I am proceeding to discuss a skim employed by spammers to reap for legitimate email address from your contact list. Right now there are plenty of ways used to harvest e-mail, but the one I feel focusing on is "Email forwarding"
Normally when you create an email account, you will start building contact list, containing email address of your pals, relatives, colleagues, etc. As time passes, you will have a substantial amount of contacts in your contact book. To get more information follow the link Social engineering.
"Forward" is a very useful perform available in almost all email clients, this allows one to pass over the email for some other beneficiary. But something to take note is; the forwarded postal mail includes the email address of the original fernsehsender and any other forwarded addresses of the same instance.
Email harvesting situation
Say you are a GoodGuy with your email and 50 contacts on your email account. The BadGuy directs you a mail with a very emotional faith based message, or a very nice joke, or an irresistible offer to something that you will be likely to drop for, and guilt's you into forwarding to 10 friends including the BadGuy. And you conclude doing that, with good trust. Now 10 friends from your contact will get your humbled mail message, with the instructions to do the same, "forward to at least 12 friends". Simultaneously the BadGuy receives a duplicate of any forward from the recursive senders.
Simply put, if you forward the mail to 12 contacts, and they also do the same in good faith and the third circle does the same. "Roughly something like this happens"
1 + 10^1 + 10^2 + 10^3 approximately 1000 email contacts will have been harvested within three circles, now this will keep growing depending on number of ahead to the amount of contacts forwarded to. And then you and your friends start acquiring some commercial mails from services that you never even visited or heard of. And you wonder how on earth they did they get my email. Well, you gave it to them; you truly helped them get even some of your friend's email messages.
This is the result of social engineering, the mail will play with your psychological consciousness, and you will think you are doing a good thing to respond; inturn you are falling for somebodies social engineering rip-off.
There is no software to fight sociable engineering attacks, because it is you that you will finish up giving upward information, or executing some processes, or allowing some application to take action on your private sensitive information. The important thing is to develop awareness, change the culture of the way we operate and disclose sensitive information. You can follow the link if you want more information cracking.
To avoid becoming a victim of a social engineering attack:
Become suspicious of unsolicited contacted from individuals seeking internal company data or personal information.
Do not provide personal information or passwords over email or on the phone.
Do not provide information about your organization.
Pay attention to website URLs that use a variation in spelling or a different domain (e. g.,. com vs.. net).
Verify a request's authenticity by calling the company directly.
Mount and maintain anti-virus software, firewalls, and email filters.
If you think you are a victim of a social engineering strike:
Report the incident immediately.
Contact your financial institution and monitor your accounts activity.
Immediately change all of your passwords.
Statement the attack to law enforcement, and file a report with the authority.