SlideShare a Scribd company logo

btNOG 9 Keynote Speech on Evolution of Social Engineering

Download as PPTX, PDF
APNIC
APNIC

A presentation on Evolution of Social Engineering by Warren Finch for btNOG in Bhutan.

Internet
1 of 39
1 Evolution of Social Engineering
4 4 Social Engineering Definition • “… uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.” Imperva (Oct 2022) https://www.imperva.com/learn/application-security/social-engineering-attack/ • “… the art of manipulating people so they give up confidential information." Webroot (Oct 2022) https://www.webroot.com/us/en/resources/tips-articles/what-is-social-engineering • “… a manipulation technique that exploits human error to gain private information, access, or valuables ... Once an attacker understands what motivates a user’s actions, they can deceive and manipulate the user effectively." Kaspersky (Oct 2022) https://www.kaspersky.com/resource-center/definitions/what-is-social- engineering
5
6 Ap Wang Drugye (Bhutanese trickster)
7 Social Engineering Principles Social Engineering Principles (Reasons for Effectiveness) Authority and Trust Intimidation Consensus and Social Proof Scarcity Urgency Familiarity and Liking https://xmind.app/embed/ERb5/
8 Model for Social Engineering Attacks Wang, Z., Zhu, H., & Sun, L. (2021). Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods. IEEE Access, 9, 11895–11910. https://doi.org/10.1109/ACCESS.2021.3051633
9 Model for Social Engineering Attacks Wang, Z., Zhu, H., & Sun, L. (2021). Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods. IEEE Access, 9, 11895–11910. https://doi.org/10.1109/ACCESS.2021.3051633
10 10 Why does it work? Human Attributes Social Engineering Technique Trust – Bhutanese’s people are trustworthy where it is easy to gain trust with victims • Direct approach • Technical expert The desire to be ‘helpful’ – Most of the Bhutanese people are kind • Direct Approach • Technical expert • Voice of Authority The wish to get something for nothing • Chain email • SMS Curiosity • Open email attachments from unknown senders • Spam Fear of the unknown, or of losing something • Popup window Ignorance • Direct Approach • Dumpster diving https://www.academia.edu/8216745/Social_Engineering_it_s_impact_on_organization
11 Doesn’t matter who you are Australian Statistics for 2022
12 Doesn’t matter who you are https://www.scamwatch.gov.au/scam-statistics Australian Statistics for 2022
13 Doesn’t matter who you are
15 The art of the con (Demo)
16 The Psychic Card Trick
18 Pick a card - any card
19 Is your card here?
20 20 Let me guess? • What is 1+1? • What is 2+2? • What is 3+3? • What is 4+4? • What is 5+5? • What is 6+6? • What is 7+7? • What is 8+8? • Name a vegetable?
21 21 Influence of technology https://www.dogana-project.eu/index.php/social-engineering-blog/11-social-engineering/98-se-evolution
22 22 Social Engineering Attack Framework Mouton, F., Leenen, L., & Venter, H. S. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186–209. https://doi.org/10.1016/j.cose.2016.03.004
23 23 Life cycle of attack https://www.imperva.com/learn/application-security/social-engineering-attack/
24 Type of attacks • Pre-texting • Baiting • Quid Pro Quo • Scareware • Phishing, Smishing, Vishing, Whaling • Telephone-oriented Attack Delivery (TOAD) • Tailgating Mouton, F., Leenen, L., & Venter, H. S. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186–209. https://doi.org/10.1016/j.cose.2016.03.004
25 25 Phishing statistics • 18-39yr old's average click rate of 29%, drops to 19% among older age groups. • 23% of male participants opened a phishing email compared to 10% for woman. • Public sector organizations were the most vulnerable to phishing attacks (with an average click rate of 36%) https://betanews.com/2022/10/13/older-generations-are- less-likely-to-click-phishing-emails/
26 Social Engineering Toolkit https://github.com/trustedsec/social-engineer-toolkit
27 27 Social Engineering Toolkit
28 28 Attack vectors / infection points • QRLJacking https://www.owasp.org/index.php/Qrljacking
29 Fake profiles
30 30 Real or Not?
31 31 Real or Not? https://this-person-does-not-exist.com/en
32 32 Real or Not?
33 33 Real or Not? https://drdavidhamilton.com/fake-social-media-profiles/
34 34 How to Detect a Fake Profile • Profile photo – Do a search using the image – https://support.google.com/websearch/answer/1325808 • Username • The Biography • Profile content • Number of followers
35 35 How to Report a Fake Profile • Twitter – https://help.twitter.com/en/forms/authenticity/impersonation • Instagram – https://help.instagram.com/contact/636276399721841 • Facebook (Meta) – https://www.facebook.com/help/306643639690823 • LinkedIn – Click the More icon on the member’s profile. – Click Report or block. • TikTok – Go to the profile of the account you want to report. – Tap the Settings icon – Tap “Report” and follow the steps in the app.
36 Deep Fakes
37 37 Real or Not? https://youtu.be/l_6Tumd8EQI?t=70
38 Deep Fakes • Deepfake technology allows users to impersonate others with startling accuracy. – Deep Video Fakes (https://youtu.be/kOIMXt8KK8M) – Deep Voice Fakes (https://youtu.be/0ybLCfVeFL4) • Anyone can find deepfake software and services on the internet and have a relatively convincing representation of another person within minutes. – https://github.com/iperov/DeepFaceLab – https://github.com/sibozhang/Text2Video • Synthetic Identities are created by applying for credit using a combination of real and fake, or sometimes entirely fake, information.
39 39 Deep Fakes https://arxiv.org/abs/2005.05535
40 40 Deep Fakes https://youtu.be/0ybLCfVeFL4?t=83 Text-based Editing of Talking-head Video
41 Deep Fakes • … with the help of deepfakes, fraudsters can orchestrate social engineering attacks that appear to come from a friend or colleague, that is, someone we know and trust and whose motives do not need to be questioned.
42 Deep Fakes
43 Questions?

