Social Engineering Dr. X.

Slides:



Advertisements
Similar presentations
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
Advertisements

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Social Engineering: The Human Element How Does Social Engineering Work and to What Purpose? Chuck McGann.
CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Social Engineering Networks Reid Chapman Ciaran Hannigan.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
Protecting Your Identity. What is IA? Committee on National Security Systems definition: –Measures that protect and defend information and information.
Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
TRACs Security Awareness FY2009 Office of Information Technology Security 1.
Program Objective Security Basics
Social Engineering UTHSC Information Security Team.
Cory Bowers Harold Gray Brian Schneider Data Security.
Social Engineering Provide brief background about ourselves i.e. what were are going to school for Ask students what they think social engineering is before.
Cosc 4765 Social Engineering. What is it? ● In the field of computer security, social engineering is the practice of conning people into revealing sensitive.
 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.
IT security By Tilly Gerlack.
CIS Computer Security Kasturi Pore Ravi Vyas.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Topic 5: Basic Security.
What are they? What do they have to with me?. Introduction  You may not know exactly what it is, but chances are you have encountered one at some point.
JMU GenCyber Boot Camp Summer, Introduction to Reconnaissance Information gathering – Social engineering – Physical break-in – Dumpster diving Scanning.
Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.
Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.
ARE YOU A CYBER SECURITY RISK?. Pass the Hat Al QaedaFARCHezbollahIRAHAMAS.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
PRESENTED BY: ASHLEY CLOUSER (CONNER) Identity Theft.
Cyber Security and Computer Safety
Digital Security Identity theft Copyright Laws Plagiarism, and More.
Social Engineering: The Human Element of Computer Security
Add video notes to lecture
What Is Social Engineering?
Social Engineering Brock’s Cyber Security Awareness Committee
Network Security Fundamentals
IT Security  .
Social Engineering Charniece Craven COSC 316.
I S P S loss Prevention.
Social Engineering: The Art of Manipulation
Social Engineering in Security
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Protect Your Computer Against Harmful Attacks!
Staying Austin College
Computer Security for Businesses
Social Engineering Brock’s Cyber Security Awareness Committee
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
Social Engineering No class today! Dr. X.
Cyber Security and Computer Safety
Lesson 2: Epic Security Considerations
HOW DO I KEEP MY COMPUTER SAFE?
Computer Security.
Business Compromise and Cyber Threat
Chapter # 3 COMPUTER AND INTERNET CRIME
What is Phishing? Pronounced “Fishing”
ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.
Identity Theft By Omer Ersen.
Presentation transcript:

Social Engineering Dr. X

What is Social Engineering? (in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. “any act that influences a person to take an action that may or may not be in their best interest.”  (SE framework: http://www.social- engineer.org/framework/general-discussion/social-engineering- defined/)

Social Engineering…

A Quote from Kevin Mitnick “You could spend a fortune purchasing technology and services from every exhibitor, speaker and sponsor at the RSA Conference, and your network infrastructure could still remain vulnerable to old-fashioned manipulation.”

Types of “hackers” according to Kevin Mitnick Crackers (or vandals) Script kiddies Phone phreaks Social engineers

A Classic (and real) Example Stanley Mark Rifkin defrauded the Security Pacific National bank in LA in 1978 Managed to steal $10,200,000 in a single social engineering attack

Types of Attacks Phishing Impersonation on help desk calls Physical access (such as tailgating) Shoulder surfing Dumpster diving Stealing important documents Fake software Trojans

Phishing Use of deceptive mass mailing Can target specific entities (“spear phishing”) Prevention: Honeypot email addresses Education Awareness of network and website changes

Impersonation on help desk calls Calling the help desk pretending to be someone else Usually an employee or someone with authority Prevention: Assign pins for calling the help desk Don’t do anything on someone’s order Stick to the scope of the help desk

Physical access Tailgating Ultimately obtains unauthorize building access Prevention Require badges Employee training Security officers No exceptions!

Shoulder surfing Someone can watch the keys you press when entering your password Probably less common Prevention: Be aware of who’s around when entering your password

Dumpster diving Looking through the trash for sensitive information Doesn’t have to be dumpsters: any trashcan will do Prevention: Easy secure document destruction Lock dumpsters Erase magnetic media

Stealing important documents Can take documents off someone’s desk Prevention: Lock your office If you don’t have an office: lock your files securely Don’t leave important information in the open

Fake Software Fake login screens The user is aware of the software but thinks it’s trustworthy Prevention: Have a system for making real login screens obvious (personalized key, image, or phrase) Education Antivirus (probably won’t catch custom tailored attacks)

Trojans Appears to be useful and legitimate software before running Performs malicious actions in the background Does not require interaction after being run Prevention: Don‘t run programs on someone else’s computer Only open attachments you’re expecting Use an antivirus

Responding You’ve been attacked: now what? Have a place to report incidents People need to take responsibility Conduct audits

Other Thoughts What damage has been done? What damage can still be done? Has a crime actually taken place?

Sources Adopted slides by Caleb Leak and Smiti Bhatt Ch. 5: The basics of Hacking and Penetration Testing SE Framework: http://www.social-engineer.org/framework/general- discussion/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.