Social Engineering Charniece Craven COSC 316.

Slides:



Advertisements
Similar presentations
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
Advertisements

SOCIAL ENGINEERING ATTACKS GOWTHAM RAM RAJARAM VIGNESH SELVAKUMAR SELLAMUTHU.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
The Art of Social Hacking
Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?
What is identity theft, and how can you protect yourself from it?
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Computer Viruses.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Program Objective Security Basics
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
P HI SH I NG !. WHAT IS PHISHING ? In computer security phishing is trying to acquire important information such as; passwords, usernames and credit card.
Viruses & Destructive Programs
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
CIS Computer Security Kasturi Pore Ravi Vyas.
Dangers of the Internet CEL : C O M P U T E R S I N E V E R Y D A Y L I F E CEL 1 Dangers of the Internet Name: ____________________ Class: ________________.
What is Identity Theft? How is it accomplished? How might it impact the victim? What can I do to protect myself? What is phishing? By Ellen Justice.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Topic 5: Basic Security.
Activity 4 Catching Phish. Fishing If I went fishing what would I be doing? On the Internet fishing (phishing) is similar!
INFORMATION TECHNOLOGY IN A GLOBAL SOCIETY: SECURITY Taylor Moncrief.
INTRODUCTION & QUESTIONS.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Cybersecurity Test Review Introduction to Digital Technology.
Any criminal action perpetrated primarily through the use of a computer.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.
Identity Theft SS.8.FL.6.7 Evaluate social networking sites and other online activity from the perspective of making individuals vulnerable to harm caused.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
Cyber security. Malicious Code Social Engineering Detect and prevent.
Digital Security Identity theft Copyright Laws Plagiarism, and More.
Social Engineering: The Human Element of Computer Security
An Introduction to Phishing and Viruses
Learn how to protect yourself against common attacks
Social Engineering Brock’s Cyber Security Awareness Committee
Network Security Fundamentals
IT Security  .
The Art of Social Engineering
Don’t get phished!, recognize the bait
Information Security and Privacy Pertaining to Phishing and Internet Scams Brian Corl COSC 316 Information Security and Privacy.
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Protect Your Computer Against Harmful Attacks!
Teaching Computing to GCSE
Lesson 2- Protecting Yourself Online
Social Engineering Brock’s Cyber Security Awareness Committee
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
Malware, Phishing and Network Policies
Identity Theft This presentation will focus on identity theft. What do you already know about identity theft? Do you know anyone who has had their identity.
UNIT 18 Data Security 1.
Internet Safety Vocabulary
Computer Security.
Security Hardening through Awareness August 2018
ICT Communications Lesson 3: Internet Life and Privacy
What is Phishing? Pronounced “Fishing”
Lesson 2- Protecting Yourself Online
ONLINE SECURITY, ETHICS AND ETIQUETTES EMPOWERMENT TECHNOLOGY.
Unit 1.6 Systems security Lesson 1
Spam, Scam, and Slam Ira Goldstein –
Identity Theft By Omer Ersen.
Presentation transcript:

Social Engineering Charniece Craven COSC 316

Outline What is social engineering? Common goals of social engineers Techniques What to do if you have become a victim of social engineering How to avoid being socially engineered

Social Engineering The psychological manipulation of “bugs in the human hardware”. False motive; individual lies to gain unauthorized data Attacks that take advantage of flawed human judgment by convincing the victim to take actions that are counter to security policies. Although technology can provide many protections, it is very hard to protect against human misjudgment Manipulates the victims trust to make breaking in their system easier

Goals of social engineers 3 common goals that many social engineers want to achieve are: Gathering information to guess the password(s) of the victim Identity theft- the thief impersonates the victim sufficiently well to engage in large financial transactions (i.e. taking out large loans or making expensive purchases in the name of the victim) Credit card number theft- the thief learns the credit card number, card owner’s name, expiration date, and three-digit card verification number in order to make purchases until the stolen card is invalidated

Techniques The various social engineering techniques are based on specific attributes of cognitive biases and are exploit in various combinations. The most common forms of social engineering are: Pretexting Phishing Spear phishing Baiting Tailgating Spam Hoaxes Shoulder surfing Impersonation

Pretexting Usually involves some prior research of the victim and uses the information for impersonation Individual pretends to need information in order to confirm the identity of the person they are talking to in hopes of forming trust Ask a sequence of questions strategically to gain significant individual identifiers (i.e., Social Security Number, Date of Birth, Account Number, etc.)

Phishing Usually carried out by authentic looking email, instant messaging, or website Appeal broadly to many people in order to trick as many people as possible Sending an e-mail to a user falsely claiming to be an legitimate company in order to scam an individual into submitting confidential information that may be used for identity theft Looking for vulnerable users and tricking them into thinking they are getting something that they are not

Spear phishing Similar to fishing; uses an email or website to trick you Different from phishing because the email comes from someone who appears to be apart of your organization Aimed at specific individual or group of people and often contains personal details in order to appear more believable Contains specific details that only a trusted person is likely to know

Baiting Similar to a real-world Trojan Horse; virus is disguised to be legitimate data Uses physical media and relies on the curiosity or greed of the victim the social engineer leaves a legitimate looking CD or flash drive infected with malware in hopes that the person uses the device

Tailgating Also known as piggybacking When someone who is not authorized gains entry to a restricted area by following closely behind someone who is authorized People often hold the door for someone without knowing whom the individual is or asking where they are going

Spam Unwanted commercial e-mail Sending useless information and viruses out in hopes to get a response If a response is obtained useless information and viruses continue to be sent out

Hoaxes Malicious deception Deception: an act intended to trick people into believing something is real when it is not (Bing Dictionary) A knowingly fabricated misrepresentation told in order to hide the truth Try to persuade the victim to damage their own system

Shoulder Surfing Direct observation technique Looking over someone's shoulder to get sensitive information Very effective in crowded places

Impersonation Can occur in person, over the phone or on-line Pretending to be someone that you are likely to trust Manipulates our natural thoughts to trust that people are who they say they are

What to do if you’ve been socially engineered Report it to the appropriate personnel within the organization (i.e. network administrators) Constantly check for suspicious or unusual activity (i.e. unexplainable charges to an account) Change all password and usernames if possible Close any accounts that may have been compromised.

Avoiding Social Engineering Attacks Do not disclose personal information Be suspicious of unsolicited phone calls, visits, emails, etc. Pay attention to the URL of websites NEVER share your password

Resources http://en.wikipedia.org/wiki/Social_engineering_(security)#Pretexting http://searchcio.techtarget.com/definition/pretexting http://pentestmag.com/social-engineering-what-it-is-and-how-you-can-avoid-it/ http://www.webopedia.com/TERM/P/phishing.html http://searchsecurity.techtarget.com/definition/spear-phishing

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.