Social Engineering Brock’s Cyber Security Awareness Committee

Slides:



Advertisements
Similar presentations
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
Advertisements

SOCIAL ENGINEERING ATTACKS GOWTHAM RAM RAJARAM VIGNESH SELVAKUMAR SELLAMUTHU.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
The Art of Social Hacking
Aleksandra Kurbatova IVCM.  What is social engineering?  Types  Pretexting  …  Summary  Conclusion.
Recommendations on the future of online GyroScope & Databse implementation.
Information Security Awareness Training
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Internet Phishing Not the kind of Fishing you are used to.
Social Engineering Networks Reid Chapman Ciaran Hannigan.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Social Engineering UTHSC Information Security Team.
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
P HI SH I NG !. WHAT IS PHISHING ? In computer security phishing is trying to acquire important information such as; passwords, usernames and credit card.
What is Social Engineering. Pretexting Pretexting is the act of creating and using an invented scenario called the Pretext to persuade a target to release.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
CIS Computer Security Kasturi Pore Ravi Vyas.
ED 505 Educational Technology By James Moore.  What is the definition of Netiquette and how does it apply to social media sites? ◦ Netiquette is the.
PHISH OR NO PHISH? Masquerades, Deception, and Thievery On the web…
SOCIAL ENGINEERING PART IA: HOW SCAMMERS MANIPULATE EMPLOYEES TO GAIN INFORMATION.
About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
How Phishing Works Prof. Vipul Chudasama.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Topic 5: Basic Security.
Computer crimes.
Cybersecurity Test Review Introduction to Digital Technology.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
FLTCYBERCOM / C10F    U.S. FLEET CYBER COMMAND / U.S. TENTH FLEET    1 Overall Classification of this Briefing is UNCLASSIFIED//FOUO Phishing.
Safe Computing Practices. What is behind a cyber attack? 1.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Internet Security TEAMS March 18 th, ISP:Internet Service Provider.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
Cyber security. Malicious Code Social Engineering Detect and prevent.
Fall Phishing - attempt to acquire sensitive information, like bank account information or an account password, by posing as a legitimate entity.
Social Engineering: The Human Element of Computer Security
Social Engineering Dr. X.
Lesson Objectives Aims You should be able to:
Social Engineering Brock’s Cyber Security Awareness Committee
Network Security Fundamentals
The Art of Social Engineering
Social Engineering Charniece Craven COSC 316.
Lesson 3 Safe Computing.
National Cyber Security Month
Baiting By Conan, Amy and Sarah.
Cyber Security Awareness Workshop
Phishing is a form of social engineering that attempts to steal sensitive information.
Chapter 3: IRS and FTC Data Security Rules
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
Personal IT Security Cyber Security – Basic Steps
Phishing.
HOW DO I KEEP MY COMPUTER SAFE?
Cybersecurity Am I concerned?
Security Hardening through Awareness August 2018
CS 465 Social Engineering Last Updated: Dec 14, 2017.
Business Compromise and Cyber Threat
Introduction and Techniques
What is Phishing? Pronounced “Fishing”
Phishing “In computing, phishing (also known as carding and spoofing) is a form of social engineering, characterized by attempts to fraudulently acquire.
Spear Phishing Awareness
social Engineering and its importance during Security Audits
Cybersecurity Simplified: Phishing
Presentation transcript:

Social Engineering Brock’s Cyber Security Awareness Committee Presents: Social Engineering

Cyber Security Awareness – Social Engineering/Phishing Cyber Security Awareness Committee Cyber Security Awareness – Social Engineering/Phishing Of all the potential threats to our cyber-security, which category of threat are YOU most likely to face in the next week? How can ordinary users defend themselves? This workshop will focus on “social engineering”, defining jargon like “spear phishing”, “pretexting”, “vishing”, “water holing”, “tailgating” and other terms in plain English. You will leave with the skills needed to recognize, manage, and report these threats in your home and work environment.

Social Engineering Insert title here What is It? Cyber Security Awareness Committee Insert title here Social Engineering What is It?

Cyber Security Awareness Committee Social Engineering Social engineering is a discipline in social science that refers to efforts to influence particular attitudes and social behaviors... Wikipedia

Cyber Security Awareness Committee Social Engineering Any act that influences a person to take an action that may or may not be in their best interest. www.social-engineer.org

Cyber Security Awareness Committee Advertising

Cyber Security Awareness Committee Any act that influences a person to take an action that may or may not be in their best interest. Advertising

Cyber Security Awareness Committee Family Influence

Cyber Security Awareness Committee Any act that influences a person to take an action that may or may not be in their best interest. Family Influence

Cyber Security Awareness Committee Elementary School

Cyber Security Awareness Committee Any act that influences a person to take an action that may or may not be in their best interest. Elementary School

Cyber Security Awareness Committee Religious Thought

Cyber Security Awareness Committee Any act that influences a person to take an action that may or may not be in their best interest. Religious Thought

Cyber Security Awareness Committee Political Discourse

Cyber Security Awareness Committee Any act that influences a person to take an action that may or may not be in their best interest. Political Discourse

Cyber Security Awareness Committee Peer Pressure

Cyber Security Awareness Committee Any act that influences a person to take an action that may or may not be in their best interest. Peer Pressure

Social Engineering: Security Context Cyber Security Awareness Committee Social Engineering: Security Context noun The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Google

Social Engineering: Defined on CITS’ Web Site Cyber Security Awareness Committee Social Engineering: Defined on CITS’ Web Site Social Engineering is any act that influences a person to take an action that may or may not be in their best interests. It's the art of gaining access to buildings, systems or information by exploiting human psychology, rather than breaking in, or using technical hacking techniques. It's the art of manipulating people so they give up confidential information or allow access to restricted areas.

