SlideShare una empresa de Scribd logo

Social Engineering

Descargar como PPT, PDF
G
GiddingsComputerServices
Tecnología
1 de 13
Harold Giddings Giddings Computer Services Social Engineering and Phishing Scams Avoiding Social Engineering Online
Overview • What is social engineering • What is phishing • What types of phishing are there • What do social engineers do • How do you protect yourself Feel free to ask questions Security II: Turn off the Message Bar and run code safely
What Is Social Engineering? •Manipulation •Method to gain information •The Art of Deception Security II: Turn off the Message Bar and run code safely
What Is Phishing? • A fake website, email, or sms used to obtain information • A method to obtain information • A form of deception • Used to commit ID theft (financial or social) Security II: Turn off the Message Bar and run code safely
What Do Social Engineers Do | Tools Used •Manipulation •Theft •Information •Corporate Spies •Social Engineer Toolkit •Caller ID Spoofing •SMS Spoofing •Modified Web Servers •TinyURL Services •Fake IDS Security II: Turn off the Message Bar and run code safely
Email Phishing An email from Wachovia, Wonder whats up with my account Be aware of emails like this, banks will never ask for your login details online. If concerned call your bank and NEVER respond to such emails Note: A good tip off (but not always accurate) is to see if it was marked as spam, usually these users use unverified smtp servers that will be marked as spam, use a more secure email service like Google’s Gmail service. Security II: Turn off the Message Bar and run code safely “Your account access will remain limited until the issue has been resolved please login to your account by clicking on the link below”
Website Phishing What is wrong with this picture? It appears to be the paypal login page…….right? Above you see the paypal login page, but look at the blown up image to right right and you’ll notice that the address bar does not read paypal.com This is a fake paypal spoof or clone (phish) that appears to be paypal in order to steal your money and account details Security II: Turn off the Message Bar and run code safely
IM Phishing Fake IM’s can link you to phished websites to gain your login info The user send the victim a fake IM, telling him he uploaded some photos online The victim, concerned checks out the site, thinking he needs to login to the (fake) site to see the images, gives the social engineer his login details Security II: Turn off the Message Bar and run code safely
TinyURL URL shorteners like Tinyurl.com can be useful to make long urls shorter for you to send in emails or im’s. But they can also be useful to Social Enginners and Phishers This site makes long urls short Ex: http://google.com/long_address_that_is_long is changed to http://tinyurl.com/shorter_url But that means the phisher can make a suspisous url look safe Ex: 489.45.145.156/facebook.php look like http://tinyurl.com/my_new_fb_pics Security II: Turn off the Message Bar and run code safely
Phishing For More Fake or Phished websites can include java or browser exploits that give the social engineer full access to your pc To the right is an attacker using an iPhone 4 to make a fake facebook login page, shown above. Instead of taking the users login info, he uses a java exploit to access the entire machine Security II: Turn off the Message Bar and run code safely
The Java Applet Some phished WebPages will use java applications to allow them FULL access to your computer Sometimes they are persistent, that’s a sign of an exploited java app Does the publisher match the site? Does the From address? Does the site have a good reason to run java? Ask yourself questions before doing something to save yourself trouble Security II: Turn off the Message Bar and run code safely
Call Spoofing Some social engineers will call you using fake information trying to verify your account information Using free software or cheap online services anyone can fake their caller id Never talk about personally identifiable information unless you are Ask yourself if you know sure you know who your talking to, preferably only if you called them. person, if they sound the right. If you have an iPhone use apps like unhide to show the true caller id of the user Security II: Turn off the Message Bar and run code safely
Resources http://www.secmaniac.com/ http://www.offensive-security.com/ http://www.backtrack-linux.org/ http://www.hak5.org http://www.remote-exploit.org http://www.metasploit.com http://www.exploit-db.com/ http://www.social-engineer.org/ http://www.darkreading.com/ http://www.spoofcard.com Security II: Turn off the Message Bar and run code safely

Recomendados

Social engineering
Social engineeringSocial engineering
Social engineeringHarold Giddings
 
Anti phishing
Anti phishingAnti phishing
Anti phishingShethwala Ridhvesh
 
Phishing
PhishingPhishing
PhishingJayaseelan Vejayon
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-UpdatedJayaseelan Vejayon
 
AI And Cyber-security Threats
AI And Cyber-security ThreatsAI And Cyber-security Threats
AI And Cyber-security ThreatsSpotle.ai
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 

Recomendados

Social engineering
Social engineeringSocial engineering
Social engineeringHarold Giddings
 
Anti phishing
Anti phishingAnti phishing
Anti phishingShethwala Ridhvesh
 
Phishing
PhishingPhishing
PhishingJayaseelan Vejayon
 
Phishing attack
Phishing attackPhishing attack
Phishing attackRaghav Chhabra
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-UpdatedJayaseelan Vejayon
 
AI And Cyber-security Threats
AI And Cyber-security ThreatsAI And Cyber-security Threats
AI And Cyber-security ThreatsSpotle.ai
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Phishing
PhishingPhishing
PhishingSyahida
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internetmohmd-kutbi
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacksSreejith.D. Menon
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Phishing
PhishingPhishing
PhishingKiran Patil
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackMark Mair
 
