MSN Home  |  My MSN  |  Hotmail
Sign in to Windows Live ID Web Search:   
go to MSNGroups 
Groups Home  |  My Groups  |  Help  
 
?
Important Announcement Important Announcement
The MSN Groups service will close in February 2009. You can move your group to Multiply, MSN’s partner for online groups. Learn More
Staying Safe Onlinestayingsafeonline@www.msnusers.com 
  
What's New
  Join Now
  Introduction  
  Lest We Forget  
  Code of Conduct  
  Messages  
  ____________  
  Child Safety  
  Adult Safety  
  Online Dating  
  Personal Pages  
  Cyberbullies  
  Harassment  
  Face to Face  
  Social Engineering  
  Online Petitions  
  ____________  
  Top Ten Complaints  
  ____________  
  Hackers  
  Passwords  
  Spyware  
  Backdoors  
  Viruses  
  Antivirus  
  Hoaxes  
  Phishing  
  Firewalls  
  Spam  
  Keystroke Loggers  
  ____________  
  Abbreviations  
  Netiquette  
  ____________  
  Documents  
  Pictures  
  Helpful Links  
  ___________  
  Copyrights  
  Bandwidth Theft  
  ___________  
  Hide your email  
  Upgrade Information  
  ___________  
  ____________  
  Promotional Coding  
  Promotions  
  Details  
  
  
  Tools  
 

Staying Safe Online
Social Engineering

What is Social Engineering?

The above are a couple examples of social engineering.  Simply put, social engineering is the art of getting people to do what you want them to do.  In the cracker world, it means getting a legitimate user of a system to give the cracker the means of accessing the system.  The cracker will employ various psychological tricks to manipulate a person's natural human tendancy to trust.  Strong technical and computer skills are not needed to pull off this sort of hack.  A social engineer's strongest feature is their social skills - they know how to get along well with people, are good listeners, and are good at picking up on small clues that people unwittingly let on about themselves.

Social engineering is a painstaking process though.  It takes time to gather enough information before launching an attack.  Information is collected a little at a time - an email address here, some personal information there, then a little monitoring of when the system is active, etc.

Social Engineering in MSN Groups

Take an MSN Group for example.  What little pieces of information are you leaving around that could compromise your group?  Let's see, a manager's email address that's showing.  That's a big piece of information.  Is there a birthday board?  A date of birth goes a long way into establishing your identity with MSN.  What else?  Pictures of the family?  Pet's names with their photos?  Are you spending a lot of time in the chat room telling your life story - what schools you went to, where you've lived?  Do you have a link to your family tree with your mother's maiden name on it?  Does everyone know your schedule, or routine for the day - get up, go online for a bit, work eight hours, come home, go online, make dinner, go back online, go to bed?  If you spend enough time with your members, at least one or two of them will be able to put enough information together to make a stab at your secret question, or even your password.

Methods of Social Engineering

Often victims are unaware of social engineering attacks as they are happening (although when they look back they can see it).  An attacker often won't ask for sensitive information right off the bat (under most circumstances).  They'll take their time to get to know the victim and extract what they want from them little, by little.  The questions will start off innocently, under the guise of friendliness, or being helpful.  If the victim seems a little hesitant about answering a question, the attacker will back off and try to regain the victim's trust again.

Another method of gaining a person's trust is to launch a small scale attack against them.  Then they will pose as a technical support person that is there to help them recover from the attack.  A victim will give a 'technical support' person all sorts of information about their computer system (another reason why I am against Hijack This logs being posted in groups).  Under the guise of helping the victim, the attacker is in fact gathering more information in order to launch a full scale attack.

Intimidation is also used at times.  Most people are conditioned to respond to authority figures.  A social engineer can pose as an authority figure in order to obtain information.  Name dropping is one means of establishing authority.  They can use their supposed 'status' to browbeat, rush, or outright ask the victim for the information they desire.

How to Deal with Social Engineering Attacks

There are a few things that you can do to protect yourself against a social engineering attack.  As with most things in life, prevention is the best policy.

  • Make sure your passwords are secure.  Check out our page on Passwords for more information on how to do this.
  • Make sure the answers to your secret questions are something that no one can guess at.  In fact, use an answer that is not related to the question at all.  For example if the question is:  What is your father's middle name?  The answer could be 'chocolate cake.'
  • Be careful about how much and what kind of information you give out online about yourself.  The info might be used to reconstruct a secret question answer, your password, show when you are not online to keep an eye on things, or be used to establish an identity in your name.
  • Be aware of some basic signals of a social engineering attack:  a refusal to give information that identifies the cracker as an authority figure; rushing the victim to provide information 'right away'; name-dropping; intimidation (You'll get reported to MSN is you don't do such-and-such, for example.); misspellings, odd or invasive questions; and directly asking for sensitive information.
  • Be aware that a cracker sometimes will try to establish a relationship of trust with you under the guise of helping you.

 

 

[What's New] [Code of Conduct] [General] [Child Safety] [Adult Safety] [Cyberbullies] [Personal Pages] [Harassment] [Social Engineering] [Hackers] [Passwords] [Spyware] [Backdoors] [Key Loggers] [Viruses] [Anti-virus Software] [Hoaxes] [Firewalls] [Spam] [Abbreviations] [Netiquette] [Copyrights] [Bandwidth Theft] [Promotional Coding]

This site is staffed by volunteers who simply wish to share the information they've learned with others.  We are in no way affiliated with any law agency, MSN, Internet service provider, or other organization.  This information is being shared to assist in protecting you online.  Please use this information in the spirit it was intended.

©zanshina 2008
All Rights Reserved
Notice: Microsoft has no responsibility for the content featured in this group. Click here for more info.
  Try MSN Internet Software for FREE!
    MSN Home  |  My MSN  |  Hotmail  |  Search
Feedback  |  Help  
  ©2005 Microsoft Corporation. All rights reserved.  Legal  Advertise  MSN Privacy