SlideShare a Scribd company logo

Social engineering

Download as PPTX, PDF
Vîñàý Pãtêl
Vîñàý Pãtêl

Social engineering is an means of hacking making a person fool and to steal their dat

Technology
1 of 36
THE MIND GAME BEYOND Normal HUMAN!
Simple Definition  Social engineering is a psycho-social attack that subverts human trust and helpfulness in order to attain the attacker’s goals.
Outline  What is it?  How is it done?  Who is at risk?  Approach?
What is it?  Social engineering is the oldest form of hacking.  Social engineers focus on the users of the system. By gaining the trust of the user, a social engineer can simply ask for whatever information he or she wants…and usually get it.
The Social Engineering!!!!  Uses Psychological Methods  Exploits human tendency to trust  Goals are the Same as Hacking “the art and science of getting people to comply with your wishes”
Why Social Engineering?  Easier than technical hacking  Hard to detect and track
A social engineer’s mantra… “There is no patch for human stupidity.”
The Mind of a Social Engineer  More like actors than hackers  Learn to know how people feel by observing their actions  can alter these feelings by changing what they say and do  make the victim want to give them the information they need
How is it done?  Attacks come in various forms:  On the phone, over e-mail, in person impersonation
Impersonation  Play the part!  Social Engineers must:  Anticipate problems  Know jargon and procedures of the role
Impersonation  And most importantly, knowledge of how to build trust with whomever they need information from.  Social engineers most often impersonate authority figures, assistants to authority figure, and new employees.
More techniques…  Dummy Mode  Bury the key question  Research (Google)
Over the phone  The phone is the most popular method of social engineering because it is difficult to verify or deny someone’s identity.
Over e-mail and IM  E-mail attacks are very common (phishing).  E-mail is also used for impersonation.  Obtaining password for an IM account could lead to access to a bank account, other personal data.
Dumpster diving  Digging through trash at corporations in search of sensitive data.
Outline  What is it?  How is it done?  Who is at risk?  Approach?
Who is at risk?  Everyone.  Everyone with information is a potential target!
Real World Examples  90% of office workers gave away their password for a pen.  70% of people who trade their password for a bar of chocolate.
Real World Examples  1/3 of the IRS employees provided their user name and changed their password in a 2005 security audit.  USC vs. Cal basketball game
Approaches  Carelessness  Comfort Zone  Helpfulness  Fear
Careless Approach  Victim is Careless  Does not implement, use, or enforce proper countermeasures  Used for Reconnaissance  Looking for what is laying around
Careless Examples  Dumpster Diving/Trashing  Huge amount of information in the trash  Most of it does not seem to be a threat  The who, what and where of an organization  Knowledge of internal systems  Materials for greater authenticity  Intelligence Agencies have done this for years
Comfort Zone Examples  Impersonation  Could be anyone  Tech Support  Co-Worker  Boss  CEO  User  Maintenance Staff  Generally Two Goals  Asking for a password  Building access - Careless Approach
Comfort Zone Approach  Victim organization members are in a comfortable environment  Lower threat perception  Usually requires the use of another approach
Helpful Approach  People generally try to help even if they do not know who they are helping  Usually involves being in a position of obvious need  Attacker generally does not even ask for the help they receive
Helpful Examples  Piggybacking  Attacker will trail an employee entering the building  More Effective:  Carry something large so they hold the door open for you  Go in when a large group of employees are going in  Pretend to be unable to find door key
Fear Approach  Usually draws from the other approaches  Puts the user in a state of fear and anxiety  Very aggressive
Fear Examples  Conformity  The user is the only one who has not helped out the attacker with this request in the past  Personal responsibility is diffused  User gets justification for granting an attack.
Combating Social Engineers  User Education and Training  Identifying Areas of Risk  Tactics correspond to Area  Strong, Enforced, and Tested Security Policy
User Education and Training  Security Orientation for new employees  Yearly security training for all employees  Weekly newsletters, videos, brochures, games and booklets detailing incidents and how they could have been prevented  Signs, posters, coffee mugs, pens, pencils, mouse pads, screen savers, etc with security slogans (I.e. “Loose lips sink ships”).
Security Policy  Management should know the importance of protecting against social engineering attacks  Specific enough that employees should not have to make judgment calls  Include procedure for responding to an attack
Areas of Risk  Certain areas have certain risks  What are the risks for these areas?  Help Desk, Building entrance, Office, Mail Room, Machine room/Phone Closet, Dumpsters, Intranet/Internet, Overall
Conclusions  Social Engineering is a very real threat  Realistic prevention is hard  Can be expensive  Militant Vs. Helpful Helpdesk Staff  Reasonable Balance
“You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” -Kevin Mitnick
Questions
References  Psychological Based Social Engineering, Charles Lively. December 2003. SANS Institute. 10 September 2005. http://www.giac.org/certified_professionals/practicals/gsec/3547.php  Sarah Granger, “Social Engineering Fundamentals: Part I”. Security Focus. December 2001. 10 September 2005. http://www.securityfocus.com/infocus/1527  Sarah Granger, “Social Engineering Fundamentals: Part II”. Security Focus. January 2002. 10 September 2005. http://www.securityfocus.com/infocus/1533

