SlideShare una empresa de Scribd logo

Social Engineering Attacks Explained

Descargar como PPSX, PDF
J
JamRivera1

Social engineering involves deceiving people into providing private information through manipulation. Common social engineering attacks include phishing scams by email or phone that try to steal login credentials. Other methods are shoulder surfing to see passwords, dumpster diving to find sensitive trash, and tailgating to access restricted areas. Social engineering works because people are inclined to trust authority, follow social proof, reciprocate kindness, and make decisions based on scarcity and distractions. Protecting against social engineering requires vigilance, secure disposal of documents, awareness of manipulation tactics, and escalating any suspicious requests for information.

Tecnología
1 de 29
What is SOCIAL ENGINEERING? Jam Rivera
Social engineering is the process of deceiving people into giving confidential, private and or privileged information to unauthorized people. Apart from breaching confidentiality, social engineering compromises data integrity and its availability.
What are the common types of SOCIAL ENGINEERING attacks?
D E C E P T I V E P H I S H I N G Fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want. S P E A R P H I S H I N G Fraudsters customize their attack emails with the target’s name, position, company, work phone number and other information in an attempt to trick the recipient into believing that they have a connection with the sender. The goal is the same as deceptive phishing, even so: trick the victim into clicking on a malicious URL or email attachment so that they will hand over their personal data. S H O U L D E R S U R F I N G The practice of spying on the user of an ATM, computer, or other electronic device in order to obtain their personal access information. D U M P S T E R D I V I N G This is the process of searching trash to obtain useful information about a person/business. Dumpster divers will be looking for the following: • Email address/address • Phone numbers to carry out Vishing • Passwords and other social security numbers that might have been written on sticky notes for convenience • Bank statements/financial statements • Medical records • Important documents • Account login credentials • Business secrets and marketing secrets • Information of the employees • Information about the software, tools, or technologies that is being used at the company V I S H I N G This type of phishing attack dispenses with sending out an email and instead goes for placing a phone call. THE DI FFERENT FORMS OF PHI SHING
W A T E R H O L I N G Watering hole attacks are used to distribute malware onto victims’ computers in a similar way phishing activities are conducted. Cybercriminals infect popular websites with malware, and anyone who has had the misfortune to visit have their computers automatically loaded with malware. The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. In extreme cases, the hacker will actively take control of the infected computer. C E O F R A U D In these scams, fraudsters try to harpoon an executive and steal their login details. P H A R M I N G This method of phishing uses a cache poisoning attack which allows attackers to redirect users from a valid website to a malicious website. Under this kind of attack, a pharmer targets a DNS server and changes the IP address associated with an alphabetical website name. That means an attacker can redirect users to a malicious website of their choice. That’s the case even if the victim enters the correct site name. R E V E R S E S O C I A L E N G I N E E R I N G In a reverse social engineering attack, the attacker does not initiate contact with the victim. Rather, the victim is tricked into contacting the attacker herself. As a result, a high degree of trust is established between the victim and the attacker as the victim is the entity that established the relationship.
Apart from phishing, social engineering attacks occur in the following ways:
Ta i l g a t i n g involves an attacker seeking entry to a restricted area that lacks the proper authentication. Example: An attacker who does not have an ID or badge can simply walk in behind a person who is authorized to access the area. B a i t i n g occurs when attackers use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware. Example: Malware-infected flash drives that look authentic, labelled as the company's payroll list A d v a n c e d P e r s i s t e n t T h r e a t is an advanced persistent threat is an attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected. The goal of APT is to spy, obtain financial gain, perpetrate hacktivism, and to destruct.
Why and how is social engineering effective? People value authority, social proof, similarities, and reciprocity. Also, social engineers are skilled in using scarcity and deception to malign others.
SOCIAL ENGINEERING is effective because of: Authority Society trains people not to question authority and majority of the public has the tendency to follow blindly. Social Poof People let their guard and suspicion down when everyone else appears to share the same behaviors and risks. In this way, they will not be held solely responsible for their actions. Liking, Similarity & Deception People prefer to abide to whom (they think) they know or like, or to whom they are similar to or familiar with, as well as attracted to. Jam Rivera
Commitment, Reciprocation & Consistency People feel more confident in their decision once they commit (publicly) to a specific action. They have the tendency to want to follow it through until the end. The majority is also inclined to believe what others say, especially when it comes to needing something from them. When people are given kindness to, there is also a natural response to want to return the favor. Distraction People tend to focus their attention on what they can gain, what they need, what they can lose. what they might miss out on. These distractions can heighten people’s emotional state and make them forget other logical facts to consider when making decisions. Scarcity Perceived scarcity will generate demand. Jam Rivera
