09
Jan
10

Surfing with the phishes

Social Engineering

Defined as “the clever manipulation of the natural human tendency to trust”, especially when the “thing” in question is so friggin’ tempting and all it takes is one click of a mouse button. Wiki describes it a bit more elaborately as “the act of manipulating people into performing actions or divulging confidential information.” Either way, it’s still one of the biggest threats people face while being online.

Long before internet came to Mizoram, there were instances of “primitive” social engineering in the form of snail mail. I remember my late Gramps following up on Reader’s Digests’ assurance of winning some Lakhs if he regularly renews his subscription. It was not such a bad deal, the magazine made a good read, and he didn’t really mind renewing, but unknowingly he was prey to the Magazine’s cleverly concocted scheme to keep their customers’ loyalty. Sure, he didn’t win the huge pile of cash, but I don’t think anybody did, and the disappointment of not winning was forgotten with time. The good ‘ol days… *sigh!

Now the landscape has changed, with most of the educated self-respecting population being net-savvy, access to the internet is fast and easily available, be it from the local cybercafes, home connections, GPRS, piggy-backing on random WLANs, etc. But it also brings evil-doers closer to home, and net users can no longer be ignorant about the looming threats anymore. It is, as has always been, the survival of the fittest.

Phishing

The time I created my first email account, it was exciting to receive emails, didn’t really mattered who’d sent it or where it came from. Each email was read carefully from top to bottom, even if it didn’t mean anything. More than 10 years on and I’m still using the same email address. I get more spams than readable emails, its like looking for primes in a sea of odd numbers, more so because of my earlier rampant browsing habits (Mostly involves clicking anything that moves and providing information to any form that asks for it!). I guess my old ways are finally catching up with me!

Phishers use cleverly designed emails to lure users into their traps. The first thing they need to establish is your Trust, which is usually done by displaying a valid company logo, your name in the Subject, sending it from a valid First and Last name, etc. Here are 2 such examples, one taken from the internet and the latter from my inbox:

Another way to lure unsuspecting victims is by exploiting something which we all know too well. Money and Porn. The two things that makes us human deep down, no matter how much we may hide behind our carefully crafted facade. We may have been tamed by civilization, but we are still animals, social or not. Enough non-tech for now! The following examples are a clear indication that there are no boundaries, morals or shameful, no stone left unturned by malicious-users to get what they want:

So the next time you open your email, even from a well known friend requesting you to view his/her video, pic, etc or someone offers you money online, check and double-check the link you are about to click. When viruses/spywares/trojans etc. get on the computer, users usually deny ever having attached an infected pen drive, clicking on pop-ups, browsing Porn, etc, but that is history. What kind of a Virus-coder would I be if my creations are easily detected. The moment you plug-in your USB drive, or even when you click on you C:/D: etc, there is an Autorun file which always gets executed in the background, unless you Disable Autorun ! And that is just one of the zillion ways you get infected.

Mum always said that life is all about the choices we make, and that is what makes us who we are. We have the power of Freewill, but it is of no use without knowledge. But now we can have all the information we need, so whenever you are in doubt, don’t bing it, Google!

List of pictures used without permission:


11 Responses to “Surfing with the phishes”


  1. January 10, 2010 at 11:49 pm

    with no offence meant to those that work in the industry, “the clever manipulation of the natural human tendency to trust” seems to describe advertising so well too! though i do sometimes wonder at how easily we trust organisations whose stated goal is to make as much profit from us as possible…

    i remember once hearing (kevin mitnick?) that most crackers used social engineering methods to get information. was told of an early exploit of AOL internet accounts by a person who pretended to have a vocal disability.

  2. 2 mesjay
    January 12, 2010 at 10:15 am

    Hmm, looks like the more advanced we get the more danger. It’s such a mind boggling world out there😦

  3. January 14, 2010 at 11:30 am

    Post of the Week. FTW.

  4. 4 father_sphinx
    January 15, 2010 at 2:53 pm

    Very informative! Good post there.

  5. 5 NotGood
    January 15, 2010 at 9:37 pm

    @Baruk: I guess no matter how technologically advanced we may become, human error is still one of the top Security threats.. and I do agree with you on the Advertising bit!😀

    @mesjay: Don’t be so stressed, there are probably twice the number of people working against internet threats rather than for it, its a huge business..🙂 Thanks for dropping by..

    @Kima: Honored!

    @Father: Thank you.. Hope the post provides wariness for the unwary!

  6. January 17, 2010 at 5:08 pm

    Really informative. Post topic hi ka man mai lo a..lol. ‘Surfing with the phishers/phishermen’ te ti la..hehe..Phishing, pharming, social engineering lampang hi a bikin net newbies te hrilh fiah thrat a poimoh khop mai. Again, nice post🙂

  7. 7 NotGood
    January 21, 2010 at 6:10 am

    @Keichala: Thank you and Welcome to my blog. Internet access a awlsam tial tial a, hmangsual tu an tam ve zel lo thei lo bawk alom. Fimkhur ringawt a tawk tawh lo, mahni in update ve char char a ngai tlat ani. The bad guys seem like they work harder than the good ones.😛

  8. January 25, 2010 at 1:05 pm

    ….and there are tons of evil minds out there

  9. 9 NotGood
    January 30, 2010 at 3:26 am

    @Keichala: You don’t wanna know the half of it! Many Hackers/Virus coders do it because they can, and there are others who WOULD do it if they can!

  10. January 30, 2010 at 10:53 am

    Will you do it if you can? hehe

  11. 11 NotGood
    February 1, 2010 at 7:18 pm

    Definitely!😀


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: