social engineering presented by ali mollabagher
DESCRIPTION
رئوس مطالبتعريفهدفچرا از روش SE به جاي Hack استفاده مي كنيم؟منشا حملههای مهندسی اجتماعیچرخه حملات مهندسی اجتماعیتكنيك ها و برخي از استراتژي هاي مقابله با آن هامهندسي اجتماعي معكوسفيس بوكمنابعTRANSCRIPT
![Page 1: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/1.jpg)
S i l E i iSocial EngineeringPresented by : Ali Mollabagher
ی ما ی ا یند یرهشدار
SocialEngineering.ir 1
![Page 2: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/2.jpg)
In God Do we trust ? God o e t ust ?
h b lWhat about people?
SocialEngineering.ir 2
![Page 3: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/3.jpg)
رئوس مطالب طال
تعريفهدف
استفاده مي كنيم؟ Hackبه جاي SEچرا از روش منشا حمله هاي مهندسي اجتماعيمنشا حمله هاي مهندسي اجتماعي
چرخه حمالت مهندسي اجتماعيا آ ها له قا اتژ ها ت خ از ا ك ها تكنيك ها و برخي از استراتژي هاي مقابله با آن هاتكن
مهندسي اجتماعي معكوسفيس بوك
منابع
SocialEngineering.ir 3
![Page 4: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/4.jpg)
ا ا ا ا ا ا ا ذ آ ف ا ا ا
تعريف براي انسان ها پذير آسيب رفتارهاي از برداري بهره هنر اجتماعي مهندسي
.است قرباني سوي از گماني و ظن هيچ بدون امنيتي شكاف ايجاد
افراد اعتماد آوردن بدست براي مجهول، شخصي وسيله به كه است مهارتي
وIT سيستم هاي در دلخواه تغييرات ايجاد براي آنها تشويق و سازمان دروناب جهت د س حق به دست )CISSP(م شود استفاده دست )CISSP(.مي شود استفاده دسترسي حق به دستيابي جهت در
تحريك وسيله به محرمانه اطالعات آوردن بدست تكنيك اجتماعي، مهندسي.مجازاست كاربران
SocialEngineering.ir 4
![Page 5: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/5.jpg)
براي آنها از كردنشان متقاعد با و داده فريب مختلف روش هاي با را انسانها اجتماعي مهندس.مي كند استفاده سوء اطالعات، به دستيابي
SocialEngineering.ir 5
![Page 6: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/6.jpg)
Kevin Mitnick:
“I'm a changed person now. I'm turning my talents andth t i k l d I' th d b tthe extensive knowledge I've gathered aboutinformation security and social engineering tactics tohelping government businesses and individualshelping government, businesses, and individualsprevent, detect, and respond to information‐securitythreats ”threats.
“This book is one more way that I can use my experienceto help others avoid the efforts of the maliciousto help others avoid the efforts of the maliciousinformation thieves of the world. I think you will findthe stories enjoyable, eye‐opening, and educational.”j y , y p g,
SocialEngineering.ir 6
![Page 7: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/7.jpg)
هنر مخ زني با سوء استفاده كردن از اعتماد مردم جهت كسب اطالعات مطلوب
SocialEngineering.ir 7
![Page 8: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/8.jpg)
هدف شخصي
دسترسي غير مجاز به سيستم ها و اطالعات جهت كالهبرداري، –مانند هكرها ت دن ختل ك كه جا يا ز اختالل د ش تجاوز و اختالل در شبكه، جاسوسي، يا مختل كردن سيستمتجا
SocialEngineering.ir 8
![Page 9: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/9.jpg)
ا قربانيانا
.شركت هاي كه سرويس تلفن ارائه مي دهندال ا ك شركت هاي ماليش
سازمان هاي دولتيبيمارستانها
نه تنها نشانه ضعف است بلكه آبرو و حيثيت سازمان –عدم ارائه آمار : نكته )باشد SEبه خصوص اگر از طريق .( هم مي رود
SocialEngineering.ir 9
![Page 10: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/10.jpg)
ا HاSEا kك ا ا استفاده مي كنيم؟ Hackبه جاي SEچرا از روش
