| Re: NFC: HP and "Pretexting" | <– Date –> <– Thread –> |
From: Dave Craig (dave.craig sbcglobal.net)
|
|
| Date: Thu, 28 Sep 2006 12:03:29 -0700 (PDT) | |
Jim, This explains where the term comes from. Social Engineering Techniques/Terms http://en.wikipedia.org/wiki/Social_engineering_(computer_security) <<All Social Engineering techniques are based on flaws in human logic known as cognitive biases. These bias flaws are used in various combinations to create attack techniques. Pretexting Pretexting is the act of creating and using an invented scenario (the pretext) to obtain information from a target, usually over the telephone. It is more than a simple lie, as it regularly involves some prior research and the use of pieces of known information (e.g., Birthday, Social Security Number, last bill amount) to establish legitimacy in the mind of the target. The purpose is often to trick a business into disclosing customer information, and is used by private investigators to obtain telephone records, utility records, banking records and other information directly from junior company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager (e.g., to make account changes, get specific balances, etc). As most U.S. companies still authenticate a client by asking only for a Social Security Number, Birthday, or Mother's maiden name - all of which are easily obtained from public records - the method is extremely effective and will likely continue to work well until a more stringent identification method is adopted. Phishing Phishing applies to email appearing to come from a legitimate business - a bank, Paypal, or credit card company - requesting "verification" of information and warning of some dire consequence if it is not done. The letter usually contains a link to a fradulent web page that looks legitimate - with company logos and content - and has a form requesting everything from a home address to an ATM card pin number. See phishing for more examples. Trojan Horse / Gimmes Gimmes take advantage of curiosity or greed to deliver malware. Also known as a Trojan Horse, gimmes can arrive as an email attachment promising anything from a cool or sexy screen saver, an important anti-virus or system upgrade, or even the latest dirt on an employee. The recipient is expected to give in to the need to see the program and open the attachment. In addition, many users will blindly click on any attachments they receive that seem even mildly legitimate. See Trojan horse (computing) for more examples. Quid pro Quo Something for something: An attacker calls random numbers at a company claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will "help" solve the problem and in the process have the user type commands that give the attacker access and/or launch malware. In a 2003 Infosecurity survey, 90% of office workers outside of their building gave away their password in answer to a survey question in exchange for a cheap pen. >> -----Original Message----- From: Jim Conforti [mailto:lndshrk [at] xmission.com] Sent: Thursday, September 28, 2006 1:33 PM To: Dave Craig Cc: The FerrariList Subject: [Ferrari] NFC: HP and "Pretexting" OK, Excuse the interruption but as this is heating up: We have many CEO's on this list, and many Lawyers. Would someone please tell me where this concept of "Pretexting" comes from? Well, more the NAME than the concept. The concept is lying and fraud. If you LIE over an Interstate Wire Facility in order to get something of value, that's WIRE FRAUD. "Pretexting" sounds so happy and benign. It's like calling murder "Easter Bunny". "Two people were Easter Bunnied in an early morning westside shooting" Oh, and if any of you folks actually know this Silicon Valley lawyer "Larry Sonsini" someone kick him in his nuts for me. What kind of mushbrained thinking tells someone that committing FRAUD is OK as long as we call it something benign. _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.ferrarilist.com/mailman/options/ferrari/dave.craig%40sbcglobal. net Sponsored by BidNip.com eBay Auction Sniper
-
NFC: HP and "Pretexting" Jim Conforti, September 28 2006
- Re: NFC: HP and "Pretexting" Dave Craig, September 28 2006
Results generated by Tiger Technologies Web hosting using MHonArc.