Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Engineering Attacks

Published byDiana Manning Modified over 5 years ago

Similar presentations

Presentation on theme: "Social Engineering Attacks"— Presentation transcript:

1 Social Engineering Attacks

2 The Concept Of Social Engineering Attacks
Social engineering attacks work solely with the assistance of human psychology Human psychology, in this presentation, constitutes the primary security flaws that people have Social engineer attackers want to steal; can be data, money, or precious items The current firewalls used to protect computers make it hard to penetrate the organization systems A social engineer attacker finds mistakes, behavioral mistakes that someone in charge would have made and use this to gain access

3 In an organization, a social engineer attacker may call the company and claim to be a computer expert who has been sent to repair some software The attacker will ask for a password and use it to breach the systems On an individual perspective, a caller may purport to be from a service provider and ask you to divulge information This can be used to access you credit, bank account etc.

4 Technology and social engineering attacks
Technology and social engineering attacks seem to share a distinct relationship Actually, they complement each other proactively In the modern world, many people have digital footprints Every account we create on a social website, comment on a normal website, have our personal data stored in an organization’s database is an example of a digital footprint Such prevalence of technology provides the perfect platform for social engineer attackers According to Chaffey (2018), there are social media users worldwide This number is more than enough for social engineering attackers to plan and perform substantial attacks

5

6 Social Media And Social Engineering Attacks
Social media has a lot of freedom and is characterized by user-generated content Therefore, social media users can create content Imagine someone who writes about a challenge they have, can be about delayed bank transactions or mobile challenges A social engineer attacker can use the chance to contact the person and purport to be of assistance If the one in trouble falls for the charm and divulges their information, their risk their bank account, contacts etc.

7 ABN AMRO Bank, Belgium In 2007, one of the most expensive social engineer attacks was performed at ABN AMRO bank, in Belgium The attack cost the AMRO $28 million (Santiago, 2017) The thief created a cordial relationship by the employees of the bank by purporting to be a successful businessman from Argentina

8 The thief used a fake Argentinian passport that was stolen from Israel
The employees believed that he was indeed successful and would not have to steal to be rich After all, he is more than rich judging by his frequent visits to ABN AMRO bank The thief even gave the employees chocolate boxes occasionally In the end, the employees gave him access to security boxes that had 120,000 carats of gems worth $28 million (Santiago, 2017) He went on to steal the gems without using violence or force Notably, he was patient for over one year

9 How The Attack Would Have Prevented
Train workers to be more effective provide that workers can maintain their ground Therefore, a worker should know how to stick to procedures Teach employees to be more privy when dealing with company information The employees should have known how to communicate Communication means do not divulge too little information that would not assist Communication, also, means that the employees should have divulged too much information to the thief

10 Avoid carelessness All it took is inattentive employees Key to the success of the robbery at ABN AMRO bank, Belgium, was the gullibility of the employees Mitigate Contact Between the employee and customer There should be boundaries as to which extents employees and customers can interact Worker-customer relationships should be personal In the end, human psychology is gullible and a liability in social engineering attacks

11 How Future Social Engineering Attacks Can Be Prevented

12 After knowing how the attack at ABN AMRO happened, it is necessary to find out how it should have been prevented Training Workers Workers are the biggest threats in the social engineering attacks fight Workers can simulate different ways that social engineering attackers use, this can help to create awareness Setting Stringent Measures Notably, humans beings seem to be somehow gullible by nature

13 To fight the gullibility, organizations can include strict procedures
The procedures will control the flow of information For instance, if a safe requires three passwords to open it Three different employees can be given each password, even if one gives in to an attacker’s demands, the others will not divulge theirs Sharing Information Businesses lost $6 million in 2013 courtesy of social engineering attacks (Cyber security, 2017) Researchers and organizations should share information about attacks This will help to solve the problem even faster and offer diversity of thought

14 Conclusion A social engineering attack can be described as the act of manipulating people psychologically to let them perform an action or release information In social engineering attacks, the attackers are preying on human liability to steal Even the most secure technology is manned by human beings At ABN AMRO bank, $28 million was lost to a social engineering attack Training workers and mitigating contact between employees and customers would have helped prevent the attack In the end, the aim is to allow workers to be careful while at work

15 references Chaffey, D. (2018). Our compilation of the latest social media statistics of consumer adoption and usage. Smart Insights. Retrieved from media-strategy/new-global-social-media-research Cyber Security. (2017). Top 5 social engineering attacks of all time. Retrieved from Santiago, S. (2017). The most famous cases of social engineering. ODS. Retrieved from opendatasecurity.io/the-most-famous-cases-of-social-engineering

16 The end

Download ppt "Social Engineering Attacks"

Similar presentations

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
NSFdeposit.com Telephone Checks. NSFdeposit.com Telephone Checks New Automated On-line Payment System One time sign-up; intelligent engine Unique file.

NSFdeposit.com Telephone Checks. NSFdeposit.com Telephone Checks New Automated On-line Payment System One time sign-up; intelligent engine Unique file.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Storing Organizational Information—Databases

Storing Organizational Information—Databases
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
What is E-Commerce? Section 8.1. What is E-commerce? E-commerce is the exchange of goods, services, information, or other businesses through electronic.

What is E-Commerce? Section 8.1. What is E-commerce? E-commerce is the exchange of goods, services, information, or other businesses through electronic.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Chapter 4.  Can technology alone provide the best security for your organization?

Chapter 4.  Can technology alone provide the best security for your organization?
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
01110000011100100110100101101111011100100110100101110100011110010010000001100 10001100001011101000110000101110000011100100110100101101111011100100110100101.

Computer Security By Duncan Hall.

Computer Security By Duncan Hall.
Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.

Cyber Security in the Mobile Era KEEPING ENTERPRISE DATA SAFE IN THE BYOD ERA.
1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.

1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.
Digital Citizenship Final Project BY: Kylie Karam.

Digital Citizenship Final Project BY: Kylie Karam.
Chapter 15 Digital Citizenship Section 15.1 Communicating in a Digital Society.

Chapter 15 Digital Citizenship Section 15.1 Communicating in a Digital Society.

Similar presentations

Ads by Google