Recommended

Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Cyber security
Cyber securityCyber security
Cyber securitySamsil Arefin
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 

Recommended

Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Cyber security
Cyber securityCyber security
Cyber securitySamsil Arefin
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityDipesh Waghela
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBhandari Hìmáñßhü
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationParab Mishra
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapanTapan Khilar
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in SocietyRubal Sagwal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingNaveen Sihag
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and securityAlisha Korpal
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityjyoti_lakhani
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 

More Related Content

What's hot

Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityDipesh Waghela
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationParab Mishra
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapanTapan Khilar
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in SocietyRubal Sagwal
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and securityAlisha Korpal
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityjyoti_lakhani
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 

What's hot (20)

Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
presentation on cyber crime and security
presentation on cyber crime and securitypresentation on cyber crime and security
presentation on cyber crime and security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasures
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For Mankind
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 

Viewers also liked

Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen CatheySocial Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Catheynwrecruit
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Humans Are The Weakest Link – How DLP Can Help?
Humans Are The Weakest Link – How DLP Can Help?Humans Are The Weakest Link – How DLP Can Help?
Humans Are The Weakest Link – How DLP Can Help?Vera Trubacheva
 
Social Engineering
Social Engineering Social Engineering
Social Engineering Mirna Hanna
 
Customer Human Engineering jmg
Customer Human Engineering jmgCustomer Human Engineering jmg
Customer Human Engineering jmgJose Garcia
 
Skip the date quick start
Skip the date quick startSkip the date quick start
Skip the date quick startskipthedate
 
Verbal Judo: The Art of Using Words to Close More Deals
Verbal Judo: The Art of Using Words to Close More DealsVerbal Judo: The Art of Using Words to Close More Deals
Verbal Judo: The Art of Using Words to Close More DealsActiveRain
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackStefan Tanase
 
7 social engineering and insider threats
7 social engineering and insider threats 7 social engineering and insider threats
7 social engineering and insider threats mohamad Hamizi
 
2 cybersecurity best practices
2 cybersecurity best practices 2 cybersecurity best practices
2 cybersecurity best practices mohamad Hamizi
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 

Viewers also liked (17)

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen CatheySocial Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
Humans Are The Weakest Link – How DLP Can Help?
Humans Are The Weakest Link – How DLP Can Help?Humans Are The Weakest Link – How DLP Can Help?
Humans Are The Weakest Link – How DLP Can Help?
 