SocialEngineering.ir 10
![Page 11: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/11.jpg)
SocialEngineering.ir 11
![Page 12: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/12.jpg)
ا ا ا ل ا با يا شخصه به مي توانند كه مي گيرد صورت كاركناني سمت از داخلي تهديدهاي اكثر : داخلي
منشا حمله هاي مهندسي اجتماعييري ي يزيه يرورر وي بيبي حساس اطالعات آوري جمع به دارند، دسترسي سازمانITسيستم هاي به كه كاركناني از استفاده
تعميرات پرسنل و نظافت مسئولين قبيل از كارگران، و موقتي ناراضي، كاركنان .بپردازند مهم و.مي باشند.مي باشند از يكسري در سازمان با كه است اشخاصي سمت از تهديدها اينگونه : اعتماد مورد اشخاص شركاي و مشاورين پيمانكارها، شامل افراد اين .مي باشند مرتبط رسمي و قانوني بنيان هاي
ا ا ا اغل ا ا ا ا ا اال ط ا ا ا ا ا ا به بنابراين و مي باشند سازمان اعتماد از بااليي سطح داراي اشخاص اين اغلب، .هستند سازمان ا مخاطرات قبيل اين حال، اين با .دارند دسترسي سازمان سيستم هاي مهم و حساس داده هاي.مي شوند گرفته نظر در سازمان ها امنيتي برنامه هاي در ندرت به پنهاني
اين .ندارند سازمان با ارتباطي هيچگونه كه است انسان هايي سمت از تهديدها، اين : خارجي بزه يا و هستند سازمان محرمانه اطالعات آشكاركردن پي در كه رقبايي هكرها، شامل مجموعه
به آنها بنابراين ندارد، وجود سازمان و افراد اين بين اعتمادي سطح هيچ .مي باشد دزدان و كاران به آنها بنابراين ندارد، وجود سازمان و افراد اين بين اعتمادي سطح هيچ .مي باشد دزدان و كاران مانند هستند اجتماعي مهندسي مختلف تكنيك هاي از استفاده با مدت كوتاه اعتماد ايجاد دنبال و درمانده كارمند تعميرات، تكنسين،IT مدير مثل سازمان درون مختار فردي نقش كردن بازيه .غيرهغ
SocialEngineering.ir 12
![Page 13: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/13.jpg)
ا ال ا چرخه حمالت مهندسي اجتماعيخ
SocialEngineering.ir 13
![Page 14: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/14.jpg)
ا ك تكنيك هاتك
رتكنيك هاي مبتني بر كامپيوتر پيو ر ي ب ي
ان ن ان ك هاي تكنيك هاي مبتني بر انسانتكن
SocialEngineering.ir 14
![Page 15: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/15.jpg)
تكنيك هاي مبتني بر كامپيوتر
Popپنجره هاي Pop‐Upپنجره هاي Up
پيوست نامه هاي الكترونيكيهرزنامه هاي زنجيره اي و فريب آميز
وبوب گاه هابازيابي و تجزيه و تحليل ابزارهاي مستعمل
Phi hiPhishing
SocialEngineering.ir 15
![Page 16: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/16.jpg)
تكنيك هاي مبتني بر انسانرويكرد مستقيم
Help Desk ان شت شكالت گا ا ا كا شت ك ك ا ا ش ان ك ك ت ا قسمتي از يك كمپاني يا شبكه كه از مشتريان و كاربران در هنگام مشكالت پشتيباني ق
. مي كند و اطالعات الزم را مي دهد
SocialEngineering.ir 16
![Page 17: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/17.jpg)
SocialEngineering.ir 17
![Page 18: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/18.jpg)
SocialEngineering.ir 18
![Page 19: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/19.jpg)
استراتژي مقابله
SocialEngineering.ir 19
![Page 20: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/20.jpg)
جستجو در زباله ها
SocialEngineering.ir 20
![Page 21: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/21.jpg)
استراتژي مقابله
SocialEngineering.ir 21
![Page 22: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/22.jpg)
موارد ديگر
جعل هويتسوء استفاده از كاربران مهم
ا ف ا ك كاركنان پشتيبان فنيكاكاربر درمانده
Shoulder Surfing
اكن شايعه پراكنيشايعه پجاسوسي و استراق سمع
SocialEngineering.ir 22
![Page 23: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/23.jpg)
Shoulder Surfing
