Social Engineering Mark Shtern. Social Engineering SE is manipulating a person into knowingly or unknowingly giving up information – Psychological manipulation.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309)
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Spyware and Adware Rick Carback 9/18/2005
7 Effective Habits when using the Internet Philip O’Kane 1.
What is identity theft, and how can you protect yourself from it?
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
DoD Spear-Phishing Awareness Training Joint Task Force - Global Network Operations UNCLASSIFIED//FOUO Updated: 16 NOV 2006.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
Threats To A Computer Network
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Issues Raised by ICT.
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
Social Engineering Provide brief background about ourselves i.e. what were are going to school for Ask students what they think social engineering is before.
An Insight into the Relationship Between Social Media and the Susceptibility to Malicious Intent Presented by Rebecca Morgan 15/05/2015 >>>>2.
Juha Siivikko SECURITY IN SOCIAL MEDIA.
UNIT 4 ASSIGNMENT VIRUSES & DESTRUCTIVE PROGRAMS.
Online Safety and Awareness. Introductions We are students at UNM We are taking an Information Security course this semester. It is our mission to teach.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Viruses & Destructive Programs
Internet Security & Safety. What makes up the internet? Protecting and securing your password Protecting your identity What is social networking? Benefits.
SOCIAL ENGINEERING PART IA: HOW SCAMMERS MANIPULATE EMPLOYEES TO GAIN INFORMATION.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
The spoofed . The spoofing The link appears as (i.e NOODLEBANK.com) But actually it links to
Internet Safety Piotr Hasior Introduction Internet Safety Internet safety, or online safety, is the knowledge of maximizing the user's personal safety.
What is Spam? d min.
Social Engineering © 2014 Project Lead The Way, Inc.Computer Science and Software Engineering.
DoD Spear-Phishing Awareness Training Joint Task Force - Global Network Operations UNCLASSIFIED//FOUO Updated: 16 NOV 2006.
INTRODUCTION & QUESTIONS.
5 different ways to get tricked on the internet. 1. Viruses A virus is a computer malware program that copies it’s files to the computer. This may allow.
Malicious Attacks By: Jamie Woznicki Rahul-Anaadi Kurl Alexander Kaufmann Curtis Songer Daniel Cardenas Rivero.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
Safe Computing Practices. What is behind a cyber attack? 1.
SOCIAL NETWORKING SAFETY & SECURITY. 2 CLASSROOM ETIQUETTE Please turn off all cell phones Leave food & drink outside Water bottles are okay “Respect/
Cyber security. Malicious Code Social Engineering Detect and prevent.
Social Engineering: The Human Element of Computer Security
Social Engineering Dr. X.
3.6 Fundamentals of cyber security
Personal spaces.
Social Engineering Charniece Craven COSC 316.
Big Picture Consider this How many online threats might you be faced with a day?
Instructor Materials Chapter 7 Network Security
Network security threats
Security Fundamentals
Cyber Security By: Pratik Gandhi.
Cyber Security Awareness Workshop
The Advantages of a Trial Balance Software
How to Hack Humans and Unfluence People
IT Security awareness Training.
“CYBER SPACE” - THE UNDERGROUND ECONOMY
Spear Phishing Ways to Minimize its Risks
Social Engineering No class today! Dr. X.
Malware March 26, 2018.
DON’T GET HOOKED! YOU MAY BE UNAWARE BUT YOU ARE A PHISHING TARGET FOR CYBER CRIMINALS. A. Unknown sender address B. Offer too good to be true &
Security Hardening through Awareness August 2018
Introduction and Techniques
WJEC GCSE Computer Science
Chapter Goals Discuss the CIA triad
social Engineering and its importance during Security Audits
Introduction-Cyber Safety
Presentation transcript:

Social Engineering Mark Shtern

Social Engineering SE is manipulating a person into knowingly or unknowingly giving up information – Psychological manipulation – Trickery

Goals Install spyware, other malicious software Trick persons into handing over passwords and/or other sensitive information

Movie 7II&feature=related kW1DPPp1VQ

Tactics Pretexting Phishing Fake Websites Fake Pop-up Reverse Social Engineering Phone Social Engineering Spoofing – CallerID – SMS TinyURL

Human nature Reciprocity Principle - People tend to feel obliged to discharge perceived debts. Authority Principle – People tend to respond to authority figures Social Proof Principle – People tend to use people who are similar to themselves as behaviour models Scarcity Principle – People value things they perceive as scarce more than things they perceive as common Consistency / Commitment Principle – People tend to act to maintain their self image (even without conscious knowledge)

Attack Pattern Information gathering Developing relationship Exploitation Execution

Examples Facebook – Made a fake Facebook account to get access to your friends list. Twitter – photo advertising a video with girls posted “new version of Adobe Flash” is required to watch the video

Countermeasures Management buy-in Security policy Physical security Education/Awareness Good security architecture Limit data leakage Incident response strategy Security culture

RSA: Phishing Attacks Sent phishing – Subject "2011 Recruitment Plan" – Attachment Excel spreadsheet with discovered Adobe Flash zero day flaw CVE Trojan Harvested credentials Obtained privileged access to the targeted system

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.