Social Engineering ( Para ) And Profiling A Target Essay
Social Engineering (SE) - Getting others to act or do an action they ordinarily might not do.
Most of us are helpful and trusting
Phishing – Obtaining information or data using SE techniques, typically not extremely targeted.
Tax time!, Disaster scams, Reputation or reporting scams (many expanded examples below)
Vishing - Voice Phishing, typically phone calls, but Skype, FaceTime etc..
Smishing - Using SMS/Text 'ing to conduct phishing.
DOX’ing – Documenting (doc’s) and profiling a target, to gain insight into how to SE them.
Using LinkedIn, Monster.com, FaceBook, Twitter, (Social Media), Phone Books, Public Records
Spear Phishing – Precisely targeting a company, group or individual ( likely leveraging DOX) to create a phish.
The old advice on Phishing needs to be updated. Spelling and grammatical errors are not a dead give away anymore, Phish are only getting better as criminals get more organized and offer more services (such as spell/grammar checks). Phishing is also getting easier with more and more frameworks being created. The frameworks are usually created with altruistic goals in mind, but as my other article points out, there are dualities associated with most security tools.
I will not delve into the many tools or frameworks, instead I will outline ways to improve your current Security Awareness Training (SAT). Most SAT is extremely boring, remedial and downright pedestrian. Most professional Phishing services have a "phishing splash…