How do social engineers attack?
Social engineers usually go through a 4-STEP ATTACK CYCLE: Information gathering In this step, the attacker gathers as much data about the target victim. Social media is a frequent source of information. Engaging with victim After gathering enough information, the attacker will begin to start conversations with the target. The goal of this step is to gain trust to obtain any missing data required to fulfill the goal. Jam Rivera
Closing the interaction During this step, the attacker will spend more time masquerading the attack and the proceeds of it. Less to nil time will be spent engaging with the victim. If the attacker leaves the communication open, the only purpose is for the attack to reoccur. Sometimes the entire social engineering cycle has been completed without the victim knowing. Attacking By the time the attacker has enough data through research and conversations with the target, the attack will commence.
How do you protect your data against social engineering attacks?
BEST PRACTICES AGAINST SOCIAL ENGINEERING Phishing Recognize the refusal to give contact information, rushing, namedropping, intimidation, small mistakes (misspellings, misnomers, odd questions), and requesting forbidden information. “Look for things that don’t quite add up.” Escalate any suspicions around phishing. Common ways to detect phishing emails: • A mismatched URL • URLs with a misleading domain name • Poor spellings and grammatical error • Asking for sensitive information • Too good to be true message • Surprise lottery! • Asking to send money to cover for medical expenses • Unrealistic threats • From a government agency Jam Rivera
Shoulder Surfing • Angle your computer or cell phone screen so that other people cannot see what you are typing • Use a privacy screen to make your screen less visible to others • If possible, sit or stand with your back to a wall when entering a password on a device in public • Stand in a quiet spot away from a crowd of people • Try to avoid opening personal accounts in public • Shield forms from viewing when filling out paperwork in public • Use strong passwords to make it more difficult for someone to try and guess what you typed • As always, remember to lock your computer or device when you leave your desk Jam Rivera
Dumpster Diving o Limit social sharing o Safely dispose and put away any documents containing the following information: • Pre-approved credit card offers • Street address • Social Security number • Telephone number • Email address • Bank account information • Employment history • Other personal information Jam Rivera
Waterholing • Remove or disable software vulnerable to watering hole attacks. • Have a malware- protection system Baiting Only rely on flash drives you know and trust. Jam Rivera
Tailgating • Lock your system and other devices while leaving the work station • Do not let unknown people enter restricted premises of office unless they have appropriate credentials or authority of access • Never help strangers access a secured location when they ask to open the door or are from delivery services • Always keep your access identity card with you while you are on the premises; keep it secure from being misused by unauthorized employees Jam Rivera
Here’s some of the most prominent social engineering attacks recently:
Sony Pictures On Monday, November 24, 2014, many of Sony Picture’s employees began to see skulls appearing on their computer screens with software rendering their machines inoperable. This social engineering attack lead to the leaking of unreleased films to social media with theaters opting not to screen these movies anymore. The effect of this hacking also revealed that many female actors were paid less than their male counterparts. In addition, personal information about employees were leaked, including information about their families, inter-office e-mails, salary, and more.
Toyota Toyota Boshoku Corporation, an auto parts supplier, was the victim of a social engineering and BEC (Business Email Compromise) attack in 2019. The money lost amounts to USD 37 million due to fraudulent bank transfer instructions that someone in the company took as legitimate. Attackers successfully persuaded a finance executive to change the recipient's bank account information before a wire transfer.
What impact does social engineering have towards: a. The public b. The businesses c. The government d. The economies
The Aftermath of a Social Engineering Attack
People are more likely to respond to the effects of a cyberattack rather than the attack itself. One example of this is a cyber-attack where malware infects a national power station causing the hundreds of thousands of citizens to be without power. The general public can be affected socially and psychologically by the incident. The social impact of a cyber-attack refers to aspects such as the social disruption caused to people’s daily lives, and widespread issues such as anxiety or loss of confidence in cyber or technology. Psychological impact can be informed by social impact, and can include more personal aspects such as an individual’s anxiety, worry, anger, outrage, depression and so on. Jam Rivera
Businesses are affected by social engineering in a different scope.
Government Systems Jam Rivera
The cybercrime industry generated at least $1.5 trillion in revenue in 2018, which massively affects economies all over the world. The U.S. President’s proposed FY 2020 budget requests more than $17 billion for cybersecurity and cyber operations On May 28, 2020––in a single day, there were 49,127,689 cyber attacks worldwide which equates to 568 cyber attacks occurring every second! Social media contributes to the sale of stolen personal data in an underground economy that’s now worth about $630 million per year. In average, 300,000 cybercrime-related complaints are received each year by the FBI -that’s an average of more than 800 complaints per day. Jam Rivera
Being affected by social engineering is costly and inconvenient. Knowing how to protect information and how to escalate concerns go a long way. Jam Rivera Photos are from pixabay.com and unsplash.com. Icons from flaticons.com.