What is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaWhat is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaEdureka!
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
The Difference between Pharming and Phishing
The Difference between Pharming and PhishingThe Difference between Pharming and Phishing
The Difference between Pharming and PhishingMason Bird
 
Phishing
PhishingPhishing
PhishingSouganthikaSankaresw
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Er. Rahul Jain
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on PhishingCreative Technology
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
Phishing
PhishingPhishing
Phishingoitaoming
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyharpinderkaur123
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twinsNilantha Piyasiri
 
Cross platform mobile development with C#
Cross platform mobile development with C#Cross platform mobile development with C#
Cross platform mobile development with C#chriskoiak
 
Introduction to iOS with C# using Xamarin
Introduction to iOS with C# using XamarinIntroduction to iOS with C# using Xamarin
Introduction to iOS with C# using XamarinCraig Dunn
 

Más contenido relacionado

La actualidad más candente

Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Phishing
PhishingPhishing
PhishingSyahida
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internetmohmd-kutbi
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacksSreejith.D. Menon
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharksNalneesh Gaur
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackMark Mair
 
What is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaWhat is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaEdureka!
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)aleeya91
 
The Difference between Pharming and Phishing
The Difference between Pharming and PhishingThe Difference between Pharming and Phishing
The Difference between Pharming and PhishingMason Bird
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishingMH BS
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Er. Rahul Jain
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemNarendra Singh
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twinsNilantha Piyasiri
 

La actualidad más candente (20)

Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Phishing
PhishingPhishing
Phishing
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internet
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Phishing
PhishingPhishing
Phishing
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
 
What is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaWhat is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | Edureka
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
 
The Difference between Pharming and Phishing
The Difference between Pharming and PhishingThe Difference between Pharming and Phishing
The Difference between Pharming and Phishing
 
Phishing
PhishingPhishing
Phishing
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
 
Phishing
PhishingPhishing
Phishing
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twins
 

Destacado

Cross platform mobile development with C#
Cross platform mobile development with C#Cross platform mobile development with C#
Cross platform mobile development with C#chriskoiak
 
Introduction to iOS with C# using Xamarin
Introduction to iOS with C# using XamarinIntroduction to iOS with C# using Xamarin
Introduction to iOS with C# using XamarinCraig Dunn
 
Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#James Montemagno
 
PassKit on iOS6
PassKit on iOS6PassKit on iOS6
PassKit on iOS6Craig Dunn
 
Mobile development strategies with MVVM
Mobile development strategies with MVVMMobile development strategies with MVVM
Mobile development strategies with MVVMJames Montemagno
 
Developing native iOS & Android apps in c# with xamarin
Developing native iOS & Android apps in c# with xamarinDeveloping native iOS & Android apps in c# with xamarin
Developing native iOS & Android apps in c# with xamarinJames Montemagno
 
Cross Platform, Native Mobile Application Development Using Xamarin and C#
Cross Platform, Native Mobile Application Development Using Xamarin and C#Cross Platform, Native Mobile Application Development Using Xamarin and C#
Cross Platform, Native Mobile Application Development Using Xamarin and C#Shravan Kumar Kasagoni
 
Portable Class Library Deep Dive
Portable Class Library Deep DivePortable Class Library Deep Dive
Portable Class Library Deep DiveJames Montemagno
 
Native i os, android, and windows development in c# with xamarin 4
Native i os, android, and windows development in c# with xamarin 4Native i os, android, and windows development in c# with xamarin 4
Native i os, android, and windows development in c# with xamarin 4Xamarin
 
TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...
TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...
TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...Paulo Cesar Ortins Brito
 

Destacado (10)

Cross platform mobile development with C#
Cross platform mobile development with C#Cross platform mobile development with C#
Cross platform mobile development with C#
 
Introduction to iOS with C# using Xamarin
Introduction to iOS with C# using XamarinIntroduction to iOS with C# using Xamarin
Introduction to iOS with C# using Xamarin
 
Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#
 
PassKit on iOS6
PassKit on iOS6PassKit on iOS6
PassKit on iOS6
 
Mobile development strategies with MVVM
Mobile development strategies with MVVMMobile development strategies with MVVM
Mobile development strategies with MVVM
 
Developing native iOS & Android apps in c# with xamarin
Developing native iOS & Android apps in c# with xamarinDeveloping native iOS & Android apps in c# with xamarin
Developing native iOS & Android apps in c# with xamarin
 
Cross Platform, Native Mobile Application Development Using Xamarin and C#
Cross Platform, Native Mobile Application Development Using Xamarin and C#Cross Platform, Native Mobile Application Development Using Xamarin and C#
Cross Platform, Native Mobile Application Development Using Xamarin and C#
 
Portable Class Library Deep Dive
Portable Class Library Deep DivePortable Class Library Deep Dive
Portable Class Library Deep Dive
 
Native i os, android, and windows development in c# with xamarin 4
Native i os, android, and windows development in c# with xamarin 4Native i os, android, and windows development in c# with xamarin 4
Native i os, android, and windows development in c# with xamarin 4
 
TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...
TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...
TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...
 

