IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [social-engineering]

Social engineering is the act of manipulating people into performing actions or divulging confidential information.

201 questions
108
votes
7 answers

Is social-engineering an actual threat

I've recently finished book The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick The book was released on 4th December 2002. Not talking only about techniques described in this book, but are the ways used by…
Marek Sebera
  • 2,233
  • 3
  • 21
  • 27
19
votes
3 answers

The audacity of accountchek.com

Maybe I'm being overly sensitive as an IT professional who has a security mindset, but I am doing a mortgage refinance right now. My lender, who is legitimate (I used them a few years ago for the original purchase of my home), is asking me to help…
theglossy1
  • 385
  • 1
  • 3
  • 11
17
votes
3 answers

What is reverse social engineering?

What is reverse social engineering? Is it something different from normal social engineering?
Lucas Kauffman
  • 54,437
  • 17
  • 116
  • 196
8
votes
3 answers

What (besides not complying, and reporting) should I do with blackmail emails?

I received the following email which claims, among other social engineering, to have installed a keylogger on a former system administrator's Linux box: I‌ kno‌w [old password deleted] o‌n‌e o‌f yo‌ur pa‌ssphra‌s‌es. Lets g‌et dir‌ectly to‌ th‌e…
Christos Hayward
  • 1,210
  • 9
  • 10
8
votes
1 answer

Are there more hacks done by social engineering, etc, than breaking the software system?

There is a saying that, rather than finding a vulnerability in a strong security system, the hacker is more likely to hack into your system by social engineering, physically breaking into the room the server is in, getting help from an insider, or…
user23013
  • 740
  • 5
  • 11
6
votes
2 answers

What is the Ethics and Legality of Grabbing Data from Social Networks to aid a Pentest?

What is the ethics and legality of developing and using a tool to grab data on employees in the client's company in social networks such as facebook, twitter and linkedin. The data should then be used in a pentest in social engineering attacks. Data…
h00j
  • 766
  • 1
  • 7
  • 18
5
votes
1 answer

How to detect social engineering attack?

How can I understand if I am being targeted by a grey hat social engineer? And if I fail, what approaches exist to detect social engineering attacks being in progress within an organisation?
oleksii
  • 1,068
  • 1
  • 9
  • 20
5
votes
2 answers

What is the name for building trust on a platform before pillaging?

What's the common or recognized name for a vulnerability on a platform where someone can build trust and than pillage/exploit that trust for profit or information? It's driving me crazy, and I constantly forget it every time I want to use it, and…
WindDude
  • 101
  • 5
4
votes
1 answer

They think I am their IT Dept....What to do about it?

I have been asked to test out any security holes for a company. I created an email account that looks similar to their IT department's address and everybody is complying :) I have only asked them to send me some simple things like their WAN IPs. I…
Duclaws
  • 43
  • 3
3
votes
1 answer

Social Engineer Toolkit (Cloning Sites)

Is it legal or illegal to use the cloning site option within the social engineer toolkit (SET) or any other tool that clones websites? I was under the impression that if performing a social engineer exercise with a signed document from a client, I…
Pentest
  • 153
  • 1
  • 1
  • 6
3
votes
2 answers

How to mimic an emotion?

Microexpression is a brief facial expression according to emotions experienced. It is also one of the most powerful SE (social engineering) weapons. However, they are very hard to master. Are they any exercises, techniques, training, or methods that…
StupidOne
  • 2,812
  • 23
  • 35
3
votes
2 answers

Someone is using similar domain and spamming clients

This is the problem my friend is facing in his office. Someone is using an almost similar domain as my friend's company (via email). This person is posing as their company and asking them to send money with an invoice of the same format as his…
aitkotw
  • 33
  • 2
3
votes
1 answer

Detecting attempts to manipulate help desk support

If users forget their password, lose their one-time-password tokens, or otherwise become unable to access their accounts, they call the help desk. In certain circumstances, help desk support is allowed to set a temporary password and suspend…
ztk
  • 2,267
  • 14
  • 22
2
votes
1 answer

Should police departments recommend the securit.leadsonline.com website as a secure place to store information about our valuables?

This is kind of a social engineering question -- my local law enforcement agency sent out this email today: Help us by keeping identifying information about your valuables safe and accessible – Use ReportIt - it’s web-based and FREE. In just…
Johnny
  • 1,438
  • 13
  • 19
2
votes
1 answer

How safe is to have a LinkedIn account where you have published all the important information about yourself?

How safe is it to make your information public? I know that there are many risks from social engineers' side, if you put everything about yourself a hacker will have most of the information about you which you gave them by yourself like people do…
cyberbird
  • 127
  • 8
1
2