Recomendados

Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringn|u - The Open Security Community
 

Recomendados

Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringn|u - The Open Security Community
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Security awareness
Security awarenessSecurity awareness
Security awarenessJosh Chandler
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringSpencerBurton8
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft pptCut 2 Shreds
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesLearningwithRayYT
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptxInternet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptxInternet 2Conf
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 

Más contenido relacionado

La actualidad más candente

Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft pptCut 2 Shreds
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hackingVikram Khanna
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesLearningwithRayYT
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityA. Shamel
 

La actualidad más candente (20)

Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
 
Identity theft ppt
Identity theft pptIdentity theft ppt
Identity theft ppt
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing
PhishingPhishing
Phishing
 
Red team and blue team in ethical hacking
Red team and blue team in ethical hackingRed team and blue team in ethical hacking
Red team and blue team in ethical hacking
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 

Similar a Social Engineering Attacks Explained

Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptxInternet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptxInternet 2Conf
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 
International-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxInternational-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxchrixymae
 
Typology of Cyber Crime
Typology of Cyber CrimeTypology of Cyber Crime
Typology of Cyber CrimeGaurav Patel
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Ethical Dilemmas/Issues in CyberWorld
Ethical Dilemmas/Issues in CyberWorldEthical Dilemmas/Issues in CyberWorld
Ethical Dilemmas/Issues in CyberWorldRownel Cerezo Gagani
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptxMouradAKenk
 
Cyber safety.pptx
Cyber safety.pptxCyber safety.pptx
Cyber safety.pptxAchu69
 
Cyber crime in pakistan by zubair
Cyber crime in pakistan by zubairCyber crime in pakistan by zubair
Cyber crime in pakistan by zubairMuhammad Zubair
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2Conf
 
Blue and White Minimal Professional Business Project Presentation .pptx
Blue and White Minimal Professional Business Project Presentation .pptxBlue and White Minimal Professional Business Project Presentation .pptx
Blue and White Minimal Professional Business Project Presentation .pptxjennblair0830
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Digital Citizenship
Digital CitizenshipDigital Citizenship
Digital Citizenshipjleverett
 

Similar a Social Engineering Attacks Explained (20)

Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptxInternet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
International-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxInternational-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptx
 
Typology of Cyber Crime
Typology of Cyber CrimeTypology of Cyber Crime
Typology of Cyber Crime
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
 
Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
 
Ethical Dilemmas/Issues in CyberWorld
Ethical Dilemmas/Issues in CyberWorldEthical Dilemmas/Issues in CyberWorld
Ethical Dilemmas/Issues in CyberWorld
 
cyber_crim.pptx
cyber_crim.pptxcyber_crim.pptx
cyber_crim.pptx
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Amir bouker
Amir bouker Amir bouker
Amir bouker
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber safety.pptx
Cyber safety.pptxCyber safety.pptx
Cyber safety.pptx
 
Cyber crime in pakistan by zubair
Cyber crime in pakistan by zubairCyber crime in pakistan by zubair
Cyber crime in pakistan by zubair
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
 
Blue and White Minimal Professional Business Project Presentation .pptx
Blue and White Minimal Professional Business Project Presentation .pptxBlue and White Minimal Professional Business Project Presentation .pptx
Blue and White Minimal Professional Business Project Presentation .pptx
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Digital Citizenship
Digital CitizenshipDigital Citizenship
Digital Citizenship
 

Último

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Social Engineering Attacks Explained

  • 2. Social engineering is the process of deceiving people into giving confidential, private and or privileged information to unauthorized people. Apart from breaching confidentiality, social engineering compromises data integrity and its availability.
  • 3. What are the common types of SOCIAL ENGINEERING attacks?
  • 4. D E C E P T I V E P H I S H I N G Fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want. S P E A R P H I S H I N G Fraudsters customize their attack emails with the target’s name, position, company, work phone number and other information in an attempt to trick the recipient into believing that they have a connection with the sender. The goal is the same as deceptive phishing, even so: trick the victim into clicking on a malicious URL or email attachment so that they will hand over their personal data. S H O U L D E R S U R F I N G The practice of spying on the user of an ATM, computer, or other electronic device in order to obtain their personal access information. D U M P S T E R D I V I N G This is the process of searching trash to obtain useful information about a person/business. Dumpster divers will be looking for the following: • Email address/address • Phone numbers to carry out Vishing • Passwords and other social security numbers that might have been written on sticky notes for convenience • Bank statements/financial statements • Medical records • Important documents • Account login credentials • Business secrets and marketing secrets • Information of the employees • Information about the software, tools, or technologies that is being used at the company V I S H I N G This type of phishing attack dispenses with sending out an email and instead goes for placing a phone call. THE DI FFERENT FORMS OF PHI SHING
  • 5. W A T E R H O L I N G Watering hole attacks are used to distribute malware onto victims’ computers in a similar way phishing activities are conducted. Cybercriminals infect popular websites with malware, and anyone who has had the misfortune to visit have their computers automatically loaded with malware. The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. In extreme cases, the hacker will actively take control of the infected computer. C E O F R A U D In these scams, fraudsters try to harpoon an executive and steal their login details. P H A R M I N G This method of phishing uses a cache poisoning attack which allows attackers to redirect users from a valid website to a malicious website. Under this kind of attack, a pharmer targets a DNS server and changes the IP address associated with an alphabetical website name. That means an attacker can redirect users to a malicious website of their choice. That’s the case even if the victim enters the correct site name. R E V E R S E S O C I A L E N G I N E E R I N G In a reverse social engineering attack, the attacker does not initiate contact with the victim. Rather, the victim is tricked into contacting the attacker herself. As a result, a high degree of trust is established between the victim and the attacker as the victim is the entity that established the relationship.
  • 6. Apart from phishing, social engineering attacks occur in the following ways:
  • 7. Ta i l g a t i n g involves an attacker seeking entry to a restricted area that lacks the proper authentication. Example: An attacker who does not have an ID or badge can simply walk in behind a person who is authorized to access the area. B a i t i n g occurs when attackers use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware. Example: Malware-infected flash drives that look authentic, labelled as the company's payroll list A d v a n c e d P e r s i s t e n t T h r e a t is an advanced persistent threat is an attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected. The goal of APT is to spy, obtain financial gain, perpetrate hacktivism, and to destruct.
  • 8. Why and how is social engineering effective? People value authority, social proof, similarities, and reciprocity. Also, social engineers are skilled in using scarcity and deception to malign others.
  • 9. SOCIAL ENGINEERING is effective because of: Authority Society trains people not to question authority and majority of the public has the tendency to follow blindly. Social Poof People let their guard and suspicion down when everyone else appears to share the same behaviors and risks. In this way, they will not be held solely responsible for their actions. Liking, Similarity & Deception People prefer to abide to whom (they think) they know or like, or to whom they are similar to or familiar with, as well as attracted to. Jam Rivera
  • 10. Commitment, Reciprocation & Consistency People feel more confident in their decision once they commit (publicly) to a specific action. They have the tendency to want to follow it through until the end. The majority is also inclined to believe what others say, especially when it comes to needing something from them. When people are given kindness to, there is also a natural response to want to return the favor. Distraction People tend to focus their attention on what they can gain, what they need, what they can lose. what they might miss out on. These distractions can heighten people’s emotional state and make them forget other logical facts to consider when making decisions. Scarcity Perceived scarcity will generate demand. Jam Rivera