Recommended

Observations on Social Engineering presentation by Warren Finch for LkNOG 6
Observations on Social Engineering presentation by Warren Finch for LkNOG 6Observations on Social Engineering presentation by Warren Finch for LkNOG 6
Observations on Social Engineering presentation by Warren Finch for LkNOG 6APNIC
 
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyTom Eston
 
Dissecting the dangers of deepfakes and their impact on reputation Generative...
Dissecting the dangers of deepfakes and their impact on reputation Generative...Dissecting the dangers of deepfakes and their impact on reputation Generative...
Dissecting the dangers of deepfakes and their impact on reputation Generative...CSIRO National AI Centre
 
Kathmandu ToastMasters 2022.pptx
Kathmandu ToastMasters 2022.pptxKathmandu ToastMasters 2022.pptx
Kathmandu ToastMasters 2022.pptxJeroen Vinkesteijn
 
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp
 
2016-12-06-v2-HDRF-Conf
2016-12-06-v2-HDRF-Conf2016-12-06-v2-HDRF-Conf
2016-12-06-v2-HDRF-ConfDickson Lukose
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Marta Barrio Marcos
 
Cyberstalking ppt 02.18.19
Cyberstalking ppt 02.18.19Cyberstalking ppt 02.18.19
Cyberstalking ppt 02.18.19Eddie San Peñalosa
 

Recommended

Observations on Social Engineering presentation by Warren Finch for LkNOG 6
Observations on Social Engineering presentation by Warren Finch for LkNOG 6Observations on Social Engineering presentation by Warren Finch for LkNOG 6
Observations on Social Engineering presentation by Warren Finch for LkNOG 6APNIC
 
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyTom Eston
 
Dissecting the dangers of deepfakes and their impact on reputation Generative...
Dissecting the dangers of deepfakes and their impact on reputation Generative...Dissecting the dangers of deepfakes and their impact on reputation Generative...
Dissecting the dangers of deepfakes and their impact on reputation Generative...CSIRO National AI Centre
 
