Professional Documents
Culture Documents
Page 1 of 10
Page 2 of 10
Page 3 of 10
2.
3.
Page 4 of 10
Social Engineering
In social engineering, perpetrators trick employees into giving
them the information they need to get into the system.
Identity theft is assuming someones identity, usually for
economic gain, by illegally obtaining and using confidential
information such as the persons Social Security number or their
bank account or credit card number. Identity thieves benefit
financially by taking funds out of the victims bank accounts,
taking out mortgages or other loan obligations, and taking out
credit cards and running up large debts.
In one case, a convicted felon incurred $100,000 of credit card
debt, took out a home loan, purchased homes and consumer goods,
and then filed for bankruptcy in the victims name.
In pretexting, people act under false pretenses to gain
confidential information. For example, they might conduct a
security investigation and lull the person into disclosing
confidential information by asking 10 innocent questions before
asking the confidential ones.
Posing is creating a seemingly legitimate business, collecting
personal information while making a sale, and never delivering a
product.
Phishing is sending out an e-mail, instant message, or text
message pretending to be a legitimate company, usually a financial
institution, and requesting information. The recipient is asked to
either respond to the e-mail request or visit a Web page and
submit the data or respond to a text message.
The IRS has set up a Website and an e-mail address
(phishing@irs.gov) where people can forward for investigation
suspicious e-mails that purport to be from the IRS.
In voice phishing, or vishing, e-mail recipients are asked to call
a specified phone number, where a recording tells them to enter
confidential data.
Page 5 of 10
Page 6 of 10
Malware
This section describes malware, which is any software that can be
used to do harm. A recent study shows that malware is spread using
several simultaneous approaches, including file sharing (used in
72 percent of attacks), shared access to files (42 percent), email attachments (25 percent), and remote access vulnerabilities
(24 percent).
Pages 160165 list various malware types.
Spyware software secretly collects personal information about
users and sends it to someone else without the users permission.
The information is gathered by logging keystrokes, monitoring
computing habits such as Websites visited, and scanning documents
on the computers hard disk.
Spyware infections, of which users are usually unaware, come from
the following:
1. Downloads such as file sharing programs, system
utilities, games, wallpaper, screensavers, music, and
videos.
2. Websites that secretly download spyware when they are
visited. This is call drive-by downloading.
3. A hacker using security holes in Web browsers and other
software.
4. Programs masquerading as anti-spyware security software.
5. A worm or virus.
6. Public wireless network. For example, users receive a
message they believe is from the coffee shop or hotel
where they are using wireless technology. Clicking on the
message inadvertently downloads a Trojan horse or spyware
application.
One type of spyware, called adware (short for advertising
supported software), does two things: First, it causes banner ads
to pop up on your monitor as you surf the Net. Second, it collects
information about the users Web-surfing and spending habits and
Page 7 of 10
Page 8 of 10
2.
3.
Page 9 of 10
Page 10 of 10