MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Abbreviation

Apple Timeline

Diagrams

Glossary - Computing

Glossary - Technical

How it works?

Linux Distribution

MAC NET Singapore NRIC number

Mac OS X

MAC-NET How-To Series

Microsoft Vista Related Topics

OpenOffice by Sun

Procedures

Search Me Tips

Tick Talk at PSB

Windows XP

SQL Databases
Home » Reference » How it works? » 

On-Line Social Engineering - This is hacker-speak for tricking a person into revealing their password or perform a specified action like opening a virus embedded attachment.  Virus creators uses the same techniques if they remain successful and their ability to exploit the human vulnerability is no exception to this rule.

A classic social engineering trick is for a hacker to send email claiming to be a system administrator. The hacker will claim to need your password for some important system administration work, and ask you to email it to him/her. As we explain later, it's possible for a hacker to forge email, making it look like it came from somebody you know to be a legitimate system administrator. Often the hacker will send this message to every user on a system, hoping that one or two users will fall for the trick.

More recently, this technique is used by virus writers.  A seeming innocent e-mail message with little in the way of curiosity provoking subject matter, most people will be a little less apt to click on attachments right now.  The e-mail subject line can be one of two dozen or so statements including: "Approved," "Your Credit Card," "Expired Account," "You use illegal File Sharing... Your IP was logged," and "Stolen."

Here is another social engineered e-mail.  This time the spoofed address of GOV.US domain.  It gives the impression that the receipent had done something "illegal".  It even mimic the certification signature of a prominent anti-virus company.  The intention here is trick reader into clicking the attachment that is probably laden with a bad software.

e-mail screen

Here are more examples or how virus creators use various tricks to entice people to open attached files :

Line 1: Subject
Line 2: Body Text
Line 3: Attachement

subject: read it immediately
body: i'm waiting
attachment: textfile.doc.exe
---
subject: i hope thats not true!
body: did you sent it to me?
attachment: shower.pif
---
subject: read it immediately
body: you earn money
attachment: disco.zip
---
subject: your eyes?
body: help attached
attachment: information_me.zip
---
subject: stolen
body: from the chatter
attachment: final.zip
---
subject: warning
body: check the attached document
attachment: palpal.zip
---
groom
I like to be in a company of smart, delicate, and with... Dudikoff
stacy.exe

Read now!
Details are in... You need Microsoft Office to open it.
your_document.zip
---
information
misc
topseller.com
---
Your credit card
Everything ok?
bill.pif
---
Re: excuse me
love letter?
story.pif
---
Re: Hello
Your file is attached.
your_picture.pif
---
unknown
kill the writer of this document!
party.com
---
Rena
Hey, guys! by the way, I have no problems with my...like that. Thanks
Picture.zip
---
Rena
Love the outdoors, literature, writing, and athletics
Tammy.zip
---
Expired account
Something about you
info.zip
---
Re: Your music
Your document is attached.
mp3music.pif
---
explain
solve the problem!
friend.txt.pif
---


Here are some other permutations...

Subject:

  • E-mail account security warning.
  • Notify about using the e-mail account.
  • Warning about your e-mail account.
  • Important notify about your e-mail account.
  • Email account utilization warning.
  • Notify about your e-mail account utilization.
  • E-mail account disabling warning.

Body Text:

  • Dear user of (user's domain),
  • Dear user of (user's domain) gateway e-mail server,
  • Dear user of e-mail server "(user's domain) ",
  • Hello user of (user's domain) e-mail server,
  • Dear user of "(user's domain) " mailing system,
  • Dear user, the management of (user's domain) mailing system wants to let you know that,

And with the main message body:

  • Your e-mail account has been temporary disabled because of unauthorized access.  Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service.
  • Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information. We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions.
  • Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software. Some of our clients complained about the spam (negative e-mail content) outgoing from your mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions.

With attachment explanation:

  • For more information see the attached file.
  • Further details can be obtained from attached file.
  • Advanced details can be found in attached file.
  • For details see the attach.
  • For details see the attached file.
  • For further details see the attach.
  • Please, read the attach for further details.
  • Pay attention on attached file.
  • Password information -  (if received as a ZIP file) 

Sign off:

  • The Management,
  • Sincerely,
  • Best wishes,
  • Have a good day,
  • Cheers,
  • Kind regards,
    The (user's domain) team        (user's domain web address)

Pretty convincing!  User should be taught how the recognise (reverse social engineering) such mails.    So maybe it time to provide mass education to all e-mail users. 

 


 

Hotmail Spoofing

More Spoofing Examples

Social Engineering by Phone

Spoofed/Forged Email


commentPost your comment 
Mail this pageMail this page


© 2006-2010. All Rights Reserved.