Social Engineering
Social Engineering Social Engineering
Social Engineering
 
Customer Human Engineering jmg
Customer Human Engineering jmgCustomer Human Engineering jmg
Customer Human Engineering jmg
 
Skip the date quick start
Skip the date quick startSkip the date quick start
Skip the date quick start
 
The Reid Technique
The Reid TechniqueThe Reid Technique
The Reid Technique
 
Verbal Judo: The Art of Using Words to Close More Deals
Verbal Judo: The Art of Using Words to Close More DealsVerbal Judo: The Art of Using Words to Close More Deals
Verbal Judo: The Art of Using Words to Close More Deals
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attack
 
7 social engineering and insider threats
7 social engineering and insider threats 7 social engineering and insider threats
7 social engineering and insider threats
 
2 cybersecurity best practices
2 cybersecurity best practices 2 cybersecurity best practices
2 cybersecurity best practices
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 

Similar to Social engineering

Social engineering
Social engineeringSocial engineering
Social engineeringHHSome
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT WorldAkshay Mittal
 
Unlocking the Hidden Potential
Unlocking the Hidden PotentialUnlocking the Hidden Potential
Unlocking the Hidden PotentialEricaCiko
 
VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1tgbrunet
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING ijmvsc
 
Issa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's RevengeIssa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's RevengeMike Murray
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
Cyber Security | Mayur Rele
Cyber Security | Mayur ReleCyber Security | Mayur Rele
Cyber Security | Mayur ReleMayur Rele
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text graphhoc
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 
Social Engineering Presentation 2008 Linkedin[1]
Social Engineering Presentation 2008 Linkedin[1]Social Engineering Presentation 2008 Linkedin[1]
Social Engineering Presentation 2008 Linkedin[1]Tim Rhodes
 

Similar to Social engineering (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT World
 
Unlocking the Hidden Potential
Unlocking the Hidden PotentialUnlocking the Hidden Potential
Unlocking the Hidden Potential
 
VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
 
Issa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's RevengeIssa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's Revenge
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
 
Cyber Security | Mayur Rele
Cyber Security | Mayur ReleCyber Security | Mayur Rele
Cyber Security | Mayur Rele
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Social Engineering Presentation 2008 Linkedin[1]
Social Engineering Presentation 2008 Linkedin[1]Social Engineering Presentation 2008 Linkedin[1]
Social Engineering Presentation 2008 Linkedin[1]
 

More from Vîñàý Pãtêl

More from Vîñàý Pãtêl (7)

Psychotropic drugs review
Psychotropic drugs reviewPsychotropic drugs review
Psychotropic drugs review
 
Supernatural creatures
Supernatural creaturesSupernatural creatures
Supernatural creatures
 
Microscope
MicroscopeMicroscope
Microscope
 
Mutations
MutationsMutations
Mutations
 
Psychotropic drugs
Psychotropic drugsPsychotropic drugs
Psychotropic drugs
 
Bioweapons
Bioweapons Bioweapons
Bioweapons
 
RNA polymerase
RNA polymeraseRNA polymerase
RNA polymerase
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Social engineering