Kathmandu ToastMasters 2022.pptx
Kathmandu ToastMasters 2022.pptxKathmandu ToastMasters 2022.pptx
Kathmandu ToastMasters 2022.pptxJeroen Vinkesteijn
 
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...
ITCamp 2018 - Tudor Damian - The cybersecurity landscape is changing. Are you...ITCamp
 
2016-12-06-v2-HDRF-Conf
2016-12-06-v2-HDRF-Conf2016-12-06-v2-HDRF-Conf
2016-12-06-v2-HDRF-ConfDickson Lukose
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Marta Barrio Marcos
 
Cyberstalking ppt 02.18.19
Cyberstalking ppt 02.18.19Cyberstalking ppt 02.18.19
Cyberstalking ppt 02.18.19Eddie San Peñalosa
 
Data Literacy and its Implications for Society
Data Literacy and its Implications for SocietyData Literacy and its Implications for Society
Data Literacy and its Implications for SocietyPaul Van Siclen
 
Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayPrivacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayIIIT Hyderabad
 
Technology in a global society presentation
Technology in a global society presentationTechnology in a global society presentation
Technology in a global society presentationdelmount
 
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...EC-Council
 
LinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLancope, Inc.
 
Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)SaraJayneTerp
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2👀 Joe Gray
 
Trends & Innovation in Cyber and Digitaltech
Trends & Innovation in Cyber and DigitaltechTrends & Innovation in Cyber and Digitaltech
Trends & Innovation in Cyber and DigitaltechLiming Zhu
 
Social Engineering - By Chris Hills
Social Engineering - By Chris HillsSocial Engineering - By Chris Hills
Social Engineering - By Chris HillsChris Hills CPP, CRMP
 
AMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxAMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxSaraJayneTerp
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
Online Wellbeing: Seas Suas Feb 13th 2018
Online Wellbeing: Seas Suas Feb 13th 2018Online Wellbeing: Seas Suas Feb 13th 2018
Online Wellbeing: Seas Suas Feb 13th 2018NUI Galway
 
The Potential and Challenges of Today's AI
The Potential and Challenges of Today's AIThe Potential and Challenges of Today's AI
The Potential and Challenges of Today's AIBohyun Kim
 
Pragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebPragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebJamie Reffell
 
Opportunities with data science
Opportunities with data scienceOpportunities with data science
Opportunities with data scienceAshiq Rahman
 
Modul Topik 3 - Kecerdasan Buatan
Modul Topik 3 - Kecerdasan BuatanModul Topik 3 - Kecerdasan Buatan
Modul Topik 3 - Kecerdasan BuatanSunu Wibirama
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
JDD2014: The mythical 10x developer - Michał Gruca
JDD2014: The mythical 10x developer - Michał GrucaJDD2014: The mythical 10x developer - Michał Gruca
JDD2014: The mythical 10x developer - Michał GrucaPROIDEA
 
Cyber-Phantoms: Decrypting the Code - How Cybercriminals Use Twitter for Huma...
Cyber-Phantoms: Decrypting the Code - How Cybercriminals Use Twitter for Huma...Cyber-Phantoms: Decrypting the Code - How Cybercriminals Use Twitter for Huma...
Cyber-Phantoms: Decrypting the Code - How Cybercriminals Use Twitter for Huma...artofthehak00
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 

More Related Content

Similar to btNOG 9 Keynote Speech on Evolution of Social Engineering

Data Literacy and its Implications for Society
Data Literacy and its Implications for SocietyData Literacy and its Implications for Society
Data Literacy and its Implications for SocietyPaul Van Siclen
 
Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayPrivacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayIIIT Hyderabad
 
Technology in a global society presentation
Technology in a global society presentationTechnology in a global society presentation
Technology in a global society presentationdelmount
 
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...EC-Council
 
LinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLancope, Inc.
 
Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)SaraJayneTerp
 
Trends & Innovation in Cyber and Digitaltech
Trends & Innovation in Cyber and DigitaltechTrends & Innovation in Cyber and Digitaltech
Trends & Innovation in Cyber and DigitaltechLiming Zhu
 
AMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxAMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxSaraJayneTerp
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
Online Wellbeing: Seas Suas Feb 13th 2018
Online Wellbeing: Seas Suas Feb 13th 2018Online Wellbeing: Seas Suas Feb 13th 2018
Online Wellbeing: Seas Suas Feb 13th 2018NUI Galway
 
The Potential and Challenges of Today's AI
The Potential and Challenges of Today's AIThe Potential and Challenges of Today's AI
The Potential and Challenges of Today's AIBohyun Kim
 
Pragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebPragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebJamie Reffell
 
Opportunities with data science
Opportunities with data scienceOpportunities with data science
Opportunities with data scienceAshiq Rahman
 
Modul Topik 3 - Kecerdasan Buatan
Modul Topik 3 - Kecerdasan BuatanModul Topik 3 - Kecerdasan Buatan
Modul Topik 3 - Kecerdasan BuatanSunu Wibirama
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
JDD2014: The mythical 10x developer - Michał Gruca
JDD2014: The mythical 10x developer - Michał GrucaJDD2014: The mythical 10x developer - Michał Gruca
JDD2014: The mythical 10x developer - Michał GrucaPROIDEA
 
Cyber-Phantoms: Decrypting the Code - How Cybercriminals Use Twitter for Huma...
Cyber-Phantoms: Decrypting the Code - How Cybercriminals Use Twitter for Huma...Cyber-Phantoms: Decrypting the Code - How Cybercriminals Use Twitter for Huma...
Cyber-Phantoms: Decrypting the Code - How Cybercriminals Use Twitter for Huma...artofthehak00
 

Similar to btNOG 9 Keynote Speech on Evolution of Social Engineering (20)

Data Literacy and its Implications for Society
Data Literacy and its Implications for SocietyData Literacy and its Implications for Society
Data Literacy and its Implications for Society
 
Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT BombayPrivacy. Winter School on “Topics in Digital Trust”. IIT Bombay
Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay
 
Technology in a global society presentation
Technology in a global society presentationTechnology in a global society presentation
Technology in a global society presentation
 
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful ...
 
LinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering ThreatLinkedIn to Your Network - The Social Engineering Threat
LinkedIn to Your Network - The Social Engineering Threat
 
Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
Trends & Innovation in Cyber and Digitaltech
Trends & Innovation in Cyber and DigitaltechTrends & Innovation in Cyber and Digitaltech
Trends & Innovation in Cyber and Digitaltech
 
Social Engineering - By Chris Hills
Social Engineering - By Chris HillsSocial Engineering - By Chris Hills
Social Engineering - By Chris Hills
 
AMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptxAMW_RAT_2022-04-28 (2).pptx
AMW_RAT_2022-04-28 (2).pptx
 
Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenience
 
Online Wellbeing: Seas Suas Feb 13th 2018
Online Wellbeing: Seas Suas Feb 13th 2018Online Wellbeing: Seas Suas Feb 13th 2018
Online Wellbeing: Seas Suas Feb 13th 2018
 
The Potential and Challenges of Today's AI
The Potential and Challenges of Today's AIThe Potential and Challenges of Today's AI
The Potential and Challenges of Today's AI
 
Pragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the WebPragmatic Designer's Guide to Identity on the Web
Pragmatic Designer's Guide to Identity on the Web
 
Opportunities with data science
Opportunities with data scienceOpportunities with data science
Opportunities with data science
 
Modul Topik 3 - Kecerdasan Buatan
Modul Topik 3 - Kecerdasan BuatanModul Topik 3 - Kecerdasan Buatan
Modul Topik 3 - Kecerdasan Buatan
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
JDD2014: The mythical 10x developer - Michał Gruca
JDD2014: The mythical 10x developer - Michał GrucaJDD2014: The mythical 10x developer - Michał Gruca
JDD2014: The mythical 10x developer - Michał Gruca
 