SocialEngineering.ir 23
![Page 24: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/24.jpg)
استراتژي مقابله
SocialEngineering.ir 24
![Page 25: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/25.jpg)
ك ا مهندسي اجتماعي معكوس ا
درخواست را كاري وي از و رفته هدف سراغ به خود مهاجم شده، ذكر كه روش هايي تمام در كند، كمك تقاضاي وي از قرباني، فرد تا مي آورد فراهم را شرايطي مهاجم روش، اين در اما .مي كند
ن ه ن علت ه اع هند ا ش ا ند ك اجت .مي نامند معكوس اجتماعي مهندسي را روش اين علت، همين به نا
ماشين خرابي و خلوت جاده
براي را مشكالت از بعضي نفوذگر آن در كه باشد مي روشهايي يكي نيز معكوس اجتماعي مهندسي درست آتشي نفر يك اينكه مانند ( آيد مي كمك براي هم خودش و كند مي ايجاد كاربر كامپيوتر
را كاربر اعتماد كه شود مي باعث امر همين . )كند كمك آن كردن خاموش براي هم خودش و كند )نفوذگر( اجتماعي مهندس مثال براي .بگيرد او از تر سريع را الزم اطالعات و كند جلب تر سريعشنيين ارسال نظرش مورد كاربر براي است شده ضميمه آن به كه تروجاني همراه به ميلي كه است ممكن ضميمه فايل درباره اينكه بدون دارد اعتماد آن به و شناسد مي را مهندس ، كاربر چون و كند
ارسال نيز ديگران براي را آن حتي يا و كند مي اجرا را شده ضميمه فايل راحتي به كند احتياط.كند مي .كند مي
SocialEngineering.ir 25
![Page 26: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/26.jpg)
The other important key is to never ask for too much information at a b k f l l f h d htime, but to ask for a little from each person in order to maintain the
appearance of a comfortable relationship.
M t l t t i th b th ill b d Most employees want to impress the boss, so they will bend over backwards to provide required information to anyone in power.
It is possible to keep morale high and have a fun company cultureIt is possible to keep morale high and have a fun company culturewithout sacrificing security. By slightly changing the rules of the game,the intruders no longer take the wheel.
SocialEngineering.ir 26
![Page 27: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/27.jpg)
فيس بوك
اطالعات و افراد شخصي صفحات به كردن نگاه با هكرها بيشتربوك فيس سايت در هم االن همين .ميارن در رو عبور رمزهاي اكثر براحتي اونها همسران و فرزندان نام و ازدواج و تولد تاريخ به مربوط
)-:نداريد تكنولوژي به هم زيادي نياز .نيست هم ايه پيچيده مسئله خيلي كه بينين مي
SocialEngineering.ir 27
![Page 28: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/28.jpg)
As developers invent continually better security technologies,making it increasingly difficult to exploit technicalmaking it increasingly difficult to exploit technicalvulnerabilities, attackers will turn more and more toexploiting the human elementexploiting the human element
Cracking the human firewall is often easy, requires noCracking the human firewall is often easy, requires noinvestment beyond the cost of a phone call, and involves minimal risk.
SocialEngineering.ir 28
![Page 29: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/29.jpg)
خالصه
اش ا ك ذ ش ا نف ا ا ت ت ك ا ا . مهندسي اجتماعي يكي از ساده ترين و عمومي ترين راههاي نفوذ در شبكه هاي مي باشد اسازمانهاي بسياري وجود دارند كه براي امنيت شبكه خود پولهاي فراواني خرج مي كنند ولي
.پولي خرج كنند» سوءاستفاده از فاكتورهاي انساني« هنوز حاضر نيستند براي مقابله با
You could spend a fortune purchasing technology and services...and your network infrastructure could still remain
l bl t ld f hi d i l tivulnerable to old‐fashioned manipulation.
