Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Engineering Mark Shtern. Social Engineering SE is manipulating a person into knowingly or unknowingly giving up information – Psychological manipulation.

Published byAllen George Modified over 8 years ago

Similar presentations

Presentation on theme: "Social Engineering Mark Shtern. Social Engineering SE is manipulating a person into knowingly or unknowingly giving up information – Psychological manipulation."— Presentation transcript:

1 Social Engineering Mark Shtern

2 Social Engineering SE is manipulating a person into knowingly or unknowingly giving up information – Psychological manipulation – Trickery

3 Goals Install spyware, other malicious software Trick persons into handing over passwords and/or other sensitive information

4 Movie http://www.youtube.com/watch?v=8TJ4XOvY 7II&feature=related http://www.youtube.com/watch?v=- kW1DPPp1VQ

5 Tactics Pretexting Phishing Fake Websites Fake Pop-up Reverse Social Engineering Phone Social Engineering Spoofing – CallerID – SMS TinyURL

6 Human nature Reciprocity Principle - People tend to feel obliged to discharge perceived debts. Authority Principle – People tend to respond to authority figures Social Proof Principle – People tend to use people who are similar to themselves as behaviour models Scarcity Principle – People value things they perceive as scarce more than things they perceive as common Consistency / Commitment Principle – People tend to act to maintain their self image (even without conscious knowledge)

7 Attack Pattern Information gathering Developing relationship Exploitation Execution

8 Examples Facebook – Made a fake Facebook account to get access to your friends list. Twitter – photo advertising a video with girls posted “new version of Adobe Flash” is required to watch the video

9 Countermeasures Management buy-in Security policy Physical security Education/Awareness Good security architecture Limit data leakage Incident response strategy Security culture

10 RSA: Phishing Attacks Sent phishing e-mail – Subject "2011 Recruitment Plan" – Attachment Excel spreadsheet with discovered Adobe Flash zero day flaw CVE 20110609 Trojan Harvested credentials Obtained privileged access to the targeted system

Download ppt "Social Engineering Mark Shtern. Social Engineering SE is manipulating a person into knowingly or unknowingly giving up information – Psychological manipulation."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309) 494 1523

Managing the Security and Privacy Risks of Social Media Don Knox, CPP, CITRMS Global Security and Risk Analysis Manager Caterpillar (309)
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Spyware and Adware Rick Carback 9/18/2005

Spyware and Adware Rick Carback 9/18/2005
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
DoD Spear-Phishing Awareness Training Joint Task Force - Global Network Operations UNCLASSIFIED//FOUO Updated: 16 NOV 2006.

DoD Spear-Phishing Awareness Training Joint Task Force - Global Network Operations UNCLASSIFIED//FOUO Updated: 16 NOV 2006.
Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.

Facebook Security and Privacy Issues Brian Allen Network Security Analyst Washington University December 2, 2010 Alumni House.
PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.

PHISHING By, Himanshu Mishra Parrag Mehta. OUTLINE What is Phishing ? Phishing Techniques Message Delivery Effects of Phishing Anti-Phishing Techniques.
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.

UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
Threats To A Computer Network

Threats To A Computer Network
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.

INFORMATION SECURITY AWARENESS PRESENTED BY KAMRON NELSON AND ROYCE WILKERSON.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Similar presentations

Ads by Google