1. SPAM as social engineering
Prof. Dr. Ing. Remus BRAD
Lucian Blaga University of Sibiu
Computer Science Dept.
2. Spam as social engineering
What is Social Engineering ?
Is the unauthorized acquisition of sensitive
information or inappropriate access privileges by
a potential threat source, based upon the
building of an inappropriate trust relationship with
a legitimate user of an information technology
system.
The goal of social engineering is to trick someone
– providing valuable information
– access to that information
3. Spam as social engineering
What is Social Engineering ?
Preys on qualities of human nature:
• the desire to be helpful
• the tendency to trust people
• the fear of getting into trouble
The sign of a truly successful social engineer is
they receive information without raising any
suspicion as to what they are doing.
4. Spam as social engineering
What is Social Engineering ?
People are usually the weakest link in the security
chain
Social engineering is still the most effective method
getting around security obstacles
A skilled social engineer will often try to exploit this
weakness before spending time and effort on
other methods to crack passwords
5. Spam as social engineering
Social Engineering
In attempting to persuade someone to do
something, there are two methods a persuader
can employ:
• A direct request from the attacker
uses systematic, logical arguments to stimulate a
favorable response and prompting the recipient to
action
• An indirect request from the attacker
uses mental shortcuts, misrepresent their objectives to
trigger acceptance without thinking
6. Spam as social engineering
Social Engineering
Make prospective victims more susceptible to
persuasion by making some statement at the
outset that triggers a strong emotion such as:
Excitement
“The Dean is writing up an award nomination
for you and needs some additional information!”
“You’re a winner of our lottery”
Fear
“The Dean is waiting for this!”
7. Spam as social engineering
Social Engineering
Social engineering can be broken into:
• Human based
refers to person-to-person interactions to
retrieve the desired information
• Computer based
refers to having computer software that attempts
to retrieve the desired information
8. Spam as social engineering
Human-based Social Engineering
Impersonation - help desks are the most frequent
targets of social engineering attacks
– A Social Engineer calls the help desk
– Help desk is helpful
– Social engineer will often know names of employees
Important User - to pretend to be a senior
executive
– Help desk is less likely to turn down a request coming
from a high-level official
– Social engineer may threaten to report the employee
to their supervisor
9. Spam as social engineering
Human-based Social Engineering
Third-party Authorization - obtaining the name of
someone in the organization who has the
authority to grant access to information
– Mr. John DOE says its OK
– Before he went on vacation, Mr. John DOE said I
should call you to get this information
Tech Support - pretends to be someone from the
infrastructure support
– System is having a problem
– Needs them to log on to test the connection
10. Spam as social engineering
Human-based Social Engineering
In Person - enter the building and pretend to be an
employee, guest or service personnel
– May be dressed in a uniform
– Allowed to roam
– Becomes part of the cleaning crew
Shoulder Surfing - looking over a shoulder to see
what someone is typing
– Passwords
– Card numbers
– PIN
11. Human Based Social Engineering
• Kevin Mitnick
Spam as social engineering
12. Spam as social engineering
Computer-based Social Engineering
Popup Windows - appearing on the screen, telling
the user they have lost their network connection
and needs to reenter their user name and
password
A program will then e-mail the intruder the information.
Mail attachments - programs can and are
frequently hidden in e-mail attachments
– Viruses
– Worms
– Trojans
13. Spam as social engineering
Computer-based Social Engineering
Spam, Phishing and Hoaxes
– Rely on social engineering to be spread.
– While they do not usually cause damage, they do
cause a loss of productivity.
– Frequently used by entrepreneurs in African
countries (e.g., Nigerian scams)
– They use valuable network resources.
Websites
– Offer something free or a chance to win on a
Website
– To register requires an e-mail address and password
14. Spam as social engineering
What is SPAM ?
Unsolicited Commercial Email (UCE), also known as
"spam" or "junk email"
Spam is advertising wonder products for cheap prices
55 billion spam messages are sent per day
It may comprise 95% of a person or company’s incoming
email load
It represents an ongoing arms race as users seek to stop it
and spammers find ways to bypass new filters
It is a delivery vehicle for email based scams
16. Spam as social engineering
Social Engineering SPAM
Dear Friend.
As you read this, I don't want you to feel sorry for me, because, I believe everyone will die someday.
My name is Peter Lawson,a merchant in Dubai, in the U.A.E.I have been diagnosed with Esophageal Cancer which was
discovered very late,due to my laxity in carrying for my health. It has defiled all forms of medicine, and right now I have
only about a few months to live, according to medical experts.
I have not particularly lived my life so well, as I never really cared for anyone not even myself but my business. Though I am
very rich, I was never generous, I was always hostile to people and only focus on my business as that was the only
thing I cared for. But now I regret all this as I now know that there is more to life than just wanting to have or make all
the money in the world. I believe when God gives me a second chance to come to this world I would live my life a
different way from how I have lived it.
Now that God ! has called me, I have willed and given most of my properties and assets to my immediate and extended
family members and as well as a few close friends. I want God to be merciful to me and accept my soul and so, I have
decided to give arms to charity organizations and give succour and confort to the less priviledged in our societies, as I
want this to be one of the last good deeds I do on earth.
