Please enable JavaScript.
Coggle requires JavaScript to display documents.
CHAPTER 6, The techniques or psychological tricks used to get people to…
CHAPTER 6
-
Social Engineering
Fraudsters take advantage of the following seven human traits in order
to entice a person to reveal information or take a specific action:
- Compassion—The desire to help others who present themselves as really needing your help.
- Sex Appeal—People are more likely to cooperate with someone who is flirtatious or viewed as “hot.”
- Greed—People are more likely to cooperate if they get something free or think they are getting a once-in-a-lifetime deal.
- Sloth—Few people want to do things the hard way, waste time, or do something unpleasant; fraudsters take advantage of our lazy habits and tendencies.
- Urgency—A sense of urgency or immediate need that must be met leads people to be more cooperative and accommodating.
- Trust—People are more likely to cooperate with people who gain their trust
- Vanity—People are more likely to cooperate if you appeal to their vanity by telling them they are going to be more popular or successful.
Establishing the following policies and procedures and training people to follow them can help minimize social engineering:
- Never let people follow you into a restricted building
- Never log in for someone else on a computer, especially if you have administrative access.
- Never give sensitive information over the phone or through e-mail.
- Never share passwords or user IDs.
- Be cautious of anyone you do not know who is trying to gain access through you
-
Malware
spyware
-
● Downloads such as file-sharing programs, system utilities, games, wallpaper, screen savers, music, and videos.
-
-
-
-
● Public wireless networks. At Kinko’s in Manhattan, an employee gathered the data needed to open bank accounts and apply for credit cards in the names of the people using Kinko’s wireless network.
-
- The techniques or psychological tricks used to get people to comply with the perpetrator’s wishes in order to gain physical or logical access to a building, computer, server, or network. It is usually to get the information needed to obtain confidential data.
-