Cyber-Phantoms: Decrypting the Code - How Cybercriminals Use Twitter for Huma...
Cyber-Phantoms: Decrypting the Code - How Cybercriminals Use Twitter for Huma...Cyber-Phantoms: Decrypting the Code - How Cybercriminals Use Twitter for Huma...
Cyber-Phantoms: Decrypting the Code - How Cybercriminals Use Twitter for Huma...
 

More from APNIC

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAPNIC
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAPNIC
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsAPNIC
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemAPNIC
 

More from APNIC (20)

IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 
AFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & DevelopmentAFSIG 2023: APNIC - Registry & Development
AFSIG 2023: APNIC - Registry & Development
 
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurityAfghanistan IGF 2023: The ABCs and importance of cybersecurity
Afghanistan IGF 2023: The ABCs and importance of cybersecurity
 
IDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerationsIDNIC OPM 2023: IPv6 deployment planning and security considerations
IDNIC OPM 2023: IPv6 deployment planning and security considerations
 
IDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry SystemIDNIC OPM 2023 - Internet Number Registry System
IDNIC OPM 2023 - Internet Number Registry System
 

Recently uploaded

Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 

Recently uploaded (20)

Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 

btNOG 9 Keynote Speech on Evolution of Social Engineering

  • 1. 1 Evolution of Social Engineering
  • 2. 4 4 Social Engineering Definition • “… uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.” Imperva (Oct 2022) https://www.imperva.com/learn/application-security/social-engineering-attack/ • “… the art of manipulating people so they give up confidential information." Webroot (Oct 2022) https://www.webroot.com/us/en/resources/tips-articles/what-is-social-engineering • “… a manipulation technique that exploits human error to gain private information, access, or valuables ... Once an attacker understands what motivates a user’s actions, they can deceive and manipulate the user effectively." Kaspersky (Oct 2022) https://www.kaspersky.com/resource-center/definitions/what-is-social- engineering
  • 3. 5
  • 5. 7 Social Engineering Principles Social Engineering Principles (Reasons for Effectiveness) Authority and Trust Intimidation Consensus and Social Proof Scarcity Urgency Familiarity and Liking https://xmind.app/embed/ERb5/
  • 6. 8 Model for Social Engineering Attacks Wang, Z., Zhu, H., & Sun, L. (2021). Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods. IEEE Access, 9, 11895–11910. https://doi.org/10.1109/ACCESS.2021.3051633
  • 7. 9 Model for Social Engineering Attacks Wang, Z., Zhu, H., & Sun, L. (2021). Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods. IEEE Access, 9, 11895–11910. https://doi.org/10.1109/ACCESS.2021.3051633
  • 8. 10 10 Why does it work? Human Attributes Social Engineering Technique Trust – Bhutanese’s people are trustworthy where it is easy to gain trust with victims • Direct approach • Technical expert The desire to be ‘helpful’ – Most of the Bhutanese people are kind • Direct Approach • Technical expert • Voice of Authority The wish to get something for nothing • Chain email • SMS Curiosity • Open email attachments from unknown senders • Spam Fear of the unknown, or of losing something • Popup window Ignorance • Direct Approach • Dumpster diving https://www.academia.edu/8216745/Social_Engineering_it_s_impact_on_organization
