Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Engineering Dr. X.

Published byHelena Bridges Modified over 6 years ago

Similar presentations

Presentation on theme: "Social Engineering Dr. X."— Presentation transcript:

1 Social Engineering Dr. X

2 What is Social Engineering?
(in the context of information security) the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. “any act that influences a person to take an action that may or may not be in their best interest.”  (SE framework: engineer.org/framework/general-discussion/social-engineering- defined/)

3 Social Engineering…

4 A Quote from Kevin Mitnick
“You could spend a fortune purchasing technology and services from every exhibitor, speaker and sponsor at the RSA Conference, and your network infrastructure could still remain vulnerable to old-fashioned manipulation.”

5 Types of “hackers” according to Kevin Mitnick
Crackers (or vandals) Script kiddies Phone phreaks Social engineers

6 A Classic (and real) Example
Stanley Mark Rifkin defrauded the Security Pacific National bank in LA in 1978 Managed to steal $10,200,000 in a single social engineering attack

7 Types of Attacks Phishing Impersonation on help desk calls
Physical access (such as tailgating) Shoulder surfing Dumpster diving Stealing important documents Fake software Trojans

8 Phishing Use of deceptive mass mailing
Can target specific entities (“spear phishing”) Prevention: Honeypot addresses Education Awareness of network and website changes

9 Impersonation on help desk calls
Calling the help desk pretending to be someone else Usually an employee or someone with authority Prevention: Assign pins for calling the help desk Don’t do anything on someone’s order Stick to the scope of the help desk

10 Physical access Tailgating
Ultimately obtains unauthorize building access Prevention Require badges Employee training Security officers No exceptions!

11 Shoulder surfing Someone can watch the keys you press when entering your password Probably less common Prevention: Be aware of who’s around when entering your password

12 Dumpster diving Looking through the trash for sensitive information
Doesn’t have to be dumpsters: any trashcan will do Prevention: Easy secure document destruction Lock dumpsters Erase magnetic media

13 Stealing important documents
Can take documents off someone’s desk Prevention: Lock your office If you don’t have an office: lock your files securely Don’t leave important information in the open

14 Fake Software Fake login screens
The user is aware of the software but thinks it’s trustworthy Prevention: Have a system for making real login screens obvious (personalized key, image, or phrase) Education Antivirus (probably won’t catch custom tailored attacks)

15 Trojans Appears to be useful and legitimate software before running
Performs malicious actions in the background Does not require interaction after being run Prevention: Don‘t run programs on someone else’s computer Only open attachments you’re expecting Use an antivirus

16 Responding You’ve been attacked: now what?
Have a place to report incidents People need to take responsibility Conduct audits

17 Other Thoughts What damage has been done? What damage can still be done? Has a crime actually taken place?

18 Sources Adopted slides by Caleb Leak and Smiti Bhatt
Ch. 5: The basics of Hacking and Penetration Testing SE Framework: discussion/

Download ppt "Social Engineering Dr. X."

Similar presentations

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.

Protect Yourself Against Phishing. The good news: The number of US adult victims of identity fraud decreased from 9.3 million in 2005, to 8.4 million.
Social Engineering: The Human Element How Does Social Engineering Work and to What Purpose? Chuck McGann.

Social Engineering: The Human Element How Does Social Engineering Work and to What Purpose? Chuck McGann.
CIT 1100. In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.

UT Wing Civil Air Patrol. Objective Identify network and cyber vulnerabilities and mitigations Social Media/Metadata/Exfil data MITM Attacks Malware Social.
Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.

Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
Protecting Your Identity. What is IA? Committee on National Security Systems definition: –Measures that protect and defend information and information.

Protecting Your Identity. What is IA? Committee on National Security Systems definition: –Measures that protect and defend information and information.
Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.

Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.

The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
TRACs Security Awareness FY2009 Office of Information Technology Security 1.

TRACs Security Awareness FY2009 Office of Information Technology Security 1.

Similar presentations

Ads by Google