Ορισμός:
Κοινωνική μηχανική (Social engineering) είναι η πράξη της προφορικής χειραγώγησης ατόμων με σκοπό την απόσπαση πληροφοριών.
Although similar to trickery or simple fraud, the term is mainly associated with deceiving individuals in order to obtain confidential information necessary to access a computer system.
Συνήθως αυτός που την εφαρμόζει δεν έρχεται ποτέ πρόσωπο με πρόσωπο με το άτομο που εξαπατά ή παραπλανά. Παρόλο που ο όρος ίσως να μην είναι ακριβής ή επιτυχημένος έχει πλέον καθιερωθεί.
How it works:
It relies mainly on human curiosity or greed and ignorance. Many people think that a good antiviral protects them but these only work for widely known viruses and for widely known techniques and not for a specially made "virus". Many also, either out of credulity or out of politeness, will not refuse to give evidence to someone who asks politely or under supposed 'pressure'.
Ο άμεσος στόχος δεν είναι πάντα η αποκάλυψη του κωδικού. Για κάποιον που θέλει να διεισδύσει σε ένα υπολογιστικό σύστημα πολλές φορές είναι αρκετή ακόμα και η απλή γνώση του αριθμού έκδοσης του λειτουργικού συστήματος ή άλλων προγραμμάτων που χρησιμοποιεί ο χρήστης. Με αυτές τις πληροφορίες μπορεί να μάθει αν υπάρχουν “τρύπες” στα προγράμματα και να τις αξιοποιήσει.
Other information that can be collected, which may be useful, such as dates of birth, names of children, names of persons responsible for computerisation, etc. are collected either through chat or from the so-called social networks or from the company's websites.
This information is later used in conversation, whether by phone, email or instant messaging, to convince the victim that he or she is an acquaintance and thus extract even more information or, even better, a password.
Στόχος μας:
Our aim is to train the staff of a company or employer organisation through a training, monitoring and performance monitoring platform that supports a wide range of safety training programmes.
The main topics covered by the training platform include, among others:
1. Credit Card Security
2. Create & Manage Strong Passwords
3. Secure Management of Sensitive Data
4. Safe Navigation
5. Safe use of Social Media
6. Corporate Email Breach Attacks (BEC Scams)
7. Ransomware attacks
8. E-mail Spoofing attacks
9. Malware Attacks
10. Phishing attacks
11. USB attacks
12. Social Engineering
13. Data Classification (Data Classification)
14. Creating a "Human Firewall" (Human Firewall)
15. User Recognition and Identification
16. Safety When Using Mobile Devices
17. Safe Internet Behaviour
18. Awareness of Call Center Employees (Call Center & Help
Desk Αwareness)
19. Raising awareness of the Top Safety Issues
20. Raising awareness of Safe Use issues among managers
Computer Systems & Data Protection
21. Safety in the Work Environment
22. Understanding Encryption
As secure as our company's operating systems are, e.g. firewalls, antivirus, etc., the weakest link is the human factor where the wrong click can cause a lot of damage.