" social engineering Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘social engineering’

8 Ways to Protect yourself from Forged/Fake Email

Monday, January 26th, 2015

The Internet is rife with fake and forged email.  Typically these are email messages that appear to be from a friend, relative, business acquaintance, or vendor that ask you to do something.  If you trust that the message is really from this person, you are much more likely to take whatever action is requested — often to your detriment.

These are forms of social engineering — the “bad guys” trying to establish a trusted context so that you will give them information or perform actions that you otherwise would not or should not do.

Here we address some of the actions you can take to protect yourself from these attacks as best as possible.  We’ll present these in the order of increasing complexity / technical difficulty.

Read the rest of this post »

Social Engineering from Both Sides: Thinking + Caution = Safety

Thursday, May 3rd, 2012

Thank you, now I know your social security number!

Social Engineering” happens when you are manipulated into revealing sensitive or private information to someone who should not have it.  The person performing the manipulation seeks information that can be used for fraud, identity theft, computer access, and other nefarious actions.

Recently, I have run across a few situations that were not actually social engineering attacks, but could easily have been.  They serve to illustrate the danger.

Read the rest of this post »

What is Social Engineering?

Friday, July 1st, 2011

It is often thought that Viruses and Malware are the biggest threats to your personal information, but there is even a greater threat that often goes undetected. Social Engineering is a technique used by people to gather your personal or secure information without you even thinking twice about giving it away. Social Engineering is most often performed over the phone, but could just as easily be done via email, text messaging, or any other form of communication; you can be Social Engineered by anyone.

In the most basic form, Social Engineering is when someone poses as someone else (i.e. a trusted friend or colleague) to trick you into divulging sensitive information.  “Hey, this is PayPal, please follow this link and re-enter all your banking details — its ok, really!

Read the rest of this post »

Best Practices for Password Reminders and Security Questions

Thursday, May 5th, 2011

Many companies, LuxSci included, recommend or require that users have one or more “Security Questions” and corresponding answers associated with their accounts.  These questions are commonly used to:

  • Verify a user’s identity if the user has forgotten his/her password, or
  • Provide a second factor for logging into the service above and beyond the username and password

Because these questions are used to provide access to the service and identity verification, it is very important that questions and answers be well chosen.

Read the rest of this post »