5 more dirty tricks: Social engineers' latest pick-up lines

Today's social engineers are getting very specific in their plans to manipulate their marks

By , CSO |  Security, social engineering

You may now be savvy enough to know that when a friend reaches out on Facebook and says they've been mugged in London and are in desperate need of cash, that it's a scam. But social engineers, the criminals that pull off these kinds of ploys by trying to trick you, are one step ahead.

Social engineering attacks are getting more specific, according to Chris Hadnagy author of Social Engineering: The Art of Human Hacking.

"Targeted attacks are earning social engineers better results," he said.

[Also read the original 9 dirty tricks: Social engineers' favorite pickup lines]

What that means is they may need to do more work to find out personal information, and it may take longer, but the payoff is often larger.

"Attacks now are not just a broad spam effort, sending out a million emails with an offer for Viagra," said Hadnagy. "These are now individual attacks where they are going after people one by one."

Here are five new scams circulating that employ much more individual involvement.

"This is Microsoft support --we want to help"

Hadnagy says a new kind of attack is hitting many people lately. It starts with a phone call from someone claiming to be from Microsoft support, calling because an abnormal number of errors have been originating from your computer.

"The person on the other end says they want to help fix it because there is a bug and they have been making calls to licensed Windows users," explained Hadnagy. "All of the pretext makes sense; you are a licensed Windows user, you own a machine with Windows on it and she wants to prove it to you."

The caller tells the victim to go to the event log and walks them through the steps to get to the system log.

"Every Windows user will have tons of errors in the event log, simply because little things happen; a service crashes, something doesn't start. There are always errors," said Hadnagy. "But when a non-experienced user opens it up and sees all these critical errors, it looks scary."

At that point, the victim is eagerly ready to do whatever the alleged "support" person wants them to do. The social engineer advises them to go to Teamviewer.com, a remote-access service that will give them control of the machine.

Originally published on CSO |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question