Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.

Slides:



Advertisements
Similar presentations
Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.
Advertisements

April “Security is everyone's business”
Critical Incident First Responder Responsibilities & Tactics.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
SAFETY FIRST Sgt. Deb Newsome Canton Police TIPS TO KEEP YOU SAFE Always check first with a parent, guardian, or trusted adult before going anywhere,
SECURITY CHECK Protecting Your System and Yourself Source:
The Art of Social Hacking
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
HOW AND WHEN TO SUMMON HELP FOR A LIBRARY USER Making Good Referrals.
Livingston Police Department. What is a Stranger?  A stranger is someone your child does not know well.  Make sure your child doesn’t think that only.
Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.
Social Engineering Networks Reid Chapman Ciaran Hannigan.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
1 An Overview of Computer Security computer security.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
1 Social Engineering Dr.Talal Alkharobi. 2 Social Engineering - Definition Webster — management of human beings in accordance with their place and function.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Staying Safe, Having Fun, And Cruising The ‘Net Daniel Owens IT Security Professional.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Cedes.ba The art of security What is not security (what years of pen testing have shown us)
Lecture 5 Page 1 CS 236 Online Certificates A ubiquitous form of authentication Generally used with public key cryptography A signed electronic document.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
The Role of People in Security
Chapter 4.  Can technology alone provide the best security for your organization?
Bullying… What you can do about it. Who is Involved? Who are the three people involved in bullying situations? Definition of Bullying – “Bullying is when.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Identity Theft What is Identity Theft?  Identity theft is a serious crime. Identity theft happens when someone uses information about you without your.
Lecture 15 Page 1 Advanced Network Security Perimeter Defense in Networks: Firewalls Configuration and Management Advanced Network Security Peter Reiher.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Social Engineering Euphemism for cons –Confidence schemes - note the word confidence Why technologically based security protection that ignores the human.
XHS Students Web Tools 2.0 Class. Personal Information Passwords Make it hard for others to figure out Never give it to your friends Don’t use the same.
SOCIAL ENGINEERING PART IA: HOW SCAMMERS MANIPULATE EMPLOYEES TO GAIN INFORMATION.
Why should we talk about math?!?. Talking about our ideas can help us learn… Talking through our thinking can also help us clarify our own thoughts. If.
Inappropriate Content Hackers Phishers Scammers Child Abusers Bullies.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. Cyber.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Social Engineering By: Pete Guhl and Kurt Murrell.
December 10, 2002 Bob Cowles, Computer Security Officer
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
Lecture 5 Page 1 Advanced Network Security Review of Cryptography: Cryptographic Keys Advanced Network Security Peter Reiher August, 2014.
1. Guard your privacy. What people know about you is up to you. 2. Protect your reputation. Self-reflect before you self-reveal. What’s funny or edgy.
Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.
YEAR 6’S GUIDE TO STAYING SAFE ON THE INTERNET. CHATTING When you are chatting to people online, try not to give out any personal information about yourself.
Tue Becher Jensen Lecture 2 – Real or perceived security.
Robert Crawford, MBA West Middle School.  Describe ways criminals obtain passwords  Discuss ways to protect your computer from being accessed by others.
Jeff loses his identity! Lesson 5: Identity Theft.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
Outline of this module By the end of this module, you will be able to: Understand what is meant by the term “advanced fee fraud”; Understand what is.
3-5 Lesson c: secret agent savings The big savings mistakes
Social Engineering: The Human Element of Computer Security
Fraud Protection.
Fraud protection.
What Is Social Engineering?
Social Engineering Brock’s Cyber Security Awareness Committee
Social Engineering Charniece Craven COSC 316.
Staying Austin College
Social Engineering Brock’s Cyber Security Awareness Committee
Cybersecurity Awareness
The Art of Deception.
Lesson 2: Epic Security Considerations
Lesson 2: Epic Security Considerations
Lesson 2: Epic Security Considerations
CS 465 Social Engineering Last Updated: Dec 14, 2017.
What is Phishing? Pronounced “Fishing”
social Engineering and its importance during Security Audits
Presentation transcript:

Social Engineering And You Steve Otto

Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger. n Social Engineering: “Testifying before Congress not long ago, I explained that I could often get passwords and other pieces of sensitive information from companies by pretending to be someone else and just asking for it.” - Kevin Mitnick n The Social Engineers’ Modus Operandi: Gather as much information about the target as possible, and use that information to gain the trust as an insider. Then go for the jugular!

The Art of the Attacker n Innocuous Information: “Much of the seemingly innocuous information in a company’s possession is prized by a social engineering attacker because it can play a vital role in his effort to dress him or her self in a cloak of believability.” As you’ll notice repeatedly in these examples, knowledge of a company’s lingo, and of its corporate structure - its various offices and departments, what each one does, and what information each has - is part of the essential bag of tricks of the successful social engineer.

The Art of the Attacker n CreditChex Example. –This entire ruse was based on one of the fundamental tactics of social engineering: gaining access to information that a company employee treats as innocuous, when it isn’t. n More “Worthless” Information –Peter Abels’ phone call. –The moral of the story is, don’t give out any personal or company information or identifiers to anyone, unless you recognize his or her voice and the requester has a need to know.

Techniques of the Social Engineer n The Direct Attack: Just Asking For It. –Stevie’s Scam n This is a perfect example of how easy it can be for a social engineer to get what they want by “just asking for it.” n Building Trust –Trust is the key to deception. The more a social engineer can make his contact seem like business as usual, the more he allays suspicion. –Once he/she has your trust, the drawbridge is lowered and the castle door thrown open so he/she can enter and take whatever information they want.

Techniques of the Social Engineer n Doyle Lonnegan’s Story n C.T. (How he gained the store clerks trust) The initial calls to Ginny were simply to build up trust. When the time came for the attack, she let her guard down and accepted Tommy for who he claimed to be, the manager at another store in the chain. n Building a sense of trust doesn’t necessarily demand a series of phone calls with the victim. n Surprised, Dad n The Moral –Trust Wisely (Would you give your worst enemy your information)

Techniques of the Social Engineer n “Let Me Help You.” –The Network Outage n Reverse Social Engineering- When the attacker puts the target in a situation where they call the attacker for help. (This gives the attacker instant credibility. If someone thinks that they are talking to the help desk they are not going to ask that person to prove their identity.) n “Can You Help Me?” n Vulnerable Security Practices –Candy Security - A term coined by Belloviin and Cheswick of Bell Labs to describe a security scenario where the outer perimeter, such as the firewall, is strong, but the infrastructure behind it is weak.

Techniques of the Social Engineer n Speakeasy Security - Security that relies on knowing where desired information is, and using a worker’s id number or name to gain access to that information or computer system. n Security Through Obscurity - An ineffective method of computer security that relies on keeping secret the details of how the system works (protocols, algorithms, and internal systems). Security through obscurity relies on the false assumption that no one outside the trusted group of people will be able to circumvent the system.

Safe Security Practices n The Golden Questions: –How do I know this person is who he says he is? –How do I know this person has the authority to make this request? n NEVER disclose your password under any circumstances. n Follow procedures for disclosure of internal information. n When in doubt, Verify, Verify, Verify. n Treat your seemingly innocuous information like ATM pin numbers. n Ask yourself if you would give the requested information to your worst enemy and what would be the repercussions for doing so. n Never be so eager to help out a caller that the security of the business is compromised.

“Only two things are infinite, the universe and human stupidity, and I’m not sure about the former”. - Albert Einstein

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.