Last week in class, we talked a lot about social engineering. It is amazing to me that people lie to other people who trust them and believe that what they are saying is true. It really made me interested in how many times this happens to everyday people who are unsuspecting, not only in a work environment, but in everyday life. Some people, while searching through their e-mail or looking through their mail, don't know the risks of social engineering, so when something good comes along, they don't realize that it could be fake and a trick.
In a work environment, like stated in class, it is very easy to trick someone into giving you the information that you need. Pretending to be someone else over the phone really isn't that difficult. If a person were just to observe the company and the people in it for a week, they could probably find out something that would help them to trick other people who work there into getting passwords, codes, or anything else needed to break in the systems and steal all of the company's information. To me, that is terrifying.
In class, we also talked about Kevin Mitnick. I found his story so interesting. He was able to trick so many people in some many different companies to freely give him all of the information he needed. It is so scary that all a computer hacker could need in order to get what they wanted would be a good personality. All Kevin Mitnick used to get what he wanted was social engineering. If he can do it, who's to say that there aren't many more people out there doing this also.
It's surprising to me how the human element seems more vulnerable than automation. Computer systems can be broken into, but it seems almost easier to just contact someone at a company and coax them into revealing their information.
ReplyDeleteThe Kevin Mitnik guy scared me. It made it real that anyone could get your personal information. The video and talking about it in class made me realize how simple it can be. With just one click to your computer can be effected & all of your personal information taken or hacked into.
ReplyDeleteI liked the free pizza example in class. If you show people documentation and act like a professional, anybody will buy it. I remember when my family first bought a computer back in 1998, and I was new to the computer scene. I got an e-mail one day that looked like it was from AOL, and it was asking for my user id and password. It was even asking for a credit card number. It just makes me think "How can people be so deceiving?" This is what is referred to as "phishing" or trying to get information out of somebody by making them think that they need to give you that information or something bad will happen. If only I could see who was on the other side of that e-mail.
ReplyDeleteThis is pretty scary how easy it is to trick people. Plus the people who trick them are pretty darn smart for thinking of the different ways to get information. I doubt I could ever do this.
ReplyDelete