Social Engineering Brock’s Cyber Security Awareness Committee Presents: Social Engineering

Social Engineering Insert title here What is It? Cyber Security Awareness Committee Insert title here Social Engineering What is It?

Cyber Security Awareness Committee Social Engineering Social engineering is a discipline in social science that refers to efforts to influence particular attitudes and social behaviors... Wikipedia

Cyber Security Awareness Committee Social Engineering Any act that influences a person to take an action that may or may not be in their best interest. www.social-engineer.org

Cyber Security Awareness Committee Advertising

Cyber Security Awareness Committee Any act that influences a person to take an action that may or may not be in their best interest. Advertising

Cyber Security Awareness Committee Family Influence

Cyber Security Awareness Committee Any act that influences a person to take an action that may or may not be in their best interest. Family Influence

Cyber Security Awareness Committee Elementary School

Cyber Security Awareness Committee Any act that influences a person to take an action that may or may not be in their best interest. Elementary School

Cyber Security Awareness Committee Religious Thought

Cyber Security Awareness Committee Any act that influences a person to take an action that may or may not be in their best interest. Religious Thought

Cyber Security Awareness Committee Political Discourse

Cyber Security Awareness Committee Any act that influences a person to take an action that may or may not be in their best interest. Political Discourse

Cyber Security Awareness Committee Peer Pressure

Cyber Security Awareness Committee Any act that influences a person to take an action that may or may not be in their best interest. Peer Pressure

Social Engineering: Security Context Cyber Security Awareness Committee Social Engineering: Security Context noun The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Google

Social Engineering: Defined on CITS’ Web Site Cyber Security Awareness Committee Social Engineering: Defined on CITS’ Web Site Social Engineering is any act that influences a person to take an action that may or may not be in their best interests. It's the art of gaining access to buildings, systems or information by exploiting human psychology, rather than breaking in, or using technical hacking techniques. It's the art of manipulating people so they give up confidential information or allow access to restricted areas.

Social Engineering: Security Context Cyber Security Awareness Committee Insert title here Social Engineering: Security Context Various Forms

Social Engineering Insert title here Pretexting Cyber Security Awareness Committee Insert title here Social Engineering Pretexting

Cyber Security Awareness Committee Pretexting Using a fictitious scenario (ie the pretext) the criminal establishes trust—perhaps through impersonation—which is leveraged to create a false motive for an unsuspecting individual to divulge information or do something he or she normally would not do.

Cyber Security Awareness Committee Pretexting Sometimes it doesn’t even have to be a lie! What if you told people that you were from the Jimmy Kimmel Show and you were checking if people were using secure enough passwords…

Cyber Security Awareness Committee Pretexting

Social Engineering Insert title here Vishing Cyber Security Awareness Committee Insert title here Social Engineering Vishing

Pretexting: Special Case Cyber Security Awareness Committee Pretexting: Special Case Vishing: Making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information or do something they would not normally do.

Cyber Security Awareness Committee Pretexting

Another Kind of Vishing Cyber Security Awareness Committee Another Kind of Vishing Some criminals prompt targets to phone a number they claim is from a trusted institution to verify their personal information. The mark calls in and provides their private information to an Interactive Voice Response system.

Pretexting: Duping the Help Desk Cyber Security Awareness Committee Pretexting: Duping the Help Desk

Cyber Security Awareness Committee Social Engineering: But the bad guys can turn the tables on your help desk experience too.

Social Engineering Insert title here Quid Pro Quo Cyber Security Awareness Committee Insert title here Social Engineering Quid Pro Quo

Social Engineering: Quid Pro Quo – Something for Something Cyber Security Awareness Committee Social Engineering: Quid Pro Quo – Something for Something The attacker calls extensions at a company claiming to follow up on a technical problem. Eventually finds someone with an issue. In the course of providing tech support, the end user provides system access or types in a malicious command.

Social Engineering Insert title here Water Holing Cyber Security Awareness Committee Insert title here Social Engineering Water Holing

Social Engineering: Water Holing Cyber Security Awareness Committee Social Engineering: Water Holing The attacker finds a weakness in a legitimate website known for attracting a target group. Using the compromised site, visitor systems are infected with malware because people trust the site owners.

Social Engineering Insert title here Tailgating Cyber Security Awareness Committee Insert title here Social Engineering Tailgating

Social Engineering: Tailgating Cyber Security Awareness Committee Social Engineering: Tailgating The attacker seeks access to a restricted area. Simply walks in behind a person with legitimate access.

Social Engineering: Tailgating Cyber Security Awareness Committee Social Engineering: Tailgating

Social Engineering Insert title here Baiting Cyber Security Awareness Committee Insert title here Social Engineering Baiting

Social Engineering: Baiting Cyber Security Awareness Committee Social Engineering: Baiting Attackers leave malware-infected DVDs or USB flash drives in locations people will find them, giving them names that pique people’s curiosity. An employee looking out of curiosity or to determine how to return it puts it in his or her system and gets infected.

Social Engineering: Don’t Plug In ‘Found’ USBs Cyber Security Awareness Committee Social Engineering: Don’t Plug In ‘Found’ USBs

Social Engineering: And there’s much, much more…. Cyber Security Awareness Committee Social Engineering: And there’s much, much more…. Like phishing emails that will get a talk of its own. Like virus hoaxes, Smishing (SMS phishing) Like tricking users to copy and paste malicious code into their browser’s web development console,….

DEFENSE What can we do about it? A discussion. Cyber Security Awareness Committee What can we do about it? A discussion. DEFENSE

Cyber Security Awareness Committee

Don’t Underestimate the Power of Common Sense Cyber Security Awareness Committee Don’t Underestimate the Power of Common Sense

Cyber Security Awareness Committee Defense Scrutinize what information in the workplace is sensitive and evaluate exposure to breakdowns in security—including social engineering. Establish security protocols, policies, and procedures for handling sensitive information.

Cyber Security Awareness Committee Defense Train employees in the security protocols relevant to their position Periodically test the systems to make sure they work.

Cyber Security Awareness Committee Defense Periodically Review your defensive posture to make sure that your systems, procedures, protocols and training are up-to-date. Make sure that private documents are adequately handled by shredding or secure disposal.

Cyber Security Awareness Committee