wiley ISBN 0 471 23712 4 or ISBN 0 7645 4280 X Hadnagy Christopher 2011 Social Engineering The Art of Human Hacking Published by Wiley ISBN 0 470 63953 9 N J Evans 2009 Information Technology Social Engineering An Academic Definition and Study of Social Engineering Analyzing the Human Firewall Graduate Theses and Dissertations 10709 https lib dr iastate edu etd 10709 Z Wang L Sun and H Zhu 2020 Defining Social Engineering in Cybersecurity in IEEE Access vol 8 pp 85094 85115 doi 10 1109 ACCESS 2020 2992807 External links Edit nbsp Wikimedia Commons has media related to Social engineering security Social Engineering Fundamentals Securityfocus com Retrieved 3 August 2009 Social Engineering the USB Way Light Reading Inc 7 June 2006 Archived from the original on 13 July 2006 Retrieved 23 April 2014 Should Social Engineering be a part of Penetration Testing Darknet org uk Retrieved 3 August 2009 Protecting Consumers Phone Records Electronic Privacy Information Center US Committee on Commerce Science and Transportation Retrieved 8 February 2006 Plotkin Hal Memo to the Press Pretexting is Already Illegal Retrieved 9 September 2006 Retrieved from https en wikipedia org w index php title Social engineering security amp oldid 1179738600, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.