Social Engineering, Email Harvesting

by John Smith Learner

Social engineering is usually understood as a technology that manipulates people to take action and disclose sensitive information. Similar to trust fraud or simple fraud, the term generally refers to fraud or fraud aimed at gathering information, fraud, or accessing computer systems. In most cases, the attacker does not face the victim directly.

 

We are talking about the skimmer that spammers use to collect legitimate email addresses from their contact list. There are many ways to collect messages, but my focus is on "mail forwarding."

 

Creating an email account usually starts creating a contact list that includes email addresses for friends, family, colleagues, and so on. Over time, you will have many contacts on your roster.

 

Email forwarding

 

Forwarding is a very useful feature available in almost all email clients. This allows you to send an email to another recipient. But keep in mind that forwarded emails include the sender's original email address and all other forwarded addresses from the same instance.

 

The collection script is an email

 

Let's say you are a good person with 50 contacts in your email and your email account. BadGuy sends you an email with a very emotional religious message, a very sweet joke, or a compelling offer of something you might be crazy about. I feel guilty about transferring it to at least 10 friends, including Bad Guy. And you will end up in good faith. Now your 10 contact friends will receive a discreet email with the same steps to "send to at least 10 friends". At the same time, BadGuy receives a copy of each detour from the recursive sender.

 

Simply put, if you send an email to 10 contacts, they will do the same in good faith, and the third round will do the same. "This is happening"

 

1 + 10 ^ 1 + 10 ^ 2 + 10 ^ 3 Approximately 1000 email contacts are collected in just 3 rounds, but this continues to grow, depending on the number of redirects to the number of forwarded contacts increase. Then you and your friends begin to receive some work messages from services you have never visited or heard of. And you wonder how they received my email. Well, I gave it to him. In fact, you even helped them receive some messages from your friends.

 

This is a social engineering effect, and email will manipulate your psychological conscience and make you think you are doing something good to respond. In return, you fall into someone's social engineering scam.

 

Solution

 

There is no software to counter Social Engineering Attack. You are the one who provides the information, performs operations, and allows the application to process sensitive personal information. It is important to raise awareness, change the culture of working styles, and reveal sensitive information.

 

To avoid being the victim of social engineering attacks:

 

Suspect unnecessary contact from people looking for information or personal information within your organization.

Please do not provide personal information or passwords by email or phone.

Do not provide information about your organization.

Note the URLs of websites that use spelling variations or different domains (for example, .com and net).

Please contact the company directly to confirm your application.

Install and maintain antivirus software, security allied, and email filters.

If you suspect you is a victim of a social engineering attack:

 

Please report the accident immediately.

Contact your financial institution to monitor account activity.

Change all passwords now.

Report the attack to the police and report to the authorities.

Sponsor Ads

• Ad Space Available - Rent it Now!

Created on Sep 5th 2021 06:28. Viewed 236 times.

Comments