Electronic transactions and Web sites create business risks. Criminals around the world are stealing credit card information, bank account passwords, and other personal information in greater numbers than ever before. Threats range from high-tech blended attacks to low-tech pretexting cons. There are two types of attacks – nontechnical and technical.Nontechnical Attacks
Nontechnical attacks are those which a perpetrator uses some form of deception or persuasion to trick people into revealing information or performing actions that can compromise the security of a network. Examples of nontechnical attacks are pretexting and social engineering.
Pretexting
Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a targeted victim to release information or perform an action and is typically done over the telephone. It is more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information (e.g. for impersonation: date of birth, Identity Card Number, last bill amount) to establish legitimacy in the mind of the target.
Social Engineering
Social engineering is a type of non technical attack that uses some ruse to trick users into revealing information or performing an action that compromises a computer or network. Like hacking, the goals of social engineering are to gain unauthorized access to systems or information. Phishing attacks rely on social engineering.
Phishing
Phishing is a criminal technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business — a bank, or credit card company — requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate — with company logos and content — and has a form requesting everything from a home address to an ATM card's PIN.
Technical Attacks
In contrast, software and systems knowledge are used to perpetrate technical attacks. A computer worm is an example of a technical attack. Most attacks involve a combination of the two types. For instance, an intruder may use an automated tool to post a message to an instant messaging service offering the opportunity to download software of interest to the reader (e.g., software for downloading music or videos). When an unsuspecting reader downloads the malicious software, it automatically runs on his or her computer, enabling the intruder to turn the machine into zombie to perpetrate a technical attack.
Phishing is a criminal technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business — a bank, or credit card company — requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate — with company logos and content — and has a form requesting everything from a home address to an ATM card's PIN.
Technical Attacks
In contrast, software and systems knowledge are used to perpetrate technical attacks. A computer worm is an example of a technical attack. Most attacks involve a combination of the two types. For instance, an intruder may use an automated tool to post a message to an instant messaging service offering the opportunity to download software of interest to the reader (e.g., software for downloading music or videos). When an unsuspecting reader downloads the malicious software, it automatically runs on his or her computer, enabling the intruder to turn the machine into zombie to perpetrate a technical attack.
Links
http://en.wikipedia.org/wiki/Pretexting
Posts
No comments:
Post a Comment