  • 11. How do social engineers attack?
  • 12. Social engineers usually go through a 4-STEP ATTACK CYCLE: Information gathering In this step, the attacker gathers as much data about the target victim. Social media is a frequent source of information. Engaging with victim After gathering enough information, the attacker will begin to start conversations with the target. The goal of this step is to gain trust to obtain any missing data required to fulfill the goal. Jam Rivera
  • 13. Closing the interaction During this step, the attacker will spend more time masquerading the attack and the proceeds of it. Less to nil time will be spent engaging with the victim. If the attacker leaves the communication open, the only purpose is for the attack to reoccur. Sometimes the entire social engineering cycle has been completed without the victim knowing. Attacking By the time the attacker has enough data through research and conversations with the target, the attack will commence.
  • 14. How do you protect your data against social engineering attacks?
  • 15. BEST PRACTICES AGAINST SOCIAL ENGINEERING Phishing Recognize the refusal to give contact information, rushing, namedropping, intimidation, small mistakes (misspellings, misnomers, odd questions), and requesting forbidden information. “Look for things that don’t quite add up.” Escalate any suspicions around phishing. Common ways to detect phishing emails: • A mismatched URL • URLs with a misleading domain name • Poor spellings and grammatical error • Asking for sensitive information • Too good to be true message • Surprise lottery! • Asking to send money to cover for medical expenses • Unrealistic threats • From a government agency Jam Rivera
  • 16. Shoulder Surfing • Angle your computer or cell phone screen so that other people cannot see what you are typing • Use a privacy screen to make your screen less visible to others • If possible, sit or stand with your back to a wall when entering a password on a device in public • Stand in a quiet spot away from a crowd of people • Try to avoid opening personal accounts in public • Shield forms from viewing when filling out paperwork in public • Use strong passwords to make it more difficult for someone to try and guess what you typed • As always, remember to lock your computer or device when you leave your desk Jam Rivera
  • 17. Dumpster Diving o Limit social sharing o Safely dispose and put away any documents containing the following information: • Pre-approved credit card offers • Street address • Social Security number • Telephone number • Email address • Bank account information • Employment history • Other personal information Jam Rivera
  • 18. Waterholing • Remove or disable software vulnerable to watering hole attacks. • Have a malware- protection system Baiting Only rely on flash drives you know and trust. Jam Rivera
  • 19. Tailgating • Lock your system and other devices while leaving the work station • Do not let unknown people enter restricted premises of office unless they have appropriate credentials or authority of access • Never help strangers access a secured location when they ask to open the door or are from delivery services • Always keep your access identity card with you while you are on the premises; keep it secure from being misused by unauthorized employees Jam Rivera
  • 20. Here’s some of the most prominent social engineering attacks recently:
  • 21. Sony Pictures On Monday, November 24, 2014, many of Sony Picture’s employees began to see skulls appearing on their computer screens with software rendering their machines inoperable. This social engineering attack lead to the leaking of unreleased films to social media with theaters opting not to screen these movies anymore. The effect of this hacking also revealed that many female actors were paid less than their male counterparts. In addition, personal information about employees were leaked, including information about their families, inter-office e-mails, salary, and more.
  • 22. Toyota Toyota Boshoku Corporation, an auto parts supplier, was the victim of a social engineering and BEC (Business Email Compromise) attack in 2019. The money lost amounts to USD 37 million due to fraudulent bank transfer instructions that someone in the company took as legitimate. Attackers successfully persuaded a finance executive to change the recipient's bank account information before a wire transfer.
  • 23. What impact does social engineering have towards: a. The public b. The businesses c. The government d. The economies
  • 24. The Aftermath of a Social Engineering Attack
  • 25. People are more likely to respond to the effects of a cyberattack rather than the attack itself. One example of this is a cyber-attack where malware infects a national power station causing the hundreds of thousands of citizens to be without power. The general public can be affected socially and psychologically by the incident. The social impact of a cyber-attack refers to aspects such as the social disruption caused to people’s daily lives, and widespread issues such as anxiety or loss of confidence in cyber or technology. Psychological impact can be informed by social impact, and can include more personal aspects such as an individual’s anxiety, worry, anger, outrage, depression and so on. Jam Rivera
  • 26. Businesses are affected by social engineering in a different scope.
  • 28. The cybercrime industry generated at least $1.5 trillion in revenue in 2018, which massively affects economies all over the world. The U.S. President’s proposed FY 2020 budget requests more than $17 billion for cybersecurity and cyber operations On May 28, 2020––in a single day, there were 49,127,689 cyber attacks worldwide which equates to 568 cyber attacks occurring every second! Social media contributes to the sale of stolen personal data in an underground economy that’s now worth about $630 million per year. In average, 300,000 cybercrime-related complaints are received each year by the FBI -that’s an average of more than 800 complaints per day. Jam Rivera
  • 29. Being affected by social engineering is costly and inconvenient. Knowing how to protect information and how to escalate concerns go a long way. Jam Rivera Photos are from pixabay.com and unsplash.com. Icons from flaticons.com.

