|
Information Security Tips Series |
||
|
0
Photo |
||
We have discussed various popular social networking websites such as Facebook, MySpace, and Twitter in previous articles. While we are trying our best to protect our privacy and avoid hi-tech attacks by malicious codes, we should not ignore "low-tech" attacks, e.g. "Social Engineering Attack". "Social Engineering Attack" can be defined as an attack based on exploitation of human weaknesses to obtain information for a malicious purpose. A classic example is that the attacker will pretend to be the CEO of a company and phone IT staff direct to obtain account information of the company. He understands that some IT staff members care little about data protection or tend to avoid displeasing their boss. Therefore, they will follow the instructions given by the "boss" without due verification of the caller's identity. The attacker could then use the information to intrude into the company accounts, cause damages or attain their malicious purposes. Why is "Social Engineering Attack" such a great threat to Internet users? The answer is simple. Everyone, even without possessing advanced IT skills, could use this kind of attack to obtain someone else's information. How do we prevent "Social Engineering
Attack"?
* Do not give away sensitive information - Most importantly, do not give away your sensitive or personal information to others whose identities you could not ascertain. * Always authenticate your recipient - Double confirm the authenticity of your recipient through other means, such as office email, office telephone number or verification by a trusted third party. * Do not post personal information - Never post "unnecessary" personal identifiers on social networking websites. Information such as date of birth, address, contact number, and post title could be utilised by an impostor during authentication process in accessing your workplace, credit card, and bank accounts. * Be careful in choosing password recovery question - Most websites request users to input password recovery questions with answers for account re-setting, if needed, e.g. forgetting the password. Generally, pre-defined questions of choices are "Maiden name of your mother" or "Your Pet's name". Answers to such questions, unfortunately, can easily be found in your blog or through "Social Engineering Attack". |
||
| <<Back to Features>> <<Back to Top>> |