Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Engineering Brock’s Cyber Security Awareness Committee

Published byElsa Kristoffersen Modified over 6 years ago

Similar presentations

Presentation on theme: "Social Engineering Brock’s Cyber Security Awareness Committee"— Presentation transcript:

1 Social Engineering Brock’s Cyber Security Awareness Committee
Presents: Social Engineering

2 Cyber Security Awareness – Social Engineering/Phishing
Cyber Security Awareness Committee Cyber Security Awareness – Social Engineering/Phishing Of all the potential threats to our cyber-security, which category of threat are YOU most likely to face in the next week? How can ordinary users defend themselves? This workshop will focus on “social engineering”, defining jargon like “spear phishing”, “pretexting”, “vishing”, “water holing”, “tailgating” and other terms in plain English. You will leave with the skills needed to recognize, manage, and report these threats in your home and work environment.

3 Social Engineering Insert title here What is It?
Cyber Security Awareness Committee Insert title here Social Engineering What is It?

4 Cyber Security Awareness Committee
Social Engineering Social engineering is a discipline in social science that refers to efforts to influence particular attitudes and social behaviors... Wikipedia

5 Cyber Security Awareness Committee
Social Engineering Any act that influences a person to take an action that may or may not be in their best interest.

6 Cyber Security Awareness Committee
Advertising

7 Cyber Security Awareness Committee
Any act that influences a person to take an action that may or may not be in their best interest. Advertising

8 Cyber Security Awareness Committee
Family Influence

9 Cyber Security Awareness Committee
Any act that influences a person to take an action that may or may not be in their best interest. Family Influence

10 Cyber Security Awareness Committee
Elementary School

11 Cyber Security Awareness Committee
Any act that influences a person to take an action that may or may not be in their best interest. Elementary School

12 Cyber Security Awareness Committee
Religious Thought

13 Cyber Security Awareness Committee
Any act that influences a person to take an action that may or may not be in their best interest. Religious Thought

14 Cyber Security Awareness Committee
Political Discourse

15 Cyber Security Awareness Committee
Any act that influences a person to take an action that may or may not be in their best interest. Political Discourse

16 Cyber Security Awareness Committee
Peer Pressure

17 Cyber Security Awareness Committee
Any act that influences a person to take an action that may or may not be in their best interest. Peer Pressure

18 Social Engineering: Security Context
Cyber Security Awareness Committee Social Engineering: Security Context noun The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Google

19 Social Engineering: Defined on CITS’ Web Site
Cyber Security Awareness Committee Social Engineering: Defined on CITS’ Web Site Social Engineering is any act that influences a person to take an action that may or may not be in their best interests. It's the art of gaining access to buildings, systems or information by exploiting human psychology, rather than breaking in, or using technical hacking techniques. It's the art of manipulating people so they give up confidential information or allow access to restricted areas.

20 Social Engineering: Security Context
Cyber Security Awareness Committee Insert title here Social Engineering: Security Context Various Forms

21 Social Engineering Insert title here Pretexting
Cyber Security Awareness Committee Insert title here Social Engineering Pretexting

22 Cyber Security Awareness Committee
Pretexting Using a fictitious scenario (ie the pretext) the criminal establishes trust—perhaps through impersonation—which is leveraged to create a false motive for an unsuspecting individual to divulge information or do something he or she normally would not do.

23 Cyber Security Awareness Committee
Pretexting Sometimes it doesn’t even have to be a lie! What if you told people that you were from the Jimmy Kimmel Show and you were checking if people were using secure enough passwords…

24 Cyber Security Awareness Committee
Pretexting

25 Social Engineering Insert title here Vishing
Cyber Security Awareness Committee Insert title here Social Engineering Vishing

26 Pretexting: Special Case
Cyber Security Awareness Committee Pretexting: Special Case Vishing: Making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information or do something they would not normally do.

27 Cyber Security Awareness Committee
Pretexting

28 Another Kind of Vishing
Cyber Security Awareness Committee Another Kind of Vishing Some criminals prompt targets to phone a number they claim is from a trusted institution to verify their personal information. The mark calls in and provides their private information to an Interactive Voice Response system.

29 Pretexting: Duping the Help Desk
Cyber Security Awareness Committee Pretexting: Duping the Help Desk

30 Cyber Security Awareness Committee
Social Engineering: But the bad guys can turn the tables on your help desk experience too.

31 Social Engineering Insert title here Quid Pro Quo
Cyber Security Awareness Committee Insert title here Social Engineering Quid Pro Quo

32 Social Engineering: Quid Pro Quo – Something for Something
Cyber Security Awareness Committee Social Engineering: Quid Pro Quo – Something for Something The attacker calls extensions at a company claiming to follow up on a technical problem. Eventually finds someone with an issue. In the course of providing tech support, the end user provides system access or types in a malicious command.

