Anything can go here, in any language... except my native language Sinhala. Be cool... anybody is warmly welcomed! :)

Be Aware of Social Engineering | Know Your Weaknesses


Email account hacked? Somebody has accessed your personal email?? If you have experienced this before, surely this blog post will be useful. Today I'm writing this note for those who do not have much experience with the Internet and WWW.

First of all, we'll follow up a small hypothetical case. Suppose I am a novice computer user; like one of the most of our community. I have a Facebook account. One day, a nice lady appears in... violah! She wants to be my friend!! Of course I don't know her... but who cares? She's at my doorstep, knocking my door. Accepted! (And she's here for a Relationship, Dating,.... blah blah)

After some time... it looks like something has gone wrong... I can't login to my Facebook account!!! Oh Jeasus..! Some weird status updates on my wall.... :( What on Earth is happening?

May be resetting my Facebook password may work. So I'm trying the “Forgot password” link. OMG!!! I can't access my email account...!! It's HACKED!!! O_o

(phone rings)

Hello, is this J?

“Yes, Speaking...

Idiot! What's the meaning of that $#$%# email you have sent to me????

Hey I'm sorry; I'm really sorry... my email account was hacked by someone. I didn't send that by myself... somebody has taken over.... believe me,.. sorry..........!!!!

(conversation continues, and so and so)



Fine. The story is enough for us. Let us see what has really happened. The nice lady is actually an online predator. In reality, 'she' might potentially be 'he'. Remember the second training that Morpheus gives to Neo in the movie Matrix? Yes, the lady in red dress!

The very first advice that I might give you is, do not accept friend requests from unknown people on whatever social networking website you are using. It's always better to limit your connections to those who you know in reality. If the lady is too cute to be denied, you can just ask somebody and find out who she really is.

Then, how was (s)he able to hijack your all the accounts? I'm making one assumption here, that the victim in the above example is bit lazy in remembering passwords. So he uses his birthday as the email password!

(S)he just looks at your Facebook profile info, and then finds the victim's email and birthday on it. Suppose it's 06 July 1988. The predator might try 880706 on his/her first attempt. May be (s)he will fail. There is a second attempt... and of course subsequent attempts. So (s)he may re-attempt with,
060788
070688
07061988
19880706


… and so on...

If the victim has set one of those as the email password, and if our 'nice lady' has been able to match it, accidentally or somehow... what will happen?

You might have used your email account to create accounts/ profiles on various web-based services such as Facebook and Twitter. Almost all of them have the 'password reset' (or 'forgot password') feature, directly associated with your email accont. This means your email account is the one that you should keep eye on most. It's like the queen bee in a population. Once somebody has access, they can do almost anything.

So, now in our case, not only the email but also,
  • (S)he can overtake victim's Facebook account
  • (S)he can overtake victim's eBay Account
  • (S)he can overtake victim's Paypal Account
Panic!!

Then, my next point goes like this,...
Never use your sensitive personal information to fomulate passwords. May be your birthday, name of the spouce, phone number, national ID card/ social security number – avoid useing them in passwords.

Those who know your personal information can GUESS your password. And that's what we call “Social Engineering”!

A good password should consist of capital letters, simple letters, numbers, and punctuation. Also, it should not be less than 8 characters. Preferred length for a stong password is 14 characters and as mentioned above.

Finally, see it... You do “Social Networking”; and they do “Social Engineering”... Be aware..!



The above case was not something that I have experienced in my real life, but I can show you dozens of people who have had this real world nightmare.

So, thanks for reading... take your time and think... it's about your privacy. Ciao.........!!!!!! :-)

Comments (7)

දමිත් : Lahiru

July 18, 2010 at 4:09 PM

Well said... Nice post !
Lot of people lazy to make there password secure. for there convenience there using birth day.. etc.

ශාකුන්තල

July 19, 2010 at 12:02 AM

Thanks for the comment dude.
That's what I exactly wanted to say...

May be I'll write something about how to create a strong password,.. in detail.

budhajeewa

July 19, 2010 at 7:29 AM

Forgetting to logout after using those services in public computers is another critical fact.

I have logged-out 10+ accounts (most Facebook, then Email) of another people in our computer lab! What if I am a bad-guy?

änthräX

July 19, 2010 at 5:13 PM

"If the lady is too cute to be denied,.." you can still start a conversation via messages still without adding her as a friend.

for my understanding majority of our passwords are based on something we like. if you are patient enough, it is not a hard task at all to guess a password by looking at ones facebook profile. after all, all the questions asked by the bank to confirm your identity are out there in public, in your facebook profile, right?

ශාකුන්තල

August 9, 2010 at 9:52 AM

@budhajeewa,
Yes, of course... I think it's always good to use something like Chrome's incognito mode when using a public computer. So can do forget to logout. :)

@anthrax,
Exactly!

Nice and clear article bro! thanks for try make sense about these things. In future I hope more fantastic articles from here .
so cheer :-)

ශාකුන්තල

August 17, 2010 at 4:50 PM

Thanks for the comment dude...

Cheers! :-)

Followers

Subscription Options

 Subscribe in a reader

or

Enter your email address:

and
to inscrease

and make me happy. :)

Other Blogs by the Author

The Author

My photo
Ambalangoda, Southern Province, Sri Lanka
Shaakunthala works as a Systems Support Engineer at a World's leading IT solutions company. A wannabe hacker, FOSS enthusiast, cat lover and an insane motorcyclist. And he comes from Sri Lanka!! :)

www.shaakunthala.com
www.flickr.com
ශාකුන්තල | Shaakunthala's items Go to ශාකුන්තල | Shaakunthala's photostream
Related Posts with Thumbnails