Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Slides:



Advertisements
Similar presentations
Internet Safety at Work Protect company, customer, and your data online.
Advertisements

What Are Scams? Scams are designed to trick you into giving away your money or your personal details. Scams come to you in many forms – by mail, ,
A note for you We have created this presentation for you, the outstanding employee who has IT security on the brain. We want to help you spread the word.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
1 Identity Theft and Phishing: What You Need to Know.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Information Security Awareness Training
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
8 Mistakes That Expose You to Online Fraud to Online Fraud.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Social Engineering Networks Reid Chapman Ciaran Hannigan.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
10 Essential Security Measures PA Turnpike Commission.
Information Assurance Outreach. Overview Survey Results Password Security Safety Internet Privacy Social Media Privacy and Safety Technology Demonstration.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Protecting Sensitive Information PA Turnpike Commission.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
Social Engineering Provide brief background about ourselves i.e. what were are going to school for Ask students what they think social engineering is before.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
Password Management PA Turnpike Commission
Hacking Phishing Passwords Sourendu Gupta (TIFR).
Chapter 4.  Can technology alone provide the best security for your organization?
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
1. Self Awareness You should only access your accounts and private informations from a safe location (only at home as necessary if at all possible) where.
©Holm Publications Security Awareness Presentation.
Adrian Ellison Assistant Director, IT Services Wednesday 23 November 2011.
End User Cyber Security Awareness Training. Who should complete this training This training is required for all individuals that owns a computer, mobile.
Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.
PHYSICAL ITSECURITY scope. 1.What is password security?. 2.Why can't I tell anyone my password? 3.What about writing my password down 4.Social engineering.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Computer Security Hacking, Phishing, Passwords Kausalya S. And Sushil Mujumdar (CCCF) 04 - Aug - 15.
Introduction to Computer Security PA Turnpike Commission.
SOCIAL ENGINEERING PART IA: HOW SCAMMERS MANIPULATE EMPLOYEES TO GAIN INFORMATION.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.
Inappropriate Content Hackers Phishers Scammers Child Abusers Bullies.
Computer Security By Duncan Hall.
When John arrives, do you allow him to use your computer under your account? “I’m John Newbie - the latest hire in the company’s Tech Support. Director.
JMU GenCyber Boot Camp Summer, Introduction to Reconnaissance Information gathering – Social engineering – Physical break-in – Dumpster diving Scanning.
Social Engineering By: Pete Guhl and Kurt Murrell.
Identity Theft PD Identity Theft Identity theft is a serious crime which can: Cost you time and money Destroy your.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.
FERPA & Data Security:FERPA & Data Security: Passwords and Authenticators.
Fraud, scams and commercial exploitation. The dangers Children are still generally quite trusting and uncritical about what they read online They are.
Managing Money Workshop The National Autistic Society AGM
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Social Engineering Dr. X.
Social Engineering Brock’s Cyber Security Awareness Committee
Social Engineering Charniece Craven COSC 316.
Social Engineering: The Art of Manipulation
Phishing, what you should know
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Staying Austin College
Social Engineering Brock’s Cyber Security Awareness Committee
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
Social Engineering No class today! Dr. X.
Personal IT Security Cyber Security – Basic Steps
Lesson 2: Epic Security Considerations
What is Phishing? Pronounced “Fishing”
Presentation transcript:

Social Engineering PA Turnpike Commission

“Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users” The principle behind social engineering is that “users are the weak link in security.” Many attackers are finding that it is easier to get information or access to computing systems by exploiting people’s natural tendency to want to trust and be helpful, then by trying to break into a company or a system using technology.

A Social Engineer will commonly use the telephone, Internet, or to trick people into revealing sensitive information or to get them to do something that is against policy. Don’t divulge sensitive information, passwords, etc. over the phone, Internet or , even to people claiming to need it. For targeted attacks, hackers will even go through dumpsters (“dumpster diving”) or do other research so they know enough to convince you to trust them. Even snippets of confidential information can be harmful if someone is clever enough to get bits of info from several different people and piece them together.

A simple example of Social Engineering: Someone calls claiming to be a system administrator and requests your password in order to fix ‘something’, or says the password is necessary to do his or her work. In reality, system administrators should never need to know a user’s password to get their job done. You will never need to give your password to PTC IT staff.

One more example of Social Engineering: You get an that looks like it’s from your bank telling you that there is a problem with your account. It says that you need to click on a link in the to go to a special web page where you must confirm your account information. Instead of clicking on a link in an unsolicited , contact the company directly to discuss, or at least go to their website directly for additional information, but do not use the link in the .

Preventative Tips: Lock your computer when you are away from your work area and log off of your computer at the end of the workday. Use strong passwords. Challenge strangers in your area. Share sensitive information on a need to know basis. Shred papers. Destroy CDs before discarding. Report suspicious activity.

How to defend against Social Engineering? Be aware of warning signs and common characteristics. Here are some types of attacks: Authority – Person uses perceived rank and name dropping. Ignorance – Person is unsure of process, acts like new employee. Exaggerated – Person acts very rushed, like it’s an emergency. Help Desk – Person impersonates help desk support person. Stake-out – Person is just loitering waiting for an opportunity. Fake Survey – Person says they need input for a survey. Dumpster Diving – Person is looking in trash bins and wastebaskets for information.

The different modules of this tutorial will: Discuss the risks to your computer and the data it contains. Provide some guidelines for avoiding risks. Suggest some practical and easy solutions. Please review these modules at your convenience.