  • 9. 11 Doesn’t matter who you are Australian Statistics for 2022
  • 10. 12 Doesn’t matter who you are https://www.scamwatch.gov.au/scam-statistics Australian Statistics for 2022
  • 12. 15 The art of the con (Demo)
  • 14. 18 Pick a card - any card
  • 16. 20 20 Let me guess? • What is 1+1? • What is 2+2? • What is 3+3? • What is 4+4? • What is 5+5? • What is 6+6? • What is 7+7? • What is 8+8? • Name a vegetable?
  • 18. 22 22 Social Engineering Attack Framework Mouton, F., Leenen, L., & Venter, H. S. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186–209. https://doi.org/10.1016/j.cose.2016.03.004
  • 19. 23 23 Life cycle of attack https://www.imperva.com/learn/application-security/social-engineering-attack/
  • 20. 24 Type of attacks • Pre-texting • Baiting • Quid Pro Quo • Scareware • Phishing, Smishing, Vishing, Whaling • Telephone-oriented Attack Delivery (TOAD) • Tailgating Mouton, F., Leenen, L., & Venter, H. S. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186–209. https://doi.org/10.1016/j.cose.2016.03.004
  • 21. 25 25 Phishing statistics • 18-39yr old's average click rate of 29%, drops to 19% among older age groups. • 23% of male participants opened a phishing email compared to 10% for woman. • Public sector organizations were the most vulnerable to phishing attacks (with an average click rate of 36%) https://betanews.com/2022/10/13/older-generations-are- less-likely-to-click-phishing-emails/
  • 24. 28 28 Attack vectors / infection points • QRLJacking https://www.owasp.org/index.php/Qrljacking
  • 30. 34 34 How to Detect a Fake Profile • Profile photo – Do a search using the image – https://support.google.com/websearch/answer/1325808 • Username • The Biography • Profile content • Number of followers
  • 31. 35 35 How to Report a Fake Profile • Twitter – https://help.twitter.com/en/forms/authenticity/impersonation • Instagram – https://help.instagram.com/contact/636276399721841 • Facebook (Meta) – https://www.facebook.com/help/306643639690823 • LinkedIn – Click the More icon on the member’s profile. – Click Report or block. • TikTok – Go to the profile of the account you want to report. – Tap the Settings icon – Tap “Report” and follow the steps in the app.
  • 34. 38 Deep Fakes • Deepfake technology allows users to impersonate others with startling accuracy. – Deep Video Fakes (https://youtu.be/kOIMXt8KK8M) – Deep Voice Fakes (https://youtu.be/0ybLCfVeFL4) • Anyone can find deepfake software and services on the internet and have a relatively convincing representation of another person within minutes. – https://github.com/iperov/DeepFaceLab – https://github.com/sibozhang/Text2Video • Synthetic Identities are created by applying for credit using a combination of real and fake, or sometimes entirely fake, information.
  • 37. 41 Deep Fakes • … with the help of deepfakes, fraudsters can orchestrate social engineering attacks that appear to come from a friend or colleague, that is, someone we know and trust and whose motives do not need to be questioned.