اما مهمترين . ابتدا بايد براي پيشگيري از اين گونه حمالت، سياستهايي را تدوين و اجرا كرداشد ان از كنان زش كا شگ آ ا .مرحله براي پيشگيري، آموزش كاركنان سازمان مي باشدله
SocialEngineering.ir 29
![Page 30: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/30.jpg)
SocialEngineering.ir 30
![Page 31: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/31.jpg)
Ĥخذ ا Ameritech Consumer Information “Social Engineering Fraud,”http://www.ameritech.com/content/0,3086,92,00.html
“ l l d f h l ld ”
منابع و مĤخذ
Anonymous “Social engineering: examples and countermeasures from the real‐world,” Computer Security Institutehttp://www.gocsi.com/soceng.htmArthurs, Wendy: “A Proactive Defence to Social Engineering,” SANS Institute, August 2, 2001.http://www.sans.org/infosecFAQ/social/defence.htmp:// .sa s.o g/ osec Q/soc a /de e ce.Berg, Al: “Al Berg Cracking a Social Engineer,” by, LAN Times Nov. 6, 1995.http://packetstorm.decepticons.org/docs/social‐engineering/soc_eng2.htmlBernz 1: “Bernz’s Social Engineering Intro Page”http://packetstorm.decepticons.org/docs/social‐engineering/socintro.html
“ h l S i l i i AQ ”Bernz 2: “The complete Social Engineering FAQ!”http://packetstorm.decepticons.org/docs/social‐engineering/socialen.txtHarl “People Hacking: The Psychology of Social Engineering” Text of Harl’s Talk at Access All Areas III, March 7, 1997.http://packetstorm.decepticons.org/docs/social‐engineering/aaatalk.htmlp //p p g/ / g g/Mitnick, Kevin: “My first RSA Conference,” SecurityFocus, April 30, 2001http://www.securityfocus.com/news/199Orr, Chris “Social Engineering: A Backdoor to the Vault,”, SANS Institute, September 5, 2000http://www.sans.org/infosecFAQ/social/backdoor.htmP l b J h “S i l E i i Wh i i h i li l id b i d h b d ?” Palumbo, John “Social Engineering: What is it, why is so little said about it and what can be done?”, SANS Institute, July 26, 2000http://www.sans.org/infosecFAQ/social/social.htm
SocialEngineering.ir 31
![Page 32: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/32.jpg)
Stevens, George: “Enhancing Defenses Against Social Engineering” SANS Institute, March 26, 2001http://www.sans.org/infosecFAQ/social/defense_social.htmTims Rick “Social Engineering: Policies and Education a Must” SANS Institute February 16 2001Tims, Rick Social Engineering: Policies and Education a Must SANS Institute, February 16, 2001http://www.sans.org/infosecFAQ/social/policies.htmVerizon “PBX Social Engineering Scam” 2000http://www.bellatlantic.com/security/fraud/pbx_scam.htmVIGILANTe “Social Engineering” 2001g ghttp://www.vigilante.com/inetsecurity/socialengineering.htm
Arthurs, Wendy: “A Proactive Defence to Social Engineering,” SANS Institute, August 2, 2001.http://www.sans.org/infosecFAQ/social/defence.htmB Al “C ki S i l E i ” LAN Ti N 6 Berg, Al: “Cracking a Social Engineer,” LAN Times, Nov. 6, 1995.http://packetstorm.decepticons.org/docs/social‐engineering/soc_eng2.htmlFine, Naomi: “A World‐Class Confidential Information and Intellectual Property Protection Strategy”, Pro‐Tec Data, 1998. http://www.pro‐tecdata.com/articles/world‐class.htmlHarl: “People Hacking: The Psychology of Social Engineering” Text of Harl’s Talk at Access All Areas Harl: People Hacking: The Psychology of Social Engineering Text of Harl s Talk at Access All Areas III, March 7, 1997. http://packetstorm.decepticons.org/docs/social‐engineering/aaatalk.htmlNelson, Rick: “Methods of Hacking: Social Engineering,” the Institute for Systems Research, University of Marylandhttp://www.isr.umd.edu/gemstone/infosec/ver2/papers/socialeng.htmlStevens, George: “Enhancing Defenses Against Social Engineering” SANS Institute, March 26,
