Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Engineering Euphemism for cons –Confidence schemes - note the word confidence Why technologically based security protection that ignores the human.

Published byKatherine Douglas Modified over 9 years ago

Similar presentations

Presentation on theme: "Social Engineering Euphemism for cons –Confidence schemes - note the word confidence Why technologically based security protection that ignores the human."— Presentation transcript:

1 Social Engineering Euphemism for cons –Confidence schemes - note the word confidence Why technologically based security protection that ignores the human factor won’t work

2 Some examples Some dinosaur cons – Count Lustig The OTB wire Identity theft Industrial espionage A disgruntled employee

3 Relationship to Industrial Espionage Fortune 1000 firms reported trade secret losses in 1999 of $45B, estimates for 2003 are $100B Insiders commit 85% of industrial espionage crimes Kites – expendable contractors that provide access and plausible deniability

4 The Problem of False Credentials Minimal cost to purchase university degrees and transcripts – They may be back dated Extent of resume fraud – recent research found that 11% of resumes that were checked misrepresented their qualifications

5 The Social Engineering Attack Cycle Research Developing rapport and trust Exploiting trust Utilizing information Covering tracks

6 How Attackers Take Advantage Use of authority Being likable Creating a situation where reciprocation is expected Eliciting a public commitment then requesting an action that seems to be consistent with the commitment Creating the belief that others have validated the action Creating the illusion of scarcity

7 Common Social Engineering Methods Posing as a fellow employee, vendor employee, law enforcement Posing as someone in authority Posing as a new employee requesting help Offering help if a problem occurs then making the problem occur Sending software or a patch for a victim to install Using insider lingo to gain trust Capturing victim keystrokes through different ruses Modifying a fax machine to make appear internal Getting a receptionist to receive and the forward faxes Asking for a file to be transferred to what appears to be an internal location Pretending to be from a remote office and asking for local e-mail access Getting a voice mailbox set up so callbacks perceive attacker as internal

8 Common Targets of Attacks Target Type 1)Unaware of value of information 2)Special privileges 3)Manufacturer/vendor 4)Specific departments Examples 1)Receptionists, telephone operators, administrative assistants, security guards 2)Help desk, technical support, system administrators, computer operators, telephone system administrators 3)Computer hardware, software manufacturers, voice mail sellers 4)Accounting, HR

9 Seven Deadly Sins Gullibility Curiosity Courtesy Greed Diffidence Thoughtlessness Apathy

10 Factors that Heighten Companies’ Vulnerability Large number of employees Multiple facilities Information on employee whereabouts left on voice mail Phone extension information made available Lack of security training and awareness No data classification system No incident reporting/response plan in place

11 Verification and Data Classification in Response to Requests Verification of identity Verification of employee status Procedure to determine need to know Criteria for verifying non-employees Data classification

Download ppt "Social Engineering Euphemism for cons –Confidence schemes - note the word confidence Why technologically based security protection that ignores the human."

Similar presentations

Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.

Social Engineering And You Steve Otto. Social Engineering n Social Engineering - Getting people to do things they ordinarily wouldn’t do for a stranger.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.

Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.
Kimberly Castner-Scott. What is Identity Theft I Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully.

Kimberly Castner-Scott. What is Identity Theft I Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
Identity Theft Someone steals your personal information for his/her own gain It’s a crime!

Identity Theft Someone steals your personal information for his/her own gain It’s a crime!
Fraud and Identity Theft Test Review. Who should you contact if you are a victim of identity theft?

Fraud and Identity Theft Test Review. Who should you contact if you are a victim of identity theft?
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
©1999 Addison Wesley Longman Slide 13.1 Information System Security and Control 13.

©1999 Addison Wesley Longman Slide 13.1 Information System Security and Control 13.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.

The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
© 2008. Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
1 Social Engineering Dr.Talal Alkharobi. 2 Social Engineering - Definition Webster — management of human beings in accordance with their place and function.

1 Social Engineering Dr.Talal Alkharobi. 2 Social Engineering - Definition Webster — management of human beings in accordance with their place and function.
Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.

Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Similar presentations

Ads by Google