Editor's Notes

  1. Ap Wang Drugye - https://dorjipenjore.files.wordpress.com/2015/09/oral-traditions-and-expressions-yeshi-lhendup.pdf
  2. Adam/ Eve cartoon - https://www.toonpool.com/cartoons/Adam%20and%20Eve_301321#img9 Buddha - https://buddhaweekly.com/meditation-techniques-for-people-with-unsettled-monkey-minds/buddha-weekly-buddha-hand-holds-the-monkey-king-buddhism/ Ap Wang Drugye - https://dorjipenjore.files.wordpress.com/2015/09/oral-traditions-and-expressions-yeshi-lhendup.pdf and https://www.bhutan-discover.de/ueber-bhutan/festivalkalender.html Historical examples Adam/Eve, the snake tricks them to eat apple Buddha tricks Monkey King Ap Wang Drugye (Bhutanese trickster) Ap Wang Drugye - https://dorjipenjore.files.wordpress.com/2015/09/oral-traditions-and-expressions-yeshi-lhendup.pdf
  3. https://xmind.app/embed/ERb5/
  4. Z. Wang, H. Zhu and L. Sun, "Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods," in IEEE Access, vol. 9, pp. 11895-11910, 2021, doi: 10.1109/ACCESS.2021.3051633. Wang, Z., Zhu, H., & Sun, L. (2021). Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods. IEEE Access, 9, 11895–11910. https://doi.org/10.1109/ACCESS.2021.3051633 https://ieeexplore-ieee-org.ezproxy.csu.edu.au/stamp/stamp.jsp?tp=&arnumber=9323026 Accessed via Charles Sturt Library search https://primo.csu.edu.au/discovery/fulldisplay?docid=cdi_ieee_primary_9323026&context=PC&vid=61CSU_INST:61CSU&lang=en&search_scope=MyInst_and_CI&adaptor=Primo%20Central&tab=Everything&query=any,contains,Social%20Engineering%20in%20Cybersecurity:%20Effect%20Mechanisms,%20Human%20Vulnerabilities%20and%20Attack%20Methods&offset=0
  5. Z. Wang, H. Zhu and L. Sun, "Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods," in IEEE Access, vol. 9, pp. 11895-11910, 2021, doi: 10.1109/ACCESS.2021.3051633. Wang, Z., Zhu, H., & Sun, L. (2021). Social Engineering in Cybersecurity: Effect Mechanisms, Human Vulnerabilities and Attack Methods. IEEE Access, 9, 11895–11910. https://doi.org/10.1109/ACCESS.2021.3051633 https://ieeexplore-ieee-org.ezproxy.csu.edu.au/stamp/stamp.jsp?tp=&arnumber=9323026 Accessed via Charles Sturt Library search https://primo.csu.edu.au/discovery/fulldisplay?docid=cdi_ieee_primary_9323026&context=PC&vid=61CSU_INST:61CSU&lang=en&search_scope=MyInst_and_CI&adaptor=Primo%20Central&tab=Everything&query=any,contains,Social%20Engineering%20in%20Cybersecurity:%20Effect%20Mechanisms,%20Human%20Vulnerabilities%20and%20Attack%20Methods&offset=0
  6. https://www.academia.edu/8216745/Social_Engineering_it_s_impact_on_organization In 2014, Tshewang Dorji wrote in the seminar report “Social Engineering: it’s impact on organization and individual in Bhutan”
  7. https://www.straitstimes.com/singapore/courts-crime/2278m-lost-to-top-10-scams-in-first-half-of-2022-as-overall-crime-rises-by-36 https://techcrunch.com/2022/01/27/ftc-u-s-consumers-lost-770-million-in-social-media-scams-in-2021-up-18x-from-2017/ https://www.ftc.gov/system/files/attachments/blog_posts/Social%20media%20a%20gold%20mine%20for%20scammers%20in%202021/social_media_spotlight.pdf https://www.scamwatch.gov.au/scam-statistics
  8. https://www.scamwatch.gov.au/scam-statistics
  9. $100 Million Google and Facebook Spear Phishing Scam https://www.theguardian.com/technology/2017/mar/22/phishing-scam-us-tech-companies-tricked-100-million-lithuanian-man https://twitter.com/fbi/status/1222279332359360512 https://www.justice.gov/usao-sdny/pr/lithuanian-man-sentenced-5-years-prison-theft-over-120-million-fraudulent-business https://www.ic3.gov/Media/Y2019/PSA190910
  10. https://miningquiz.com/games/powerpoints/new/Psychic-Card-Trick-PowerPoint-Game.ppt
  11. https://miningquiz.com/games/powerpoints/new/Psychic-Card-Trick-PowerPoint-Game.ppt
  12. https://miningquiz.com/games/powerpoints/new/Psychic-Card-Trick-PowerPoint-Game.ppt
  13. https://miningquiz.com/games/powerpoints/new/Psychic-Card-Trick-PowerPoint-Game.ppt
