Download presentation
Presentation is loading. Please wait.
Published byLogan Newton Modified over 9 years ago
1
Social Engineering PA Turnpike Commission
2
“Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users” The principle behind social engineering is that “users are the weak link in security.” Many attackers are finding that it is easier to get information or access to computing systems by exploiting people’s natural tendency to want to trust and be helpful, then by trying to break into a company or a system using technology.
3
A Social Engineer will commonly use the telephone, Internet, or e-mail to trick people into revealing sensitive information or to get them to do something that is against policy. Don’t divulge sensitive information, passwords, etc. over the phone, Internet or email, even to people claiming to need it. For targeted attacks, hackers will even go through dumpsters (“dumpster diving”) or do other research so they know enough to convince you to trust them. Even snippets of confidential information can be harmful if someone is clever enough to get bits of info from several different people and piece them together.
4
A simple example of Social Engineering: Someone calls claiming to be a system administrator and requests your password in order to fix ‘something’, or says the password is necessary to do his or her work. In reality, system administrators should never need to know a user’s password to get their job done. You will never need to give your password to PTC IT staff.
5
One more example of Social Engineering: You get an email that looks like it’s from your bank telling you that there is a problem with your account. It says that you need to click on a link in the e-mail to go to a special web page where you must confirm your account information. Instead of clicking on a link in an unsolicited email, contact the company directly to discuss, or at least go to their website directly for additional information, but do not use the link in the e-mail.
6
Preventative Tips: Lock your computer when you are away from your work area and log off of your computer at the end of the workday. Use strong passwords. Challenge strangers in your area. Share sensitive information on a need to know basis. Shred papers. Destroy CDs before discarding. Report suspicious activity.
7
How to defend against Social Engineering? Be aware of warning signs and common characteristics. Here are some types of attacks: Authority – Person uses perceived rank and name dropping. Ignorance – Person is unsure of process, acts like new employee. Exaggerated – Person acts very rushed, like it’s an emergency. Help Desk – Person impersonates help desk support person. Stake-out – Person is just loitering waiting for an opportunity. Fake Survey – Person says they need input for a survey. Dumpster Diving – Person is looking in trash bins and wastebaskets for information.
8
The different modules of this tutorial will: Discuss the risks to your computer and the data it contains. Provide some guidelines for avoiding risks. Suggest some practical and easy solutions. Please review these modules at your convenience.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.