Day 1 - Security: Social Engineering » More questions
Zainab (host): Take a look at some more questions and answers relating to Social Engineering below...
Question:
OSINT was mentioned on the first day of this week in Mike's video, what does that stand for and mean?
OSINT was mentioned on the first day of this week in Mike's video, what does that stand for and mean?
Answer:
OSINT stands for Open Source Intelligence Techniques. It is not hacking; it is simply knowing where to go that is open, easy or free to access (e.g. the Internet, Social Media etc.) to find intelligence on people that on its own (or when aggregated) could be used in further social engineering or fraud activities.
OSINT stands for Open Source Intelligence Techniques. It is not hacking; it is simply knowing where to go that is open, easy or free to access (e.g. the Internet, Social Media etc.) to find intelligence on people that on its own (or when aggregated) could be used in further social engineering or fraud activities.
Question:
Is vishing a real thing? And someone mentioned another one the other day called smishing?
Is vishing a real thing? And someone mentioned another one the other day called smishing?
Answer:
Vishing is very real. It is similar to phishing but instead uses phone calls to try and gain information from people or get them to do something. Fraudsters use this a lot to attack contact centres (e.g. a company's helpdesk) and pretend to be the customer so they can obtain account information.
Smishing is again similar, but through message platforms such as text or messenger etc.
Vishing is very real. It is similar to phishing but instead uses phone calls to try and gain information from people or get them to do something. Fraudsters use this a lot to attack contact centres (e.g. a company's helpdesk) and pretend to be the customer so they can obtain account information.
Smishing is again similar, but through message platforms such as text or messenger etc.
Question:
Are there any famous examples of social engineering attacks?
Are there any famous examples of social engineering attacks?
Answer:
A good example of social engineering is the famous digital bank robbery committed by North Korean state actors on the bank of Bangladesh. They needed to gain access to the bank's systems, then the international system, Swift, to be able to commit the digital robbery that would involve transferring over 1 billion pounds out of the federal bank into fake accounts set up around the world. They started their escapade by sending phishing emails to employees. In January 2015, an innocuous-looking email had been sent to several Bangladesh Bank employees. It came from a job seeker calling himself Rasel Ahlam. His polite enquiry included an invitation to download his CV and cover letter from a website. In reality, Rasel did not exist. The CV, once clicked and opened, was malware that allowed them to get into the bank's systems. You can read more about it here: The Lazarus heist: How North Korea almost pulled off a billion-dollar hack.
A good example of social engineering is the famous digital bank robbery committed by North Korean state actors on the bank of Bangladesh. They needed to gain access to the bank's systems, then the international system, Swift, to be able to commit the digital robbery that would involve transferring over 1 billion pounds out of the federal bank into fake accounts set up around the world. They started their escapade by sending phishing emails to employees. In January 2015, an innocuous-looking email had been sent to several Bangladesh Bank employees. It came from a job seeker calling himself Rasel Ahlam. His polite enquiry included an invitation to download his CV and cover letter from a website. In reality, Rasel did not exist. The CV, once clicked and opened, was malware that allowed them to get into the bank's systems. You can read more about it here: The Lazarus heist: How North Korea almost pulled off a billion-dollar hack.
Got a question? email computerscience@bt.com