1
00:00:02,360 --> 00:00:06,730
There are mechanisms which allow use of the methods we've presented on a massive scale.

2
00:00:08,700 --> 00:00:12,020
Now we would like to show you an example of a social engineering attack

3
00:00:17,210 --> 00:00:23,830
I'm sure that each one of you have received an email similar to the one presented in the slide.

4
00:00:23,940 --> 00:00:29,010
We've all learned that if you get an e-mail entitled I love you from a person you don't know in a language

5
00:00:29,010 --> 00:00:30,430
you don't understand.

6
00:00:30,930 --> 00:00:35,620
It's not the best idea to open the attachment to see who is the one that loves you.

7
00:00:35,660 --> 00:00:38,520
Nowadays administrators and users know that too.

8
00:00:41,210 --> 00:00:46,100
But in a time when such e-mails were circulating it was a very successful type of attack.

9
00:00:48,950 --> 00:00:55,910
In the year 2000 a hacker known as Spider wrote a simple script in Visual Basic and named the file love

10
00:00:55,910 --> 00:00:56,910
letter for you.

11
00:00:56,930 --> 00:00:58,580
TXI TV B-S

12
00:01:01,630 --> 00:01:07,660
most users weren't able to see the vb file extension because by default Windows hides extensions of

13
00:01:07,720 --> 00:01:12,990
unknown files.

14
00:01:13,220 --> 00:01:19,090
The risk connected with opening the file may have appeared marginal so it was ignored by three million

15
00:01:19,090 --> 00:01:19,570
people

16
00:01:25,190 --> 00:01:32,280
everyone receives email such as the one you see above such emails and form the addressee that he or

17
00:01:32,280 --> 00:01:35,240
she has won a prize that must be collected at once.

18
00:01:35,640 --> 00:01:39,790
Or that there is a very profitable job available.

19
00:01:39,910 --> 00:01:43,350
It is only required that you send back your address and personal data.

20
00:01:44,270 --> 00:01:48,770
Strange that they never want your credit card number.

21
00:01:48,800 --> 00:01:51,540
Why are such email sent on such a massive scale.

22
00:01:55,030 --> 00:02:01,330
One of the potential goals is to find a person who would withdraw money from an account.

23
00:02:01,380 --> 00:02:06,440
It's usually money stolen from credit cards whose numbers were leaked to the Internet.

24
00:02:06,480 --> 00:02:09,040
At first it's virtual money only.

25
00:02:09,300 --> 00:02:13,440
So one must go to a cash machine and withdraw the money.

26
00:02:13,470 --> 00:02:16,930
Those who do usually get detained after the affair is revealed.

27
00:02:19,380 --> 00:02:23,280
However manipulation techniques such as these were straightforward and clumsy.