33 Social Engineering Insert title here Water Holing
Cyber Security Awareness Committee Insert title here Social Engineering Water Holing

34 Social Engineering: Water Holing
Cyber Security Awareness Committee Social Engineering: Water Holing The attacker finds a weakness in a legitimate website known for attracting a target group. Using the compromised site, visitor systems are infected with malware because people trust the site owners.

35 Cyber Security Awareness Committee
Water Holing

36 Social Engineering Insert title here Tailgating
Cyber Security Awareness Committee Insert title here Social Engineering Tailgating

37 Social Engineering: Tailgating
Cyber Security Awareness Committee Social Engineering: Tailgating The attacker seeks access to a restricted area. Simply walks in behind a person with legitimate access.

38 Social Engineering: Tailgating
Cyber Security Awareness Committee Social Engineering: Tailgating

39 Social Engineering Insert title here Baiting
Cyber Security Awareness Committee Insert title here Social Engineering Baiting

40 Social Engineering: Baiting
Cyber Security Awareness Committee Social Engineering: Baiting Attackers leave malware-infected DVDs or USB flash drives in locations people will find them, giving them names that pique people’s curiosity. An employee looking out of curiosity or to determine how to return it puts it in his or her system and gets infected.

41 Don’t Plug In ‘Found’ USBs
Cyber Security Awareness Committee Don’t Plug In ‘Found’ USBs

42 Social Engineering Insert title here Phishing
Cyber Security Awareness Committee Insert title here Social Engineering Phishing

43 Cyber Security Awareness Committee
What is Phishing? Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details…by disguising as a trustworthy entity in an electronic communication…. Phishing is typically carried out by spoofing…and it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate one. Wikipedia

44 The Cost of Phishing to an Edmonton U
Cyber Security Awareness Committee The Cost of Phishing to an Edmonton U

45 Cyber Security Awareness Committee
Phishing

46 Social Engineering: And there’s much, much more…. Like virus hoaxes,
Cyber Security Awareness Committee Social Engineering: And there’s much, much more…. Like virus hoaxes, Smishing (SMS phishing) Like tricking users to copy and paste malicious code into their browser’s web development console,….

47 DEFENSE What can we do about it? A discussion.
Cyber Security Awareness Committee What can we do about it? A discussion. DEFENSE

48 Cyber Security Awareness Committee

49 Don’t Underestimate the Power of Common Sense
Cyber Security Awareness Committee Don’t Underestimate the Power of Common Sense

50 Cyber Security Awareness Committee
Defense Scrutinize what information in the workplace is sensitive and evaluate exposure to breakdowns in security—including social engineering. Establish security protocols, policies, and procedures for handling sensitive information.

51 Cyber Security Awareness Committee
Defense Train employees in the security protocols relevant to their position Periodically test the systems to make sure they work.

52 Cyber Security Awareness Committee
Defense Periodically Review your defensive posture to make sure that your systems, procedures, protocols and training are up-to-date. Make sure that private documents are adequately handled by shredding or secure disposal.

53 Cyber Security Awareness Committee

Download ppt "Social Engineering Brock’s Cyber Security Awareness Committee"

Similar presentations

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
SOCIAL ENGINEERING ATTACKS GOWTHAM RAM RAJARAM VIGNESH SELVAKUMAR SELLAMUTHU.

SOCIAL ENGINEERING ATTACKS GOWTHAM RAM RAJARAM VIGNESH SELVAKUMAR SELLAMUTHU.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
The Art of Social Hacking

The Art of Social Hacking
Aleksandra Kurbatova 111611 IVCM.  What is social engineering?  Types  Pretexting  …  Summary  Conclusion.

Aleksandra Kurbatova IVCM.  What is social engineering?  Types  Pretexting  …  Summary  Conclusion.
Recommendations on the future of online GyroScope & Databse implementation.

Recommendations on the future of online GyroScope & Databse implementation.
Information Security Awareness Training

Information Security Awareness Training
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.

Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.

Malicious Attacks By Chris Berg-Jones, Ethan Ungchusri, and Angela Wang.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Social Engineering UTHSC Information Security Team.

Social Engineering UTHSC Information Security Team.
Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.

Social Engineering Training. Why Social Engineering Training? The Department of Energy (DOE) authorized the Red Team to perform vulnerability assessments.
P HI SH I NG !. WHAT IS PHISHING ? In computer security phishing is trying to acquire important information such as; passwords, usernames and credit card.

P HI SH I NG !. WHAT IS PHISHING ? In computer security phishing is trying to acquire important information such as; passwords, usernames and credit card.
What is Social Engineering. Pretexting Pretexting is the act of creating and using an invented scenario called the Pretext to persuade a target to release.

What is Social Engineering. Pretexting Pretexting is the act of creating and using an invented scenario called the Pretext to persuade a target to release.

Similar presentations

Ads by Google