This document discusses four methods of social engineering attacks: piggybacking, phishing, impersonating a delivery person, and impersonating tech support. For each method, it provides an example and explains how the attack works and how attackers are able to obtain data through each method. Piggybacking involves following someone into a secured building. Phishing involves sending fraudulent emails to trick people into providing personal information. Impersonating delivery people or tech support allows attackers to gain physical access to computers in order to steal data directly. All of these methods exploit human trust and lack of caution.
1.
C3 Ethical Issues
Devlin Ceretti, Jenny Duong, Steven Lam
Tuesday, May 10, 2016
Piggybacking Phishing Delivery Person Tech Support
What is it/example? A way for a
person to gain
access to a
secured building
even if it has
smartcard passes
or biometrics.
Example:
When an
employee of the
company allow
individuals into a
secured door by
holding it open for
them because the
individual appears
to still be
searching for their
pass.
The practice of
sending emails
appearing to be
from a reputable
sources with the
goal of
influencing or
gain personal
information.
Several different
forms of attacks
that are
commonly used
via phishing.
People that
impersonate a
delivery person or
someone delivering
a package. They do
this in order to gain
access into a
building then just
use a USB to take
data straight from a
computer.
Example:
In 2007, a person
posed as a delivery
person, and robbed
Ernest Rady, a
billionaire who lives
in San Diego. The
person knocked at
the door claiming to
be a delivery
person, and
Ernest’s wife
opened the door for
him.
A person who uses
social engineering
to impersonate a
tech support worker.
Example:
A person that is
impersonating a
tech support worker
goes into
someone's house
and compromises
their computers
data through a USB
or just through
physically looking
through the
computer
Why it works? It works because it
is very easy for
the individual to
scam the
employee, the
individual could
dress up as an
employee working
there since the
company is a big
business, not
everyone know
who works there
or not so the
individual could
The attack
appears as
someone/somet
hing that they
are not, and lies
to users as if
they are selling
products.
People that order
something like a
pizza will assume
the person is just
gonna give you
what you order and
will usually not even
think or notice they
got anywhere close
to your computer
People don't think
twice when they
request a tech
support worker they
can just let
themselves into
someone's
computer. Most
people don’t
properly protect
their files so they
can be taken easily
with access to the
physical PC