Social Engineering: Security Context Cyber Security Awareness Committee Insert title here Social Engineering: Security Context Various Forms

Social Engineering Insert title here Pretexting Cyber Security Awareness Committee Insert title here Social Engineering Pretexting

Cyber Security Awareness Committee Pretexting Using a fictitious scenario (ie the pretext) the criminal establishes trust—perhaps through impersonation—which is leveraged to create a false motive for an unsuspecting individual to divulge information or do something he or she normally would not do.

Cyber Security Awareness Committee Pretexting Sometimes it doesn’t even have to be a lie! What if you told people that you were from the Jimmy Kimmel Show and you were checking if people were using secure enough passwords…

Cyber Security Awareness Committee Pretexting

Social Engineering Insert title here Vishing Cyber Security Awareness Committee Insert title here Social Engineering Vishing

Pretexting: Special Case Cyber Security Awareness Committee Pretexting: Special Case Vishing: Making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information or do something they would not normally do.

Cyber Security Awareness Committee Pretexting

Another Kind of Vishing Cyber Security Awareness Committee Another Kind of Vishing Some criminals prompt targets to phone a number they claim is from a trusted institution to verify their personal information. The mark calls in and provides their private information to an Interactive Voice Response system.

Pretexting: Duping the Help Desk Cyber Security Awareness Committee Pretexting: Duping the Help Desk

Cyber Security Awareness Committee Social Engineering: But the bad guys can turn the tables on your help desk experience too.

Social Engineering Insert title here Quid Pro Quo Cyber Security Awareness Committee Insert title here Social Engineering Quid Pro Quo

Social Engineering: Quid Pro Quo – Something for Something Cyber Security Awareness Committee Social Engineering: Quid Pro Quo – Something for Something The attacker calls extensions at a company claiming to follow up on a technical problem. Eventually finds someone with an issue. In the course of providing tech support, the end user provides system access or types in a malicious command.

Social Engineering Insert title here Water Holing Cyber Security Awareness Committee Insert title here Social Engineering Water Holing

Social Engineering: Water Holing Cyber Security Awareness Committee Social Engineering: Water Holing The attacker finds a weakness in a legitimate website known for attracting a target group. Using the compromised site, visitor systems are infected with malware because people trust the site owners.

Cyber Security Awareness Committee Water Holing

Social Engineering Insert title here Tailgating Cyber Security Awareness Committee Insert title here Social Engineering Tailgating

Social Engineering: Tailgating Cyber Security Awareness Committee Social Engineering: Tailgating The attacker seeks access to a restricted area. Simply walks in behind a person with legitimate access.

Social Engineering: Tailgating Cyber Security Awareness Committee Social Engineering: Tailgating

Social Engineering Insert title here Baiting Cyber Security Awareness Committee Insert title here Social Engineering Baiting

Social Engineering: Baiting Cyber Security Awareness Committee Social Engineering: Baiting Attackers leave malware-infected DVDs or USB flash drives in locations people will find them, giving them names that pique people’s curiosity. An employee looking out of curiosity or to determine how to return it puts it in his or her system and gets infected.

Don’t Plug In ‘Found’ USBs Cyber Security Awareness Committee Don’t Plug In ‘Found’ USBs

Social Engineering Insert title here Phishing Cyber Security Awareness Committee Insert title here Social Engineering Phishing

Cyber Security Awareness Committee What is Phishing? Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details…by disguising as a trustworthy entity in an electronic communication…. Phishing is typically carried out by email spoofing…and it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate one. Wikipedia

The Cost of Phishing to an Edmonton U Cyber Security Awareness Committee The Cost of Phishing to an Edmonton U

Cyber Security Awareness Committee Phishing

Social Engineering: And there’s much, much more…. Like virus hoaxes, Cyber Security Awareness Committee Social Engineering: And there’s much, much more…. Like virus hoaxes, Smishing (SMS phishing) Like tricking users to copy and paste malicious code into their browser’s web development console,….

DEFENSE What can we do about it? A discussion. Cyber Security Awareness Committee What can we do about it? A discussion. DEFENSE

Cyber Security Awareness Committee

Don’t Underestimate the Power of Common Sense Cyber Security Awareness Committee Don’t Underestimate the Power of Common Sense

Cyber Security Awareness Committee Defense Scrutinize what information in the workplace is sensitive and evaluate exposure to breakdowns in security—including social engineering. Establish security protocols, policies, and procedures for handling sensitive information.

Cyber Security Awareness Committee Defense Train employees in the security protocols relevant to their position Periodically test the systems to make sure they work.

Cyber Security Awareness Committee Defense Periodically Review your defensive posture to make sure that your systems, procedures, protocols and training are up-to-date. Make sure that private documents are adequately handled by shredding or secure disposal.

Cyber Security Awareness Committee