In his book, The Art of Deception, Kevin Mitnick describes a fatal flaw that most people share: A tendency to have trust and faith in each other. we all want to trust and be trusted - trusting someone can sometimes mean giving a part of you to them.
This blind trust in others has resulted in thousands of people doling out personal information, large amounts, and cooperate data to random strangers. It's like a bad relationship where you have complete trust in someone but they still go at your back cheating on you or taking advantage of your trust.
A perfect example can be seen in victims believing stories as ridiculous as a Nigerian prince that needs to enlist the help of a random stranger to transfer vast amounts of money out of his own country.
While it is possible that the popularization of the Internet has hardened our defenses against such obvious attempts at social engineering such as advance fee fraud perpetuated by “Nigerian prince”, this has not changed the fact that we are still very vulnerable to well-crafted social engineering attacks.
In fact, as security administrators hold up obvious cases of social engineering in their organization’s awareness campaigns, they unfortunately reinforce a tragic misconception that the average person possesses: that they are too smart to be deceived. The result is that the person has an inflated sense of security and will be easily exploited by social engineers that are discreet enough to only make reasonable requests that will draw no suspicion until it is too late.
A well thought campaign must create the awareness that no matter how smart you are, someone is out there to outsmart you, hence the need to always be on the look-out and sharp in carrying out daily activities.
This blind trust in others has resulted in thousands of people doling out personal information, large amounts, and cooperate data to random strangers. It's like a bad relationship where you have complete trust in someone but they still go at your back cheating on you or taking advantage of your trust.
A perfect example can be seen in victims believing stories as ridiculous as a Nigerian prince that needs to enlist the help of a random stranger to transfer vast amounts of money out of his own country.
While it is possible that the popularization of the Internet has hardened our defenses against such obvious attempts at social engineering such as advance fee fraud perpetuated by “Nigerian prince”, this has not changed the fact that we are still very vulnerable to well-crafted social engineering attacks.
In fact, as security administrators hold up obvious cases of social engineering in their organization’s awareness campaigns, they unfortunately reinforce a tragic misconception that the average person possesses: that they are too smart to be deceived. The result is that the person has an inflated sense of security and will be easily exploited by social engineers that are discreet enough to only make reasonable requests that will draw no suspicion until it is too late.
A well thought campaign must create the awareness that no matter how smart you are, someone is out there to outsmart you, hence the need to always be on the look-out and sharp in carrying out daily activities.
Nice information very helpful. Thank.
ReplyDeletethanks alot bro for the comment! @TanroseDflyboy
ReplyDelete