Home | Solutions Blog | social engineering
Posts tagged "social engineering"
Businesses often make fraud training boring! And that’s bad for their bottom line, because no one ends up remembering anything about the subject.
Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s happening. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.
Posted in Fraud Detection & Prevention, Identity Theft Prevention by Identity Theft Speaker John Sileo.
Tags: Detection Fraud, Engineering Social, Expert, Fraud Detection, Fraud Speaker, Fraud Training, social engineering, Training Fraud
What started in 1997 as a research project and a mission as the way to organize the world’s information has turned into the worlds largest search engine. Google has given anyone with an Internet connection access to more information than they realize. With such quick access to information, you need to be careful what you put on the World Wide Web and realize what is contained in your Google History. Remember, posts – and searches – are permanent. Here are a few privacy issues when it comes to Google:
1. Google’s Cookie and Toolbar. When you use their search engine, Google places a self-renewing cookie with a unique ID number on your hard disk. As you search websites, Google records your surfing activity and saves your searches. There are ways to change your Internet options to stop the cookie tracking and you can learn more by visiting www.google.com/support/accounts/.Remember, nothing you do on the Internet is private; it is all tracked, aggregated, analyzed, sold and used for a variety of purposes (many of them good). The advanced features of Google’s new toolbar for Internet Explorer not only updates automatically, but it also tracks which websites you visit.
Posted in Identity Theft Prevention by Identity Theft Speaker John Sileo.
Tags: Google History, Google Privacy, John Sileo, John Sileo Identity theft Expert, social engineering, Social Networking Speaker
During your fraud training exercises, fostering an attitude of curiosity (or in the corporate world, a culture of curiosity) is the most powerful critical thinking skill in your arsenal of tools to protect sensitive information. Employees who can think critically and ask the right questions regarding data privacy make up the fabric that supports a Culture of Privacy. Interrogation is the art of questioning someone thoroughly and assertively to verify intentions, identities and facts.
Questions: Who’s in Control? Can I Verify? What are my Options? What are the Benefits?
When spies need information, they ask for it. They “socially engineer” or con their victims with a variety of tools.
The primary tool for evaluating risk once your reflexes have been triggered (Hogwash) is to interrogate the person or institution asking for your information. Interrogation is not meant to be about forceful or physical questioning. I define interrogation as clear, aggressive questioning used to establish whom you can trust, how far you can trust them, and with what information.
Posted in Fraud Detection & Prevention, Identity Theft Prevention by Identity Theft Speaker John Sileo.
Tags: Data Breach, Engineering Social, Fraud Training, John Sileo, Privacy Means Profit, social engineering, Training Fraud
If it seems too good to be true, it probably is.
That is the best way to Think Like A Spy and be alert of Social Engineers that are trying to manipulate you. With such a gloomy economy and many people without work, offers for fast cash and huge discounts become more and more attractive. Most of these Identity Theft cases use the technique of Social Engineering.
Social Engineering is the act of manipulating people into performing actions or divulging confidential information by playing on their human emotions. The term typically applies to deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. These days most thieves can nab your identity over the phone, mail, email, and through social networking sites such as Facebook and Twitter.
Posted in Fraud Detection & Prevention, Identity Theft Prevention, Online Privacy by Identity Theft Speaker John Sileo.
Tags: Facebook, Human Emotions, identity theft expert, Identity Theft Prevention, John Sileo, Online/Social Media Privacy, social engineering, Think Like A Spy, twitter
The Privacy Reflex
When I am training corporate executives, managers and employees to detect fraud and social engineering (manipulative information-gathering techniques), I take them through what it feels like to be conned. In other words, I actually socially engineer them several times throughout the presentation so that they begin to reflexively sense when more fraud is coming. There is no substitute for experiencing this first hand.
The Trigger—Requests for Identity
Spies are trained to instantly react when anyone asks for information of any kind, whether it is theirs or someone else’s. The trigger, or what causes you to be on high alert, is actually very simple—it is the appearance of your identity in any form (wallet, credit card, tax form, passport, driver’s license, etc.). Anytime someone requests or has access to any of the names, numbers or attributes that make up your identity, or to the paper, plastic, digital or human data where your identity lives, the trigger should trip and sound an alarm in your head.
Posted in Identity Theft Prevention by Identity Theft Speaker John Sileo.
Tags: Data Breach, Hogwash, identity theft expert, Identity Theft Prevention, Identity Theft Speaker, John Sileo, Privacy, social engineering
Tareq and Michaele Salahi — Washington socialites are not just known for their possible roles in the upcoming “The Real Housewives of Washington,” but for being seen arriving at the White House State Dinner. The problem was that they weren’t on the guest list, but managed to work their way inside what is supposed to be the most secure party.
The couple took to Facebook to document their party-crashing, and on Wednesday, Michaele Salahi’s Facebook page included photos of the couple at the dinner. The Salahis weren’t exposed until journalists caught sight of pictures showing the Salahis posing with President Barack Obama, Vice President Joe Biden and others. In the aftermath, the security breach looked more like a publicity stunt than a security threat. The Secret Service admitted that they did not verify at each checkpoint that this couple was on the invitation list. In other words, they missed the second cardinal rule of security, Verify.
Posted in Online Privacy by Identity Theft Speaker John Sileo.
Tags: Facebook, identity theft expert, Identity Theft Speaker, John Sileo, Online/Social Media Privacy, social engineering, social networking, White House, White House Party Crashers
You’ve probably seen in the news that a hacker gained access into Sarah Palin’s Yahoo.com email account. The hacker used a simple scheme and basic social engineering tools (research on Google and Wikipedia, common-sense guessing) to reset the password on the account and assume ownership of her email. [For a full account of how a professor, Herbert H. Thompson, used these tools to steal a friends identity (with their permission), visit his recent and extremely interesting article, How I Stole Someone’s Identity and the companion radio interview.]
In addition to denying Governor Palin access to her own account, the hacker had full control to:
- Read every saved and current email in her account (hopefully she never sent her Social Security Number, passwords or account numbers via email, not to mention correspondence pertaining to her role as candidate for Vice President of the U.S.)
- Steal the email addresses and any other sensitive information stored in her contacts (John McCain might want to change his email address)
- Send out emails as if the hacker were Sarah Palin, or worse yet, send out official emails as Alaskan Governor, Sarah Palin
The potential for abuse is mind boggling. Sarah Palin should take immediate steps to protect her stolen identity and to secure her future privacy. Here are a sampling of the steps I would recommend:
Posted in Identity Theft Prevention by Identity Theft Speaker John Sileo.
Tags: Expert, governor palin, id theft, Identity Theft Prevention, palin, sarah palin, social engineering, Speaker, yahoo email