Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

3/17/2015
04:00 PM
Sara Peters
Sara Peters
Slideshows
Connect Directly
Twitter
RSS
E-Mail

The 7 Best Social Engineering Attacks Ever

Seven reminders of why technology alone isn't enough to keep you secure.
5 of 9

Diamonds Are A Social Engineer's Best Friend

Here's one for all the financial services pen testers to remember.

In 2007, a mystery man who remains at large burgled safety deposit boxes at an ABN Amro bank in Belgium, stealing diamonds and other gems weighing 120,000 carats, in all. He visited the bank during regular business hours, overcame all of the bank's exceptional security mechanisms, and walked right out the door with 21 million (roughly $27.9 million at the time) worth of gemstones with no one the wiser, using absolutely no technology whatsoever.

"He used one weapon -- and that is his charm -- to gain confidence," Philip Claes, spokesman for the Diamond High Council, said at the time. "He bought chocolates for the personnel, he was a nice guy, he charmed them, got the original of keys to make copies and got information on where the diamonds were.

"You can have all the safety and security you want," said Claes "but if someone uses their charm to mislead people it won't help."

(Image: Marilyn Monroe as Lorelei Lee in 1953's Gentlemen Prefer Blondes singing "Diamonds Are A Girl's Best Friend." Public Domain. Via Wikipedia.)

5 of 9
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
CASVPN
50%
50%
CASVPN,
User Rank: Apprentice
3/22/2019 | 7:36:16 AM
What is Social Engineering really?
I have been reading about the social engineering thing lately, I am getting lots of phishing emails lately and I wonder where I went wrong. May be someone has got a hold of my email. I have become more aware now and I literally check every link before even opening it.
Megan is Always Wright
50%
50%
Megan is Always Wright,
User Rank: Apprentice
10/9/2017 | 11:15:58 AM
Re: What is Social Engineering really?
Social engineering is basically a technique that has long been used by humans even before the birth of the Internet. By using these techniques, the evildoers among us are able to win our trust, or more like fool us into sharing stuff that we shouldn't.

I also didnt understand what it was until i read this article (https://www.purevpn.com/blog/social-engineering-attacks/) which explained what it was and how to protect against it
nickhudson
50%
50%
nickhudson,
User Rank: Apprentice
10/5/2017 | 8:03:33 AM
What is Social Engineering really?
I have been reading about the social engineering thing lately, I am getting lots of phishing emails lately and I wonder where I went wrong. May be someone has got a hold of my email. I have become more aware now and I literally check every link before even opening it.
baller188
100%
0%
baller188,
User Rank: Apprentice
3/14/2017 | 6:00:19 AM
Forex security and vulnerabilities
Great post as always. Technology advances every day, new vulnerabilities arise all the time. Security is everyones main priority and rightly so. For any site owner nowadays you need a dedicated security team to make sure you and your customers are safe. Its a scary world out there.
Sincee
50%
50%
Sincee,
User Rank: Strategist
10/2/2015 | 4:56:47 AM
thank's for post
system security in any country is the future !
MichaelH91401
50%
50%
MichaelH91401,
User Rank: Apprentice
10/1/2015 | 3:18:11 PM
Re: name required
The post refers to "Ferrara" repeatedly, but never describes who he is or what he does. 
AnonymousC493
50%
50%
AnonymousC493,
User Rank: Apprentice
5/9/2015 | 9:41:21 AM
Social Engineering examples
Here's another example:

https://engineering.social/2015/05/02/sinkholing-script-kiddies/

It's not one of 'the best social engineering attacks' ever, but shows that anyone can be a target.

 

 
mithoon
0%
100%
mithoon,
User Rank: Apprentice
3/28/2015 | 2:37:41 AM
Re: name required
great post
delllphi
50%
50%
delllphi,
User Rank: Apprentice
3/24/2015 | 7:21:23 AM
Confidence Man
The name of the "confidence man" was "William Thompson" and not "Samuel Williams". The article "Arrest of the Confidence Man" (New-York Herald, July 8, 1849) can be found online.
xmarksthespot
50%
50%
xmarksthespot,
User Rank: Strategist
3/19/2015 | 4:24:22 AM
Good examples
Great article!  Periodic User awareness training to reduce social engineering is of paramount importance.  Some phishing emails are so good that high trained security people can fall for them.  The examples in the article effectively demonstrate the issue.


The rule I use for my own emails is not click links in emails, including unsubscribe, unless the email is expected, such as one as confirmation during new account setup. Of course, never click on attachments either unless they are expected.  I have within Spyshelter (anti-keylogger) where I can save an attachment, right click the file and on the pop-up menu click 'Spyshelter-> Check it on VirusTotal'; it uploads to virustotal.com .   It's then scanned by over 50 antivirus software products. 

I think this rule is probably the most important security measure I use for computers at my home.
Page 1 / 2   >   >>
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...