Contact
QR code for the current URL

Story Box-ID: 208163

ENISA - European Network and Information Security Agency P.O. Box 1309 71001 Heraklion, Crete, Greece http://www.enisa.europa.eu
Contact Mr Ulf Bergström +30 694 846 0143
Company logo of ENISA - European Network and Information Security Agency
ENISA - European Network and Information Security Agency

How to avoid on-line manipulation: "Nigeria-letters"

EU Agency ENISA launches "Social Engineering" -report with 5 defence advice to counter fraud threat

(PresseBox) (Heraklion, Crete, )
The EU Agency ENISA (The European Network and Information Security Agency) launches a white paper on 'Social Engineering', (i.e. on-line manipulation, through social networks, email, also known as 'Nigeria-letters' or 'advance-fee frauds', instant messaging, or Voice Over Internet Protocols (VoIP). The Agency provides 3 case studies portraying how easy users are manipulated, identifies 5 defence measures and issues a check list, 'LIST', for users to counter social engineering. Finally, the Whitepaper includes an exclusive interview with the world famous security author, speaker, and consultant Kevin Mitnick.

What are the risks of on-line manipulation, or "Social Engineering"? Fraudsters frequently manipulate people and exploit human weaknesses through 'social engineering'. That way, people break their normal security procedures. The scale and sophistication of such fraud is increasing, (27.649/month, Jan.'07-Jan '08, according to APWG). Several new ways are used to reach users (e.g. instant messaging, VoIP, and social networking sites apart from emails). Successful social engineering entails:

1. A convincing pretext for contacting the target,
2. Getting the facts right by research,
3. Timing and exploitation of current events, e.g., the Tsunami event, or a Santa Claus mail around Christmas, with a worm included.
4. Exploit human behaviour and psychology.

Three e-mail based case studies portray how easy it is to trick ordinary users:

- Case 1: 179 respondents assessed 20 messages (11 bogus, and 9 legitimate), and only 42% of the users could correctly classify the mails; (32% were classified incorrectly and 26% as 'do not know'.)
- Case 2: Of 152 targeted end-users within an organisation, 23% were tricked into accepting malware infections.
- Case 3: Over 500 undergraduate students followed embedded links, opened attachments, etc. The rate of failure was 38-50%. The good news is that the failure rate was reduced with training.

The Agency identified 5 defence measures against social engineering. However, the key to success lies in improving users' awareness. Users should use a checklist of questions to verify the Legitimacy, Importance of the Information, the Source and Timing (LIST) (for full checklist see p 25-26 of the report.) Mr Mitnick underpins the report with the claim that it is much easier to trick someone into revealing their password, rather than making an elaborate hack. The Executive Director of ENISA, Mr. Andrea Pirotti, comments: "Making staff and users aware of security is of serious concern for Europe. We should all become more aware and 'responsible on-line EU-citizens', in our own interest of being able to benefit of the Internet safely."

The report has been elaborated with the kind support of the ENISA Awareness Raising Community and is available at: http://enisa.europa.eu/...

ENISA - European Network and Information Security Agency

The European Network and Information Security Agency (ENISA) is an agency of the European Union. ENISA was created in 2004 by EU Regulation No 460/2004 and is fully operational since September 1st, 2005. It has its seat in Heraklion, Crete (Greece).

The objective of ENISA is to improve network and information security in the European Union. The agency has to contribute to the development of a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, and consequently will contribute to the smooth functioning of the EU Internal Market.

ENISA assists the Commission, the Member States and, consequently, the business community in meeting the requirements of network and information security, including present and future Community legislation. ENISA ultimately strives to serve as a centre of expertise for both Member States and EU Institutions to seek advice on matters related to network and information securit

The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.
Important note:

Systematic data storage as well as the use of even parts of this database are only permitted with the written consent of unn | UNITED NEWS NETWORK GmbH.

unn | UNITED NEWS NETWORK GmbH 2002–2024, All rights reserved

The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.