IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [social-engineering]

Social engineering is the act of manipulating people into performing actions or divulging confidential information.

201 questions
114
votes
6 answers

Roles to play when tailgaiting into a residential building

Following people into a large RFID protected residential building is ridiculously easy, as not everyone knows everyone else. Just the other day I was let in with a rifle (an airgun, but how could have they known). But standing helplessly in front of…
Vorac
  • 1,817
  • 3
  • 20
  • 27
108
votes
7 answers

Is social-engineering an actual threat

I've recently finished book The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick The book was released on 4th December 2002. Not talking only about techniques described in this book, but are the ways used by…
Marek Sebera
  • 2,223
  • 3
  • 20
  • 27
107
votes
19 answers

Defence methods against tailgating

This is a follow-up question to this one: Roles to play when tailgaiting into a residential building How do you protect yourself or your company against tailgaters? What is the best answer when you are asked by, let's say the delivery guy, to let…
Lithilion
  • 1,669
  • 2
  • 7
  • 16
89
votes
9 answers

How to distinguish between a scam and a genuine call?

My bank called me the other day and the person who spoke to me failed to give me a single evidence that he is calling from my bank. The bank number is hidden just like many other companies maybe because they use VOIP to make calls or they don't…
Ulkoma
  • 8,793
  • 16
  • 65
  • 95
77
votes
11 answers

If someone asks to borrow your phone to make a call, what could they do?

A stranger walks up to you on the street. They say they lost their phone and need to make a phone call (has happened to me twice, and maybe to you). What's the worst a phone call could do? Let's assume they don't run, don't plug any devices into the…
Andy Ray
  • 1,098
  • 1
  • 8
  • 12
76
votes
13 answers

Why is a link in an email more dangerous than a link from a web search?

Everyone knows of the common cybersecurity tips to be careful when you open links in an email. But every day we look for something on the Internet, clicking links which the search engine shows us, and we do not have the same fear. Why are the links…
Adam Shakhabov
  • 843
  • 1
  • 5
  • 7
67
votes
5 answers

Advised to block all traffic to/from specific IP addresses

My CFO received an email from a director at a financial institution advising that all traffic (inbound and outbound) from certain IP addresses should be blocked at the firewall. The director at the financial institution was advised by his IT…
upsidedowncreature
  • 761
  • 1
  • 5
  • 7
45
votes
2 answers

Does this mean Target's twitter was successfully attacked?

I was just surprised to see this suspicious promoted tweet, asking me to send Bitcoins I added the hand-drawn red lines so I am not responsible for propagating the apparent scam. Clicking on the user name seems to take me to the genuine Target…
Oddthinking
  • 1,767
  • 3
  • 15
  • 17
37
votes
4 answers

Why is social engineering often excluded from bug bounties?

I noticed a lot of companies do not have social engineering as in-scope of bug bounties/responsible disclosure guidelines, even though it is often used in real-world attacks. I understand that for popular bug bounty programs the amount of social…
Z3r0byte
  • 473
  • 4
  • 6
36
votes
7 answers

Is it possible to improve brute-force guessing of a password with a picture of the keyboard used to enter it?

Is it a bad idea to post a photo of your keyboard to social media? Can I look at a photo of a keyboard and determine the password of an account? Assuming a certain (set of) password(s) is the most commonly typed character sequence on a given…
formicophobia
  • 515
  • 4
  • 9
35
votes
6 answers

After getting doxxed, how can one protect personally identifiable information?

Doxing (publicly releasing private information about an individual, to make it easier to harass them) is becoming an increasingly popular tactic not just for hackivists and Anonymous, but also for petty individual revenge. What are actionable, best…
J Kimball
  • 2,137
  • 1
  • 13
  • 19
34
votes
10 answers

Can an HTTPS site be malicious or unsafe?

I know it's possible for a computer to be infected just by visiting a website. I also know that HTTPS websites are secure. To my understanding, "secure" here refers to "immune to MITM attacks", but since such websites have certificates and such, is…
Ulkoma
  • 8,793
  • 16
  • 65
  • 95
34
votes
7 answers

How do I educate others about social engineering?

One of my friends used to boast about how long his passwords are. One day, I decided to play a prank and social-engineered it out of him. I was pretty surprised as to how effortless the entire procedure was, and how oblivious others can be. Many of…
Manishearth
  • 8,237
  • 5
  • 34
  • 56
32
votes
7 answers

How do hackers make the victim access an XSS attack URL?

As I understand it, the basic idea of XSS is to let the user's browser execute some malicious code created by the hackers. Say, if a page has a vulnerability of loading arbitrary script when user access this…
Hetfield Joe
  • 421
  • 4
  • 5
29
votes
7 answers

When do honest people need privacy or anonymity? (e.g. they have nothing to hide)

I'm having a discussion with someone who thinks they don't need technical measures of privacy or anonymity. Common arguments against needing to care about privacy or anonymity include: Everything about them can be Googled or searched from public…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
1
2 3
13 14