The warnings about password protection from University Computing Services are simple and common sense, but somehow we look past them. 108 students' accounts have been compromised in January 2011, representing a spike on the charts that rivals July's chaotic phishing spree.
Hackers are getting better at fooling us. Loren Malm, assistant vice president for Information Technology, said students need to stay accountable. The most recent attacks are coming from websites in the United Arab Emirates and Indonesia, but the hackers might actually be from anywhere and may have just hacked into these vulnerable websites.
The e-mails warn students their webmail account has expired and urge them to follow a link to update and access their account. At second glance, it's easy to see when an e-mail is being sent from an illegitimate source.
See the article: http://www.bsudailynews.com/news/ball-state-students-foiled-by-phishing-attempts-1.2435626
Social Engineering is a technique used to trick an individual into giving up sensitive information that can be used in a malicious activity. The social engineer may use e-mails, voice messages, or even in person visits masquerading as a legitimate or trusted source.
The basic goals of social engineering are the same as hacking in general, which is to gain unauthorised access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network. Typical targets include larger entities such as government agencies, research institutes and hospitals.
Examples of security risks of social engineering include:
- Machines falling into control by Hackers
- Theft of credentials leading to financial loss and reputation damage
- Launch of local attacks to the whole network
- Bandwidth and performance downgrade
- Legal liability arisen from the hacking activities