htt // /i f FAQ/ i l/d f i l ht2001 http://www.sans.org/infosecFAQ/social/defense_social.htmVerizon “PBX Social Engineering Scam” 2000http://www.bellatlantic.com/security/fraud/pbx_scam.htm
SocialEngineering.ir 32
![Page 33: Social Engineering Presented By Ali Mollabagher](https://reader036.vdocuments.site/reader036/viewer/2022062615/547c9b1eb37959892b8b50a9/html5/thumbnails/33.jpg)
Mikael Hermansson & Robert Ravne, “Fighting Social Engineering’’, March ٢٠٠۵ URL:www. dsv. su. se/en/seclab/pages/pdf‐files/ ٢٠٠۵- x‐ ٢٨١. pdfMalcolm Allen, “The use of “Social Engineering” as a means of violating compute systems”,June ٢٠٠۶ URL:http://wwwsans org/rr/paper php?id 529URL:http://www.sans.org/rr/paper.php?id=529Wendy Arthurs, “A proactive defense to Social Engineering”, SANS Institute ٢٠٠١ URL:http://www.sans.org/rr/paper.php?id=511Tims, Rick “Social Engineering: Policies and Education a Must” SANS Institute, February ١۶،٢٠٠١ URL:http://wwwsans org/infosecFAQ/social/policies htmURL:http://www.sans.org/infosecFAQ/social/policies.htmDavid Gragg, “A multi‐level defense against Social Engineering”, December ٢٠٠٢ URL:http://www. sans. org/rr/papers/ ۵١/٩٢٠. pdfNISCC Briefing “Social engineering against information systems: what is it and how do you protect yourself?, ٠٢ June ٢٠٠۶URL:wwwcpni gouk/docs/SocialEngineering٠٨a ٠۶pdf٢٠٠۶ URL:www.cpni.gouk/docs/SocialEngineering٠٨a ٠۶. pdfRadha Gulati, “The Threat of Social Engineering and Your Defence Against It”, SANSInstitute ٢٠٠٣ URL:http://www.sans.org/rr/papers/index. php?id=١٢٣٢Granger, Sarah. “Social Engineering Fundamentals, Part I : Hacker Tactics”, December ٢٠٠١, ٨ URL:http://wwwsecurityfocus com/infocus/1527URL:http://www.securityfocus.com/infocus/1527Granger, Sarah. “Social Engineering Fundamentals, Part II : Combat Strategies”. January ٩،٢٠٠٢ URL:http://www.securityfocus.com/infocus/1533Sara Gartner “There Are No Secrets: Social Engineering and Privacy” URL:http://wwwgartner com/gc/webletter/security/issue1/index htmlURL:http://www.gartner.com/gc/webletter/security/issue1/index.htmlMichael Bruck, “A Little‐Known Security Threat” URL:http://www.entrepreneur.com/article/0,4621,309221,00.htmlLemos, Robert. “Mitnick teaches ‘Social Engineering’. ” July ٢٠٠٠, ١٧ . ZDNet News. URL:http://zdnet.com.com/2100522261. html?legacy=zdnnMcDowell Mindi “Avoiding Social Engineering and Phishing Attacks” US CERT Cyber Security TipST ٠۴-٠١۴McDowell, Mindi. Avoiding Social Engineering and Phishing Attacks , US‐CERT Cyber Security TipST ٠۴-٠١۴.URL:http://www.us‐cert. gov/cas/tips/ST ٠۴-٠١۴. htmlJason Hiner, “Change your company’s culture to combat Social Engineering attacks”, May ٢٠٠٢, ٣٠ URL:http://articles.techrepublic.com.com/5100‐1035_11‐1047991.htmlSocialEngineering.ir 33