Mind Your SMSes: Mitigating Social Engineering in Second Factor Authentication
SMS-based second factor authentication is a cornerstone for many service providers, ranging from email service providers and social networks to financial institutions and online marketplaces. Attackers have not been slow to capitalize on the vulnerabiliti
- PDF / 3,121,484 Bytes
- 160 Pages / 439.371 x 683.151 pts Page_size
- 4 Downloads / 140 Views
curity, Privacy and User Interaction
Security, Privacy and User Interaction
Markus Jakobsson Editor
Security, Privacy and User Interaction
Editor Markus Jakobsson ZapFraud Inc. Portola Valley, CA, USA
ISBN 978-3-030-43753-4 ISBN 978-3-030-43754-1 (eBook) https://doi.org/10.1007/978-3-030-43754-1 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2020 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
For A and Art. Thank you for putting up with me.
Foreword
Online, most people know me by my nom de guerre, Sinon Reborn, and the fact that I hookwinked, over a few busy months, an array of people in positions of power or fame, including celebrities and key people at financial institutions at Wall Street, Bank of England, and the White House. However, what made my deception unusual was that my goal was never to damage or steal, but always to prank my marks. The approach I used did not involve malicious code or hacking, but it was about cleverly selected account names, cunning pitches, and an understanding of what motivated my marks. At the same time, I never asked for the combination to the safe or any form of sensitive data; far from it. My modus operandi was more often than not to invite them to a party, an unusual party; perhaps with a strange theme, but a party nonetheless. If I were a criminal, I would have been able to use the same techniques to become a successful cybercriminal. There is no doubt: Given the right angle and the right pitch, you can make almost anybody do almost anything. This is what social engineering is about. Social engineering, in a way, is like martial arts: It is about using your
Data Loading...