  • 2. Simple Definition  Social engineering is a psycho-social attack that subverts human trust and helpfulness in order to attain the attacker’s goals.
  • 3. Outline  What is it?  How is it done?  Who is at risk?  Approach?
  • 4. What is it?  Social engineering is the oldest form of hacking.  Social engineers focus on the users of the system. By gaining the trust of the user, a social engineer can simply ask for whatever information he or she wants…and usually get it.
  • 5. The Social Engineering!!!!  Uses Psychological Methods  Exploits human tendency to trust  Goals are the Same as Hacking “the art and science of getting people to comply with your wishes”
  • 6. Why Social Engineering?  Easier than technical hacking  Hard to detect and track
  • 7. A social engineer’s mantra… “There is no patch for human stupidity.”
  • 8. The Mind of a Social Engineer  More like actors than hackers  Learn to know how people feel by observing their actions  can alter these feelings by changing what they say and do  make the victim want to give them the information they need
  • 9. How is it done?  Attacks come in various forms:  On the phone, over e-mail, in person impersonation
  • 10. Impersonation  Play the part!  Social Engineers must:  Anticipate problems  Know jargon and procedures of the role
  • 11. Impersonation  And most importantly, knowledge of how to build trust with whomever they need information from.  Social engineers most often impersonate authority figures, assistants to authority figure, and new employees.
  • 12. More techniques…  Dummy Mode  Bury the key question  Research (Google)
  • 13. Over the phone  The phone is the most popular method of social engineering because it is difficult to verify or deny someone’s identity.
  • 14. Over e-mail and IM  E-mail attacks are very common (phishing).  E-mail is also used for impersonation.  Obtaining password for an IM account could lead to access to a bank account, other personal data.
  • 15. Dumpster diving  Digging through trash at corporations in search of sensitive data.
  • 16. Outline  What is it?  How is it done?  Who is at risk?  Approach?
  • 17. Who is at risk?  Everyone.  Everyone with information is a potential target!
  • 18. Real World Examples  90% of office workers gave away their password for a pen.  70% of people who trade their password for a bar of chocolate.
  • 19. Real World Examples  1/3 of the IRS employees provided their user name and changed their password in a 2005 security audit.  USC vs. Cal basketball game
  • 20. Approaches  Carelessness  Comfort Zone  Helpfulness  Fear
  • 21. Careless Approach  Victim is Careless  Does not implement, use, or enforce proper countermeasures  Used for Reconnaissance  Looking for what is laying around
  • 22. Careless Examples  Dumpster Diving/Trashing  Huge amount of information in the trash  Most of it does not seem to be a threat  The who, what and where of an organization  Knowledge of internal systems  Materials for greater authenticity  Intelligence Agencies have done this for years
  • 23. Comfort Zone Examples  Impersonation  Could be anyone  Tech Support  Co-Worker  Boss  CEO  User  Maintenance Staff  Generally Two Goals  Asking for a password  Building access - Careless Approach
  • 24. Comfort Zone Approach  Victim organization members are in a comfortable environment  Lower threat perception  Usually requires the use of another approach
  • 25. Helpful Approach  People generally try to help even if they do not know who they are helping  Usually involves being in a position of obvious need  Attacker generally does not even ask for the help they receive
  • 26. Helpful Examples  Piggybacking  Attacker will trail an employee entering the building  More Effective:  Carry something large so they hold the door open for you  Go in when a large group of employees are going in  Pretend to be unable to find door key
  • 27. Fear Approach  Usually draws from the other approaches  Puts the user in a state of fear and anxiety  Very aggressive
  • 28. Fear Examples  Conformity  The user is the only one who has not helped out the attacker with this request in the past  Personal responsibility is diffused  User gets justification for granting an attack.
  • 29. Combating Social Engineers  User Education and Training  Identifying Areas of Risk  Tactics correspond to Area  Strong, Enforced, and Tested Security Policy
  • 30. User Education and Training  Security Orientation for new employees  Yearly security training for all employees  Weekly newsletters, videos, brochures, games and booklets detailing incidents and how they could have been prevented  Signs, posters, coffee mugs, pens, pencils, mouse pads, screen savers, etc with security slogans (I.e. “Loose lips sink ships”).
  • 31. Security Policy  Management should know the importance of protecting against social engineering attacks  Specific enough that employees should not have to make judgment calls  Include procedure for responding to an attack
  • 32. Areas of Risk  Certain areas have certain risks  What are the risks for these areas?  Help Desk, Building entrance, Office, Mail Room, Machine room/Phone Closet, Dumpsters, Intranet/Internet, Overall
  • 33. Conclusions  Social Engineering is a very real threat  Realistic prevention is hard  Can be expensive  Militant Vs. Helpful Helpdesk Staff  Reasonable Balance
  • 34. “You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” -Kevin Mitnick
  • 36. References  Psychological Based Social Engineering, Charles Lively. December 2003. SANS Institute. 10 September 2005. http://www.giac.org/certified_professionals/practicals/gsec/3547.php  Sarah Granger, “Social Engineering Fundamentals: Part I”. Security Focus. December 2001. 10 September 2005. http://www.securityfocus.com/infocus/1527  Sarah Granger, “Social Engineering Fundamentals: Part II”. Security Focus. January 2002. 10 September 2005. http://www.securityfocus.com/infocus/1533