Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.
Welcome to CWAnswers
CWAnswers is your guide to the sprawling world wide web. The directory aims to provide a useful guide made by users. You can share your knowledge as well - simply sign up and edit your first entry. For questions just contact the team at support - at - cwanswers.com.
Weblinks for Pretexting
Top 10 for Pretexting
Things about Pretexting you find nowhere else.
Select content modules
Word of the Day: Pretexting. Brought to you by Hewlett-Packard | BlogHer
Like a rock star who becomes an overnight success, pretexting is word that seems to have come out of nowhere,and ... Blog Lists. Health & Wellness. Body ...www.blogher.com/node/10397H-P: Dissecting Pretexting - Law Blog - WSJ
H-P: Dissecting Pretexting. Article. Comments (7) Law Blog HOME PAGE " Email. Printer Friendly ... Wall Street Journal's Law Blog covers the notable legal ...blogs.wsj.com/law/2006/09/19/h-p-dissecting-pretexting/Pretexting - Wikipedia
Describes the legal aspects of pretexting, or the act of pretending to be someone who you are not by ... www.plotkin.com/blog-archives/2006/09 ...en.wikipedia.org/wiki/PretextingIdentityBlog - Digital Identity, Privacy, and the Internet's Missing ...
Kim Cameron's Identityblog contributes to the discussion of Identity and ... WebLogs " Blog Archive " Pretexting and Privacy"> Popular WebLogs " Blog Archive " ...www.identityblog.com/?p=584Pretexting
Pretexting I wrote about the HP and the spying scandal yesterday. ... Pretexting TrackBack URL : http://blog.tmcnet.com/mt/mt-tb.cgi/26845 ...blog.tmcnet.com/blog/rich-tehrani/technology/pretexting.htmlSocial engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.
Social engineering techniques and terms
All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases. These biases, sometimes called "bugs in the human hardware," are exploited in various combinations to create attack techniques, some of which are listed here:
Pretexting
Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a targeted victim to release information or perform an action and is typically done over the telephone. It is more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information (e.g. for impersonation: date of birth, Social Security Number, last bill amount) to establish legitimacy in the mind of the target.
This technique is often used to trick a business into disclosing customer information, and is used by private investigators to obtain telephone records, utility records, banking records and other information directly from junior company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager (e.g., to make account changes, get specific balances, etc).
As most U.S. companies still authenticate a client by asking only for a Social Security Number, date of birth, or mother's maiden name, the method is effective in many situations and will likely continue to be a security problem in the future.
Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, or insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. The pretexter must simply prepare answers to questions that might be asked by the victim. In some cases all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one's feet.
Phishing
main: Phishing Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business — a bank, or credit card company — requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate — with company logos and content — and has a form requesting everything from a home address to an ATM card's PIN.
For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user's account was about to be suspended unless a link provided was clicked to update a credit card (information that the genuine eBay already had). Because it is relatively simple to make a Web site resemble a legitimate organization's site by mimicking the HTML code, the scam counted on people being tricked into thinking they were being contacted by eBay and subsequently, were going to eBay's site to update their account information. By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who already had listed credit card numbers with eBay legitimately, who might respond.






