The last of my money which no one knows of is the huge cash deposit of twenty four million dollars that I have with a Security
Company in Europe for safe keeping. I will want you to help me collect this deposit and disburse it to some charity
organizations and to the less priviledged.
Please send me a mail to indicate if you will assist me in this disbursement.
I have set aside 10% for you for your time and patience.
You can e-mail me at:plawson@hknetmail.com
While I await to hear from you, may God be with you and your entire family.
Remain blessed.
Mr.Peter Lawson
17. Spam as social engineering
Social Engineering Email Example
Return-Path: <remus.brad@ulbsibiu.ro>
From: <remus.brad@ulbsibiu.ro>
To: <remus.brad@ulbsibiu.ro>
Subject: Read carefully!
Date: Wed, 24 Apr 2019 08:17:20 +0300
Message-ID: <687038.762826@68703.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Hello!
At first, look at the sender adress "(Mail From:)"
Do you know what that means? I got full access to your email account and sent it from there!
Few months ago I infected your computer with mine private malware ( RAT, Remote Administration Tool ), your browser
wasn't patched.
My tool gave me full control over your computer, even your microphone and webcam.
I collected all the interested things I have found on your computer, your pictures, your whole privacy you dirty pervert!
I even recorded some video of you, over your webcam, you know what I mean!!!
I give you the chance to pay me, exactly: 700$ in bitcoin ( BTC ), or I will publish all I got from you, on social network,
messenger, and I will everyone else know about everything I got from you!!!
Compared to the damage and hell it will bring into your life, I think its a very good price!
You can register your bitcoin wallet here: login.blockchain.com/en/#/signup
To get bitcoin, search on google "Where to buy bitcoins?".
My bitcoin adress is: 15w8KYwC76vDRiSZD2LK6dEbHvs7N38mh6
I give you 3 days time to pay and don't forget, I got access to your email, and I will know if it was already read, so the time is
running.
Don't share this email with anyone, this is our little secret!
MsgID: 7628263412
18. Spam as social engineering
What is Phishing?
“Fishing for personal information”
Use “spoofed” e-mails and fraudulent websites designed to
fool recipients into divulging personal financial data
such as credit card numbers, account usernames and
passwords, social security numbers, etc.
20. Spam as social engineering
Phishing Email Example
Delivered-To: rbrad@ulbsibiu.ro
Received: by 2002:ac2:5586:0:0:0:0:0 with SMTP id v6csp1939062lfg;
Fri, 10 May 2019 02:04:10 -0700 (PDT)
ARC-Authentication-Results: i=1; mx.google.com;
spf=pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender)
smtp.mailfrom=msvp_cnmch@wbhealth.gov.in
Received: from mail.wbhealth.gov.in (mail.wbhealth.gov.in. [125.22.76.8])
by mx.google.com with ESMTP id 16si6460882pfh.244.2019.05.10.02.04.09
for <rbrad@ulbsibiu.ro>;
Fri, 10 May 2019 02:04:10 -0700 (PDT)
Received-SPF: pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender)
client-ip=125.22.76.8;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender)
smtp.mailfrom=msvp_cnmch@wbhealth.gov.in
Received: from localhost (localhost [127.0.0.1])
by mail.wbhealth.gov.in (Postfix) with ESMTP id E0D03704D1AD;
Fri, 10 May 2019 14:33:55 +0530 (IST)
Received: from mail.wbhealth.gov.in ([127.0.0.1])
by localhost (mail.wbhealth.gov.in [127.0.0.1]) (amavisd-new, port 10032)
with ESMTP id DzNVdHTdibzY; Fri, 10 May 2019 14:33:54 +0530 (IST)
Date: Fri, 10 May 2019 14:32:03 +0530 (IST)
From: SUPORT <msvp_cnmch@wbhealth.gov.in>
X-Originating-IP: [207.189.24.165]
X-Mailer: Zimbra 8.0.5_GA_5839 (ZimbraWebClient - GC74 (Mac)/8.0.5_GA_5839)
Înștiințare!!! , Contul contului dvs. de e-mail este datorat pentru validare și e-mailurile dvs. sunt în așteptare. Veți fi dezactivat
din mesajele de expediere / primire până când veți revalida căsuța poștală a contului. :MAILBOX VALIDAT:
<https://www.formpl.us/form/281946001>
SUPORT SISTEM. 001.77 ##
21. SPAM in numbers
Spam as social engineering
Lucian Blaga University of Sibiu E-Mail Server - Study Case
22. Statistics of our mail service (Spam Assassin):
Range: April - May
Increase of received Spam / 15 minutes: ~ 290%
Increase of received Ham / 15 minutes: ~ 50%
Spam as social engineering
SPAM in numbers
23. Statistics of our mail service:
Range: April - May
Increase of rejected mail / 15 minutes: ~ 230%
Increase of accepted mail / 15 minutes: ~ 150%
Spam as social engineering
SPAM in numbers
24. Statistics of our mail service:
Range: April - May
Spam as social engineering
Viruses vs. SPAM
+4%
+290%
25. Statistics of our mail service:
Range: April - May
Spam as social engineering
Server Loads
26. Spam as social engineering
SPAM in numbers
Statistics of our mail service:
Range: April