Social Engineering, Email Harvesting
by John Smith LearnerSocial engineering is usually understood as a technology that
manipulates people to take action and disclose sensitive information. Similar
to trust fraud or simple fraud, the term generally refers to fraud or fraud aimed
at gathering information, fraud, or accessing computer systems. In most cases,
the attacker does not face the victim directly.
We are talking about the skimmer that spammers use to collect
legitimate email addresses from their contact list. There are many ways to
collect messages, but my focus is on "mail forwarding."
Creating an email account usually starts creating a contact list that
includes email addresses for friends, family, colleagues, and so on. Over time,
you will have many contacts on your roster.
Email forwarding
Forwarding is a very useful feature available in almost all email
clients. This allows you to send an email to another recipient. But keep in
mind that forwarded emails include the sender's original email address and all
other forwarded addresses from the same instance.
The collection script is an
email
Let's say you are a good person with 50 contacts in your email and
your email account. BadGuy sends you an email with a very emotional religious
message, a very sweet joke, or a compelling offer of something you might be
crazy about. I feel guilty about transferring it to at least 10 friends,
including Bad Guy. And you will end up in good faith. Now your 10 contact
friends will receive a discreet email with the same steps to "send to at
least 10 friends". At the same time, BadGuy receives a copy of each detour
from the recursive sender.
Simply put, if you send an email to 10 contacts, they will do the same
in good faith, and the third round will do the same. "This is
happening"
1 + 10 ^ 1 + 10 ^ 2 + 10 ^ 3 Approximately 1000 email contacts are
collected in just 3 rounds, but this continues to grow, depending on the number
of redirects to the number of forwarded contacts increase. Then you and your
friends begin to receive some work messages from services you have never
visited or heard of. And you wonder how they received my email. Well, I gave it
to him. In fact, you even helped them receive some messages from your friends.
This is a social engineering effect, and email will manipulate your
psychological conscience and make you think you are doing something good to
respond. In return, you fall into someone's social engineering scam.
Solution
There is no software to counter Social
Engineering Attack. You are the one who provides the information, performs
operations, and allows the application to process sensitive personal
information. It is important to raise awareness, change the culture of working
styles, and reveal sensitive information.
To avoid being the victim of
social engineering attacks:
Suspect unnecessary contact from people looking for information or
personal information within your organization.
Please do not provide personal information or passwords by email or
phone.
Do not provide information about your organization.
Note the URLs of websites that use spelling variations or different
domains (for example, .com and net).
Please contact the company directly to confirm your application.
Install and maintain antivirus software, security allied, and email
filters.
If you suspect you is a victim of a social engineering attack:
Please report the accident immediately.
Contact your financial institution to monitor account activity.
Change all passwords now.
Report the attack to the police and report to the authorities.
Sponsor Ads
Created on Sep 5th 2021 06:28. Viewed 236 times.