Similar a Social Engineering

Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishingthecorrosiveone
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Guide to facebook security
Guide to facebook securityGuide to facebook security
Guide to facebook securityErnest Staats
 
10.a guide-to-facebook-security
10.a guide-to-facebook-security10.a guide-to-facebook-security
10.a guide-to-facebook-securityrobert mota
 
Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Ronak Jain
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessMaherHamza9
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacksNamik Heydarov
 
CYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYCYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYFaMulan2
 
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjrpypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjrSurajGurushetti
 

Similar a Social Engineering (20)

Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishing
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Phishing
PhishingPhishing
Phishing
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
IB Fraud
IB FraudIB Fraud
IB Fraud
 
Phis
PhisPhis
Phis
 
Guide to facebook security
Guide to facebook securityGuide to facebook security
Guide to facebook security
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
10.a guide-to-facebook-security
10.a guide-to-facebook-security10.a guide-to-facebook-security
10.a guide-to-facebook-security
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
 
Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacks
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy Basics
 
Phishing
PhishingPhishing
Phishing
 
CYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYCYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTY
 
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjrpypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
 

Último

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 

Último (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 

Social Engineering

  • 1. Harold Giddings Giddings Computer Services Social Engineering and Phishing Scams Avoiding Social Engineering Online
  • 2. Overview • What is social engineering • What is phishing • What types of phishing are there • What do social engineers do • How do you protect yourself Feel free to ask questions Security II: Turn off the Message Bar and run code safely
  • 3. What Is Social Engineering? •Manipulation •Method to gain information •The Art of Deception Security II: Turn off the Message Bar and run code safely
  • 4. What Is Phishing? • A fake website, email, or sms used to obtain information • A method to obtain information • A form of deception • Used to commit ID theft (financial or social) Security II: Turn off the Message Bar and run code safely
  • 5. What Do Social Engineers Do | Tools Used •Manipulation •Theft •Information •Corporate Spies •Social Engineer Toolkit •Caller ID Spoofing •SMS Spoofing •Modified Web Servers •TinyURL Services •Fake IDS Security II: Turn off the Message Bar and run code safely
  • 6. Email Phishing An email from Wachovia, Wonder whats up with my account Be aware of emails like this, banks will never ask for your login details online. If concerned call your bank and NEVER respond to such emails Note: A good tip off (but not always accurate) is to see if it was marked as spam, usually these users use unverified smtp servers that will be marked as spam, use a more secure email service like Google’s Gmail service. Security II: Turn off the Message Bar and run code safely “Your account access will remain limited until the issue has been resolved please login to your account by clicking on the link below”
  • 7. Website Phishing What is wrong with this picture? It appears to be the paypal login page…….right? Above you see the paypal login page, but look at the blown up image to right right and you’ll notice that the address bar does not read paypal.com This is a fake paypal spoof or clone (phish) that appears to be paypal in order to steal your money and account details Security II: Turn off the Message Bar and run code safely
  • 8. IM Phishing Fake IM’s can link you to phished websites to gain your login info The user send the victim a fake IM, telling him he uploaded some photos online The victim, concerned checks out the site, thinking he needs to login to the (fake) site to see the images, gives the social engineer his login details Security II: Turn off the Message Bar and run code safely
  • 9. TinyURL URL shorteners like Tinyurl.com can be useful to make long urls shorter for you to send in emails or im’s. But they can also be useful to Social Enginners and Phishers This site makes long urls short Ex: http://google.com/long_address_that_is_long is changed to http://tinyurl.com/shorter_url But that means the phisher can make a suspisous url look safe Ex: 489.45.145.156/facebook.php look like http://tinyurl.com/my_new_fb_pics Security II: Turn off the Message Bar and run code safely
  • 10. Phishing For More Fake or Phished websites can include java or browser exploits that give the social engineer full access to your pc To the right is an attacker using an iPhone 4 to make a fake facebook login page, shown above. Instead of taking the users login info, he uses a java exploit to access the entire machine Security II: Turn off the Message Bar and run code safely
  • 11. The Java Applet Some phished WebPages will use java applications to allow them FULL access to your computer Sometimes they are persistent, that’s a sign of an exploited java app Does the publisher match the site? Does the From address? Does the site have a good reason to run java? Ask yourself questions before doing something to save yourself trouble Security II: Turn off the Message Bar and run code safely
  • 12. Call Spoofing Some social engineers will call you using fake information trying to verify your account information Using free software or cheap online services anyone can fake their caller id Never talk about personally identifiable information unless you are Ask yourself if you know sure you know who your talking to, preferably only if you called them. person, if they sound the right. If you have an iPhone use apps like unhide to show the true caller id of the user Security II: Turn off the Message Bar and run code safely

Notas del editor

  1. And remember, if a file contains unsigned code, never open it unless you’re sure you can trust its creator.
  2. Note: This process is slightly different in Microsoft Office Outlook® and Microsoft Office Publisher.