Notas del editor

  1. http://taupe.free.fr/book/psycho/social%20engineering/Social%20Engineering%20-%20Sans%20Institute%20-%20Multi%20Level%20Defense%20Against%20Social%20Engineering.pdf
  2. Cyber-Crime-and-Cyber-Terrorism-Ch12.pdf
  3. Principles of Persuasion in Social Engineering Stajano, F., Wilson, P.: Understanding scam victims: seven principles for systems security. Commun. ACM 54(3), 70–75 (2011)
  4. Principles of Persuasion in Social Engineering Stajano, F., Wilson, P.: Understanding scam victims: seven principles for systems security. Commun. ACM 54(3), 70–75 (2011)
  5. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/400106/Common_Cyber_Attacks-Reducing_The_Impact.pdf
  6. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/400106/Common_Cyber_Attacks-Reducing_The_Impact.pdf
  7. https://phoenixnap.com/blog/famous-social-engineering-attacks
  8. https://www.kaspersky.com/blog/bec-toyota/28715/
  9. https://www2.deloitte.com/us/en/pages/risk/articles/hidden-business-impact-of-cyberattack.html
  10. Photos are from pixabay.com and unsplash.com. Icons from flaticons.com. Icons made by <a href="https://www.flaticon.com/authors/freepik" title="Freepik">Freepik</a> from <a href="https://www.flaticon.com/" title="Flaticon"> www.flaticon.com</a> Icons made by <a href="https://www.flaticon.com/authors/itim2101" title="itim2101">itim2101</a> from <a href="https://www.flaticon.com/" title="Flaticon"> www.flaticon.com</a> Icons made by <a href="https://www.flaticon.com/authors/freepik" title="Freepik">Freepik</a> from <a href="https://www.flaticon.com/" title="Flaticon"> www.flaticon.com</a> Icons made by <a href="https://www.flaticon.com/authors/freepik" title="Freepik">Freepik</a> from <a href="https://www.flaticon.com/" title="Flaticon"> www.flaticon.com</a> Icons made by <a href="https://www.flaticon.com/authors/freepik" title="Freepik">Freepik</a> from <a href="https://www.flaticon.com/" title="Flaticon"> www.flaticon.com</a>