  14. Mind-Reading (1) The "carrot" trick is quite a popular and effective one, but don't question why or how it works. It just does! How the Trick Is Done: Write down the word "carrot" on a piece of paper. Give it to your friend but tell them not to look at it... yet. Let them hold on to it so they know there's no cheating going on. Next, ask them "what's 1+1?" and wait for them to answer. Ask "what's 2+2?" and wait for them to answer. Keep going until you get to 8+8. After they answer, ask them to name a vegetable. Result: 90% of the time they will think of a carrot. They don't realize it, but their answer is already there on the piece of paper you gave them! These mathematical tricks are tools used by mentalists to "read" people's minds. We have two brain functions. When the higher cognitive function is distracted, we revert to a very suggestive state of mind. Some think that this trick works because the counting reminds us of children's books, etc. and carrots are the most common vegetable we learn about as U.S. kids. That said, how exactly it works is frequently under debate.
  15. https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.451.9154&rep=rep1&type=pdf https://www.dogana-project.eu/index.php/social-engineering-blog/11-social-engineering/98-se-evolution
  16. https://www.imperva.com/learn/application-security/social-engineering-attack/
  17. https://www.imperva.com/learn/application-security/social-engineering-attack/ https://healthitsecurity.com/features/common-types-of-social-engineering-phishing-attacks-in-healthcare Mouton, F., Leenen, L., & Venter, H. S. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186–209. https://doi.org/10.1016/j.cose.2016.03.004 telephone-oriented attack delivery (TOAD) https://www.proofpoint.com/us/blog/threat-insight/caught-beneath-landline-411-telephone-oriented-attack-delivery https://www.barringtonstoke.co.uk/wp-content/uploads/2019/03/9781781128442.jpg
  18. https://betanews.com/2022/10/13/older-generations-are-less-likely-to-click-phishing-emails/ According to security awareness training company SoSafe, who recently completed some research about phishing attacks
  19. THE SOCIAL-ENGINEER TOOLKIT (SET) The Social-Engineer Toolkit (SET) was created and written by Dave Kennedy, the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. The attacker may clone a legitimate website and trick the victim to visit the link and enter the credentials. https://securitytrails.com/blog/the-social-engineering-toolkit
  20. https://www.owasp.org/index.php/Qrljacking https://www.youtube.com/watch?time_continue=349&v=4QwyBXiZhG0 https://www.youtube.com/watch?v=MY99GWdNJKU (downloaded)
  21. https://this-person-does-not-exist.com/en
  22. https://this-person-does-not-exist.com/en
  23. https://twitter.com/tywynlannister?lang=en
  24. https://drdavidhamilton.com/fake-social-media-profiles/ https://whatismyipaddress.com/the-definitive-list-to-reporting-fake-social-media-accounts
  25. https://metricool.com/fake-profiles/
  26. https://whatismyipaddress.com/the-definitive-list-to-reporting-fake-social-media-accounts
  27. https://this-person-does-not-exist.com/en
  28. lively conversation between Robert Downey, Jr. (Avengers: Endgame, Dolittle), George Lucas (Star Wars, Indiana Jones), Tom Cruise (Mission: Impossible, Edge of Tomorrow), Ewan McGregor (Doctor Sleep, Obi-Wan), and Jeff Goldblum (The World According to Jeff Goldblum, Jurassic World 3), moderated by Mark Ellis (Dog Stepfather).
  29. https://www.spiceworks.com/it-security/cyber-risk-management/articles/what-is-deepfake/
  30. https://arxiv.org/abs/2005.05535
  31. https://youtu.be/0ybLCfVeFL4?t=83
  32. https://www.tripwire.com/state-of-security/security-data-protection/use-of-deepfakes-in-social-engineering-attacks
  33. https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Deepfake-Social-Engineering-Creating-A-Framework-For-Synthetic-Media-Social-Engineering.pdf https://www.securityweek.com/deepfakes-are-growing-threat-cybersecurity-and-society-Europol https://www.rapid7.com/blog/post/2021/12/06/deepfakes-a-nascent-cybersecurity-threat/ Rapid 7 In 2019, we identified 40 posts on dark web hacking forums discussing deepfakes. In 2020, that number rose to 94 posts. In 2021, we've seen a total of 92 posts so far — this number will likely outpace the prior year's 94 by the end of the year.