Presentation is loading. Please wait.

Presentation is loading. Please wait.

Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.

Published byAvis Berry Modified over 8 years ago

Similar presentations

Presentation on theme: "Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different."— Presentation transcript:

1 Designed By: Jennifer Gohn

2

3  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different types of social engineering, to name a few: ◦ Phone Phreaking: A type of hacking that allows the person to explore the telephone network and obtaining any information available to the phone company. ◦ Crackers or Vandals: Hackers who destroy people’s files or entire hard drives ◦ Grifter: A person who uses deception and persuasion to obtain important, secret information from companies and businesses.

4  Where can social engineering take place? ◦ It can happen in person, on the phone, or on the computer ◦ At work or even at home ◦ Dumpster Diving  Who can be a social engineer? ◦ ANYONE ◦ They try to trick you into believing they are someone else

5  Different techniques a social engineer uses to get others to believe they’re who they say they are can be: ◦ Persuasion ◦ Impersonation ◦ Ingratiation ◦ Conformity ◦ Friendliness

6 It requires action on both the physical and psychological levels How to Combat Social Engineering

7  Training is essential  A company needs well-rounded security policies  Policies remove the responsibility for employees to make judgment calls ◦ Policies can help to eliminate some human error and some human judgment  For example, a policy for a company could be that every employee must verify if the person is who they say they are with a simple check, making sure no social engineer is trying to win one over on the company  Another example could be that private company information is kept private. Anyone who wants to access it must show proper verification.

8  The policies should address some simple aspects of the company: ◦ Locks ◦ I.D.s ◦ Information access controls ◦ Setting up accounts ◦ Access approval ◦ Password changes

9  EVERY employee should be trained in the all of the updated security policies  EVERY employee needs to be informed and know about social engineering in order to know how to combat it  Always be suspicious to an extent. Don’t always believe people are who they say they are until you verify with legitimate sources.  Everyone needs to be trained in how to use the computer systems and how to create a good user name and password. ◦ Passwords should be a combination of both letters and numbers as well as upper case and lower case letters. ◦ The password should be something that has no relevance to the user. The more random the password, the more secure it is.

10  Employees need to be trained on how to tell if information is considered confidential or not  Everyone needs to understand that security is part of all of the jobs taking place in the company, not just the IT department or security department.  All new employees need to go through a security orientation.

11  There are some signs that can tip you off: ◦ Refusal to give contact information ◦ Rushing ◦ Name-dropping ◦ Intimidation ◦ Small mistakes (misspellings, misnomers, odd questions) ◦ Requesting forbidden information

12  In the incident that an employee suspects a social engineering attack: ◦ Report the incident (preferable to one person who is in charge of handling and keeping track of all security breaches if they happen) ◦ Notify others so that they won’t be victim of the same con ◦ Follow company security policies. DO NOT give out sensitive information with out proper verification. ◦ DO NOT assume everyone is who they say they are. ◦ Stay calm and be as friendly as possible without giving up any personal or company information

13 Area Of RiskHacker TacticCombat Strategy PhoneImpersonation and persuasionTrain employees/help desk to never give out passwords or other confidential info by phone Building EntranceUnauthorized physical accessTight badge security, employee training, and security officers present OfficeShoulder surfingDon’t type in passwords with anyone else present (or if you must, do it quickly!) DumpstersDumpster divingKeep all trash in secured, monitored areas, shred important data, erase magnetic media Intranet-InternetCreation & insertion of mock software on intranet or internet to snarf passwords Continual awareness of system and network changes, training on password use OfficeStealing sensitive documentsMark documents as confidential & require those documents to be locked General-PsychologicalImpersonation & persuasionKeep employees on their toes through continued awareness and training programs Table courtesy of: http://www.symantec.com/connect/articles/social- engineering-fundamentals-part-ii-combat-strategies

14 Click on the picture to see an example of a training video on what to do if you are being attacked.

15  If you have any more questions or concerns about social engineer and how to spot it and prevent it check out these sources: ◦ The book The Art Of Deception by Kevin Mitnick ◦ Examples of internet social engineering: http://www.youtube.com/watch?v=ybQaPp7ySpQ&f eature=related http://www.youtube.com/watch?v=ybQaPp7ySpQ&f eature=related ◦ What is social engineering? http://www.youtube.com/watch?v=b- yqbNM3s7c&feature=related http://www.youtube.com/watch?v=b- yqbNM3s7c&feature=related ◦ How to select a secure password: http://www.youtube.com/watch?v=48lZa1d-Htg http://www.youtube.com/watch?v=48lZa1d-Htg

Download ppt "Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different."

Similar presentations

A note for you We have created this presentation for you, the outstanding employee who has IT security on the brain. We want to help you spread the word.

A note for you We have created this presentation for you, the outstanding employee who has IT security on the brain. We want to help you spread the word.
Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)
Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.

Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
BALANCING LIFE’S ISSUES, INC. Identity Theft Protection, Prevention and Self Help.

BALANCING LIFE’S ISSUES, INC. Identity Theft Protection, Prevention and Self Help.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Information Security Awareness Training

Information Security Awareness Training
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.

Part 2 of Evil Lurking in Websites Data Security at the University of Wisconsin Oshkosh.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
CIT 1100. In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
Security Awareness Lloyd Guyot – Steelcase Ed Jaros – Tenundra Inc. July 17, 2003.

Security Awareness Lloyd Guyot – Steelcase Ed Jaros – Tenundra Inc. July 17, 2003.
Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.

Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
1 CIP for Operators Social Engineering Threats: “Hacking the Head” 2013 System Operator Conferences April 18, May 2, Columbia, SC September 12, September.

1 CIP for Operators Social Engineering Threats: “Hacking the Head” 2013 System Operator Conferences April 18, May 2, Columbia, SC September 12, September.
IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.

IDENTITY THEFT ARE YOU SAFE?. HOW DOES THIS HAPPEN TO ME? Internet “Security “ When using a public computer, never access any vital accounts like banking.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.

The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.

Similar presentations

Ads by Google