Social Engineering Tactics: Attacking With e-mails
Posted in security, Social Engineers & Social Engineering on July 15, 2008
Computer security:How Social Engineers are hacking into computers using Trojans as backdoors by getting users to click links in e-mails
Background
We are all very aware of attacks to gain our bank details by sending spoof emails of various banks, eBay and google ads accounts. More info about social engineers can be found on the The Art of Deception post.
The Con
Social Engineers are finding new ways to attack victims using Phishing methods. They send mass emails with subjects similar to those pictured bellow:
the subject of the e-mails are designed so that you click on them, some other headers included World War 3 videos, video of saddam beheading etc
emails typically contain a link to the page which contains a Trojan. Most of the time (as in most of the emails written by scammers), the grammar isn’t correct, many spelling mistakes as well as other mistakes such as the formatting of addresses.
So when the user goes to ‘play’ the video, they are promted to download a file in order to play the file (often the file downloads without interaction from the user). However, this file contains a backdoor into your system (Trojan Horse).
Similarly this method of getting the user to download a file in order to ‘play’ a video or somehow access content is used on ‘free’ adult sites – claiming free porn – when in fact they are getting a virus.
How to Prevent?
Have a good Virus Scanner that scans sites and files as you visit them on the Internet. The one i use is AVAST Free edition and it stops the Trojan entering the PC, and terminating the connection with that server….and keep it up to date, otherwise its pointless having it installed
In general if the email looks dodgy don’t click links in it – simple!
