Content found in this wiki may not reflect official Church information. See Terms of Use for more information.

Social engineering (Family Safety)

From TechWiki
Jump to navigationJump to search

Family safety

Social engineering is the act of manipulating people into performing actions or divulging confidential information exploiting their trust in other people or computer systems. The attacks are often committed by using misleading email, web sites, or phone calls. Communications look or sound real, often offer rewards or threaten penalties, and create a sense of urgency to respond quickly.

Simply put, it is a scam or form of fraud.

Statistics

Social engineering attacks have been steadily increasing for years. One example of this is phishing, which is a form of social engineering perpetuated over email. The Anti-Phishing Working Group reported that in 2010 phishing attacks reached 30,000 reported attacks per month.[1]

Concerns

Social engineering abuses trusted relationships to obtain sensitive information or to get people to unknowingly take actions against their best interests.

Criminals use these methods to get people to reveal sensitive information, such as payment card information, bank account information, account names and passwords, and personal information used to commit identity theft or other crimes.

For example, criminals will present themselves, in person, in a phone call, or in emails, as an employee of a bank, phone company, computer company, or other organization which the target person trusts, to attempt obtain sensitive information from them, or to get them to take actions which will compromise their computer or mobile technology device, such as a smartphone.

Email safety / phishing

Criminals send email to people that looks real, often imitates a trusted partner, such as a bank, technology company, or relative, and offer rewards or create a sense of urgency to act quickly. Clicking a link in an email will forward the person being attacked to a site they assume is real, where they divulge information such as their login name and password or other sensitive information.

USB drives

The criminal leaves USB drives in places where they will be picked up and inserted into a target computer system. The USB drive contains a virus or other malicious software that will compromise the computer system, causing it to send out sensitive information or perform tasks that the attacker specifies, such as forwarding spam email.

Phone calls

The criminal calls an individual looking to get sensitive information by impersonating a trusted individual, such as a customer service representative from a company or organization trusted by the individual being attacked. Sometimes the attacker will give you information the trusted individual or organization would have, such as an account number or names of individuals, to get you to believe they are legitimate.

Texting

The criminal sends a cellular phone text message pretending to be a bank or other trusted organization or person and asks the receiver to send back information such as their credit card number or other sensitive information.

With smartphones, the attacker may send a message to an individual which includes an internet site address that appears to be valid, but instead directs the person to divulge sensitive information or installs a virus or other malicious software.

Suggestions

  • Never use links in emails, texts, or social network sites. Type in the site address (www.lds.org) yourself to ensure that the browser goes to the site expected. You can also use bookmarks that you made after you typed in the site address.
  • Never give out sensitive information such as a social security number, login name and/or password, or bank or payment card information to a caller or in a link used from an email.
  • Understand that phony emails can look completely authentic, and appear to come from someone you trust.
  • Call individuals, companies, or organizations at numbers you know are valid. Never use a number listed in an email, or given to you from someone who called you. These phone numbers can also be phony with criminals answering the call, instead of those you expect.

Conference talks and Church magazine articles

  • Dallin H. Oaks- "Other criminals live by stealing. And not all stealing is at gunpoint or by dark of night. Some theft is by deception, where the thief manipulates the confidence of his victim. The white-collar cousin of stealing is fraud, which gets its gain by lying about an essential fact in a transaction."[2]
  • Topical Guide: Fraud
  • LDS Newsroom: Affinity Fraud

See also

References

  1. APWG Report Q1 2010 - [1]
  2. Dallin H. Oaks, “Brother’s Keeper”, [2], Ensign, Nov 1986

External links

For additional information: