Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Slides:

Advertisements

Similar presentations

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Advertisements

Good morning - Matthias Vermeiren - Joachim Seminck Good morning.

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

Basics. 2 Class Outline Part 1 - Introduction –Explaining –Parts of an address –Types of services –Acquiring an account.

Social Engineering Networks Reid Chapman Ciaran Hannigan.

Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

 Communicating with friends is now easier than ever, for example on Facebook you can connect with all your friends and chat to them very easily and instantly.

Program Objective Security Basics

Social Engineering UTHSC Information Security Team.

Information Security Phishing Update CTC

Security of systems Security risks come from two areas: employees (who introduce accidental and intentional risks) and external computer crime. Unfortunately.

Chapter 4.  Can technology alone provide the best security for your organization?

Reliability & Desirability of Data

IT security By Tilly Gerlack.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

Basics. 2 Professional Development Centre Class Outline Part 1 - Introduction –Explaining –Parts of an address –Types of services.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

CCT355H5 F Presentation: Phishing November Jennifer Li.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

What You Need to Know About Your Personal Information.

A practical overview on how the bad guys adopt and circumvent security initiatives Commercial – in - Confidence Alex Shipp Imagineer.

Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.

Orientation Overview Policies Procedures Research Resources Plagiarism Prevention Internet Safety Your online/digital presence.

Topic 5: Basic Security.

P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST

Physical Security Katie Parker and Robert Tribbia Katie Parker and Robert Tribbia Computer Security Computer Security Fall 2008 Fall 2008.

Computer Security By Duncan Hall.

Phishing and online fraud What parents need to know.

Cybersecurity Test Review Introduction to Digital Technology.

Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.

Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.

Safe Computing Practices. What is behind a cyber attack? 1.

SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.

Social Engineering The Greatest Security Risk to a Company.

WHAT YOU NEED TO KNOW Chevron Federal Credit Union Great Rates. Personal Service. chevronfcu.org  

JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,

Gone Phishing: Understanding Social Engineering Attacks

Social Engineering: The Human Element of Computer Security

Social Engineering Dr. X.

An Introduction to Phishing and Viruses

Business Partner Screening

Social Engineering Brock’s Cyber Security Awareness Committee

Personal spaces.

Social Engineering Charniece Craven COSC 316.

Ways to protect yourself against hackers

Social Engineering: The Art of Manipulation

Information Security 101 Richard Davis, Rob Laltrello.

Phishing is a form of social engineering that attempts to steal sensitive information.

Social Engineering Brock’s Cyber Security Awareness Committee

Norton technical support Norton.com/Setup | Norton Setup and Install with Product Key Norton Antvirus Activation For protection against.

Robert Leonard Information Security Manager Hamilton

Mobile County Public Schools

Social Engineering No class today! Dr. X.

Malware, Phishing and Network Policies

Multifactor Authentication & First Time Login

An Introduction to Collaborative Online Documents

Security Hardening through Awareness August 2018

Social Engineering Humans are often the weakest point in security

Unit 1.6 Systems security Lesson 1

Identity Theft By Omer Ersen.

Cybersecurity Simplified: Phishing

Presentation transcript:

Social Engineering J Nivethan

Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline Any other means

Significance The weakest link in the security chain is the human element Attackers always try to exploit the weakest link in the security chain, as that gives them better results with less efforts

Why Social Engineering? Security of the systems have been improved in a great deal over the time It’s not easy to “bruteforce” the password of a bank account anymore But, it’s still not that difficult to deceive a gullible user and get his password from him!

Popular Social Engineering Attacks Phishing - The most popular Baiting Impersonation Online scams Tailgating Shoulder surfing Dumpster diving

Phishing Acquire information, pretending to be legitimate Ex: Fake login page

Baiting Like the real world Trojan Horse! Ex: Leave a flash drive with malware

Impersonation Ask for details impersonating (over or phone) Calling help desk impersonating a customer ing employee impersonating boss/co- worker

Online Scams Ex: Enter your details, we will ship you free iPad

Tailgating Use an authorized person to gain access (Often when the person is careless or not aware)

Shoulder Surfing Using direct observation techniques to obtain information Ex: Look from behind Place a camera

Dumpster Diving Search the trashed things to gain any information Storage devices Written data on papers

Prevention / Mitigation Educating users o Training users on Phishing, Baiting, Impersonation, Online scams, Tailgating, Shoulder surfing, dumpster diving, tailgating Establishing policies o Proper data disposal policy (dumpster diving) Implement mechanisms o Like NYC subway mitigates tailgating o Session management

Educating users in an organization Perform all types social engineering attacks on employees (testing), and grade each of them according to their social engineering immunity Make the employee go through the training again if he/she gets low grade Reward the employees with better score

Recent Google Doc Phishing Hackers simply created a folder inside of a Google Drive account, marked it as public, uploaded a file there, and used the preview feature in Google Drive to get a URL that they could include in the . Once a user enters his or her credentials and clicks “Sign in,” the information is sent to a compromised server And the user is redirected to a real Google Docs document, unaware that phishing happened.

Questions?