Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.

Published byAbram Blanding Modified over 9 years ago

Similar presentations

Presentation on theme: "Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger."— Presentation transcript:

1 Social Engineering And You Steve Otto

2 Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger. n Social Engineering: “Testifying before Congress not long ago, I explained that I could often get passwords and other pieces of sensitive information from companies by pretending to be someone else and just asking for it.” - Kevin Mitnick n The Social Engineers’ Modus Operandi: Gather as much information about the target as possible, and use that information to gain the trust as an insider. Then go for the jugular!

3 The Art of the Attacker n Innocuous Information: “Much of the seemingly innocuous information in a company’s possession is prized by a social engineering attacker because it can play a vital role in his effort to dress him or her self in a cloak of believability.” As you’ll notice repeatedly in these examples, knowledge of a company’s lingo, and of its corporate structure - its various offices and departments, what each one does, and what information each has - is part of the essential bag of tricks of the successful social engineer.

4 The Art of the Attacker n CreditChex Example. –This entire ruse was based on one of the fundamental tactics of social engineering: gaining access to information that a company employee treats as innocuous, when it isn’t. n More “Worthless” Information –Peter Abels’ phone call. –The moral of the story is, don’t give out any personal or company information or identifiers to anyone, unless you recognize his or her voice and the requester has a need to know.

5 Techniques of the Social Engineer n The Direct Attack: Just Asking For It. –Stevie’s Scam n This is a perfect example of how easy it can be for a social engineer to get what they want by “just asking for it.” n Building Trust –Trust is the key to deception. The more a social engineer can make his contact seem like business as usual, the more he allays suspicion. –Once he/she has your trust, the drawbridge is lowered and the castle door thrown open so he/she can enter and take whatever information they want.

6 Techniques of the Social Engineer n Doyle Lonnegan’s Story n C.T. (How he gained the store clerks trust) The initial calls to Ginny were simply to build up trust. When the time came for the attack, she let her guard down and accepted Tommy for who he claimed to be, the manager at another store in the chain. n Building a sense of trust doesn’t necessarily demand a series of phone calls with the victim. n Surprised, Dad n The Moral –Trust Wisely (Would you give your worst enemy your information)

7 Techniques of the Social Engineer n “Let Me Help You.” –The Network Outage n Reverse Social Engineering- When the attacker puts the target in a situation where they call the attacker for help. (This gives the attacker instant credibility. If someone thinks that they are talking to the help desk they are not going to ask that person to prove their identity.) n “Can You Help Me?” n Vulnerable Security Practices –Candy Security - A term coined by Belloviin and Cheswick of Bell Labs to describe a security scenario where the outer perimeter, such as the firewall, is strong, but the infrastructure behind it is weak.

8 Techniques of the Social Engineer n Speakeasy Security - Security that relies on knowing where desired information is, and using a worker’s id number or name to gain access to that information or computer system. n Security Through Obscurity - An ineffective method of computer security that relies on keeping secret the details of how the system works (protocols, algorithms, and internal systems). Security through obscurity relies on the false assumption that no one outside the trusted group of people will be able to circumvent the system.

9 Safe Security Practices n The Golden Questions: –How do I know this person is who he says he is? –How do I know this person has the authority to make this request? n NEVER disclose your password under any circumstances. n Follow procedures for disclosure of internal information. n When in doubt, Verify, Verify, Verify. n Treat your seemingly innocuous information like ATM pin numbers. n Ask yourself if you would give the requested information to your worst enemy and what would be the repercussions for doing so. n Never be so eager to help out a caller that the security of the business is compromised.

10 “Only two things are infinite, the universe and human stupidity, and I’m not sure about the former”. - Albert Einstein

Download ppt "Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger."

Similar presentations

Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.

Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.
April 2012. “Security is everyone's business”

April “Security is everyone's business”
Critical Incident First Responder Responsibilities & Tactics.

Critical Incident First Responder Responsibilities & Tactics.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
SAFETY FIRST Sgt. Deb Newsome Canton Police TIPS TO KEEP YOU SAFE Always check first with a parent, guardian, or trusted adult before going anywhere,

SAFETY FIRST Sgt. Deb Newsome Canton Police TIPS TO KEEP YOU SAFE Always check first with a parent, guardian, or trusted adult before going anywhere,
SECURITY CHECK Protecting Your System and Yourself Source:

SECURITY CHECK Protecting Your System and Yourself Source:
The Art of Social Hacking

The Art of Social Hacking
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.

SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
HOW AND WHEN TO SUMMON HELP FOR A LIBRARY USER Making Good Referrals.

HOW AND WHEN TO SUMMON HELP FOR A LIBRARY USER Making Good Referrals.
Livingston Police Department. What is a Stranger?  A stranger is someone your child does not know well.  Make sure your child doesn’t think that only.

Livingston Police Department. What is a Stranger?  A stranger is someone your child does not know well.  Make sure your child doesn’t think that only.
Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.

Social Engineering – Threats & Concerns Avisek Ghosh, CISA CISSP Sr. Manager – Corporate Security Cognizant Technology Solutions.
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.

The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
1 Social Engineering Dr.Talal Alkharobi. 2 Social Engineering - Definition Webster — management of human beings in accordance with their place and function.

1 Social Engineering Dr.Talal Alkharobi. 2 Social Engineering - Definition Webster — management of human beings in accordance with their place and function.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Staying Safe, Having Fun, And Cruising The ‘Net Daniel Owens IT Security Professional.

Staying Safe, Having Fun, And Cruising The ‘Net Daniel Owens IT Security Professional.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Similar presentations

Ads by Google