Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Engineering Charniece Craven COSC 316.

Published byLuke Cannon Modified over 6 years ago

Similar presentations

Presentation on theme: "Social Engineering Charniece Craven COSC 316."— Presentation transcript:

1 Social Engineering Charniece Craven COSC 316

2 Outline What is social engineering? Common goals of social engineers
Techniques What to do if you have become a victim of social engineering How to avoid being socially engineered

3 Social Engineering The psychological manipulation of “bugs in the human hardware”. False motive; individual lies to gain unauthorized data Attacks that take advantage of flawed human judgment by convincing the victim to take actions that are counter to security policies. Although technology can provide many protections, it is very hard to protect against human misjudgment Manipulates the victims trust to make breaking in their system easier

4 Goals of social engineers
3 common goals that many social engineers want to achieve are: Gathering information to guess the password(s) of the victim Identity theft- the thief impersonates the victim sufficiently well to engage in large financial transactions (i.e. taking out large loans or making expensive purchases in the name of the victim) Credit card number theft- the thief learns the credit card number, card owner’s name, expiration date, and three-digit card verification number in order to make purchases until the stolen card is invalidated

5 Techniques The various social engineering techniques are based on specific attributes of cognitive biases and are exploit in various combinations. The most common forms of social engineering are: Pretexting Phishing Spear phishing Baiting Tailgating Spam Hoaxes Shoulder surfing Impersonation

6 Pretexting Usually involves some prior research of the victim and uses the information for impersonation Individual pretends to need information in order to confirm the identity of the person they are talking to in hopes of forming trust Ask a sequence of questions strategically to gain significant individual identifiers (i.e., Social Security Number, Date of Birth, Account Number, etc.)

7 Phishing Usually carried out by authentic looking , instant messaging, or website Appeal broadly to many people in order to trick as many people as possible Sending an to a user falsely claiming to be an legitimate company in order to scam an individual into submitting confidential information that may be used for identity theft Looking for vulnerable users and tricking them into thinking they are getting something that they are not

8 Spear phishing Similar to fishing; uses an or website to trick you Different from phishing because the comes from someone who appears to be apart of your organization Aimed at specific individual or group of people and often contains personal details in order to appear more believable Contains specific details that only a trusted person is likely to know

9 Baiting Similar to a real-world Trojan Horse; virus is disguised to be legitimate data Uses physical media and relies on the curiosity or greed of the victim the social engineer leaves a legitimate looking CD or flash drive infected with malware in hopes that the person uses the device

10 Tailgating Also known as piggybacking
When someone who is not authorized gains entry to a restricted area by following closely behind someone who is authorized People often hold the door for someone without knowing whom the individual is or asking where they are going

11 Spam Unwanted commercial e-mail
Sending useless information and viruses out in hopes to get a response If a response is obtained useless information and viruses continue to be sent out

12 Hoaxes Malicious deception
Deception: an act intended to trick people into believing something is real when it is not (Bing Dictionary) A knowingly fabricated misrepresentation told in order to hide the truth Try to persuade the victim to damage their own system

13 Shoulder Surfing Direct observation technique
Looking over someone's shoulder to get sensitive information Very effective in crowded places

14 Impersonation Can occur in person, over the phone or on-line
Pretending to be someone that you are likely to trust Manipulates our natural thoughts to trust that people are who they say they are

15 What to do if you’ve been socially engineered
Report it to the appropriate personnel within the organization (i.e. network administrators) Constantly check for suspicious or unusual activity (i.e. unexplainable charges to an account) Change all password and usernames if possible Close any accounts that may have been compromised.

16 Avoiding Social Engineering Attacks
Do not disclose personal information Be suspicious of unsolicited phone calls, visits, s, etc. Pay attention to the URL of websites NEVER share your password

17 Resources

Download ppt "Social Engineering Charniece Craven COSC 316."

Similar presentations

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
SOCIAL ENGINEERING ATTACKS GOWTHAM RAM RAJARAM VIGNESH SELVAKUMAR SELLAMUTHU.

SOCIAL ENGINEERING ATTACKS GOWTHAM RAM RAJARAM VIGNESH SELVAKUMAR SELLAMUTHU.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
The Art of Social Hacking

The Art of Social Hacking
Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?

Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Computer Viruses.

Computer Viruses.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Program Objective Security Basics

Program Objective Security Basics
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.

Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
P HI SH I NG !. WHAT IS PHISHING ? In computer security phishing is trying to acquire important information such as; passwords, usernames and credit card.

P HI SH I NG !. WHAT IS PHISHING ? In computer security phishing is trying to acquire important information such as; passwords, usernames and credit card.
Viruses & Destructive Programs

Viruses & Destructive Programs
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.

Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
CIS 5370 - Computer Security Kasturi Pore Ravi Vyas.

CIS Computer Security Kasturi Pore Ravi Vyas.
Dangers of the Internet CEL : C O M P U T E R S I N E V E R Y D A Y L I F E CEL 1 Dangers of the Internet Name: ____________________ Class: ________________.

Dangers of the Internet CEL : C O M P U T E R S I N E V E R Y D A Y L I F E CEL 1 Dangers of the Internet Name: ____________________ Class: ________________.

Similar presentations

Ads by Google