SlideShare a Scribd company logo

Social engineering

Download as PPTX, PDF
Vîñàý Pãtêl
Vîñàý Pãtêl

Social engineering is an means of hacking making a person fool and to steal their dat

Technology
1 of 36
THE MIND GAME BEYOND Normal HUMAN!
Simple Definition  Social engineering is a psycho-social attack that subverts human trust and helpfulness in order to attain the attacker’s goals.
Outline  What is it?  How is it done?  Who is at risk?  Approach?
What is it?  Social engineering is the oldest form of hacking.  Social engineers focus on the users of the system. By gaining the trust of the user, a social engineer can simply ask for whatever information he or she wants…and usually get it.
The Social Engineering!!!!  Uses Psychological Methods  Exploits human tendency to trust  Goals are the Same as Hacking “the art and science of getting people to comply with your wishes”
Why Social Engineering?  Easier than technical hacking  Hard to detect and track
A social engineer’s mantra… “There is no patch for human stupidity.”
The Mind of a Social Engineer  More like actors than hackers  Learn to know how people feel by observing their actions  can alter these feelings by changing what they say and do  make the victim want to give them the information they need
How is it done?  Attacks come in various forms:  On the phone, over e-mail, in person impersonation
Impersonation  Play the part!  Social Engineers must:  Anticipate problems  Know jargon and procedures of the role
Impersonation  And most importantly, knowledge of how to build trust with whomever they need information from.  Social engineers most often impersonate authority figures, assistants to authority figure, and new employees.
More techniques…  Dummy Mode  Bury the key question  Research (Google)
Over the phone  The phone is the most popular method of social engineering because it is difficult to verify or deny someone’s identity.
Over e-mail and IM  E-mail attacks are very common (phishing).  E-mail is also used for impersonation.  Obtaining password for an IM account could lead to access to a bank account, other personal data.
Dumpster diving  Digging through trash at corporations in search of sensitive data.
Outline  What is it?  How is it done?  Who is at risk?  Approach?
Who is at risk?  Everyone.  Everyone with information is a potential target!
Real World Examples  90% of office workers gave away their password for a pen.  70% of people who trade their password for a bar of chocolate.
Real World Examples  1/3 of the IRS employees provided their user name and changed their password in a 2005 security audit.  USC vs. Cal basketball game
Approaches  Carelessness  Comfort Zone  Helpfulness  Fear
Careless Approach  Victim is Careless  Does not implement, use, or enforce proper countermeasures  Used for Reconnaissance  Looking for what is laying around
Careless Examples  Dumpster Diving/Trashing  Huge amount of information in the trash  Most of it does not seem to be a threat  The who, what and where of an organization  Knowledge of internal systems  Materials for greater authenticity  Intelligence Agencies have done this for years
Comfort Zone Examples  Impersonation  Could be anyone  Tech Support  Co-Worker  Boss  CEO  User  Maintenance Staff  Generally Two Goals  Asking for a password  Building access - Careless Approach
Comfort Zone Approach  Victim organization members are in a comfortable environment  Lower threat perception  Usually requires the use of another approach
Helpful Approach  People generally try to help even if they do not know who they are helping  Usually involves being in a position of obvious need  Attacker generally does not even ask for the help they receive
Helpful Examples  Piggybacking  Attacker will trail an employee entering the building  More Effective:  Carry something large so they hold the door open for you  Go in when a large group of employees are going in  Pretend to be unable to find door key
Fear Approach  Usually draws from the other approaches  Puts the user in a state of fear and anxiety  Very aggressive
Fear Examples  Conformity  The user is the only one who has not helped out the attacker with this request in the past  Personal responsibility is diffused  User gets justification for granting an attack.
Combating Social Engineers  User Education and Training  Identifying Areas of Risk  Tactics correspond to Area  Strong, Enforced, and Tested Security Policy
User Education and Training  Security Orientation for new employees  Yearly security training for all employees  Weekly newsletters, videos, brochures, games and booklets detailing incidents and how they could have been prevented  Signs, posters, coffee mugs, pens, pencils, mouse pads, screen savers, etc with security slogans (I.e. “Loose lips sink ships”).
Security Policy  Management should know the importance of protecting against social engineering attacks  Specific enough that employees should not have to make judgment calls  Include procedure for responding to an attack
Areas of Risk  Certain areas have certain risks  What are the risks for these areas?  Help Desk, Building entrance, Office, Mail Room, Machine room/Phone Closet, Dumpsters, Intranet/Internet, Overall
Conclusions  Social Engineering is a very real threat  Realistic prevention is hard  Can be expensive  Militant Vs. Helpful Helpdesk Staff  Reasonable Balance
“You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” -Kevin Mitnick
Questions
References  Psychological Based Social Engineering, Charles Lively. December 2003. SANS Institute. 10 September 2005. http://www.giac.org/certified_professionals/practicals/gsec/3547.php  Sarah Granger, “Social Engineering Fundamentals: Part I”. Security Focus. December 2001. 10 September 2005. http://www.securityfocus.com/infocus/1527  Sarah Granger, “Social Engineering Fundamentals: Part II”. Security Focus. January 2002. 10 September 2005. http://www.securityfocus.com/infocus/1533

Recommended

Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringn|u - The Open Security Community
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingNaveen Sihag
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 

Recommended

Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringn|u - The Open Security Community
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingNaveen Sihag
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingTharindu Kalubowila
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityMohammed Adam
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppthimanshujoshi238
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Ethical hacking Presentation
Ethical hacking PresentationEthical hacking Presentation
Ethical hacking PresentationAmbikaMalgatti
 
Phishing
PhishingPhishing
Phishinganjalika sinha
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYPranjalShah18
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks Anuradha Moti T
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 

More Related Content

What's hot

Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityMohammed Adam
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Ethical hacking Presentation
Ethical hacking PresentationEthical hacking Presentation
Ethical hacking PresentationAmbikaMalgatti
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb
 

What's hot (20)

Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security & Importance of Cyber Security
Cyber security & Importance of Cyber SecurityCyber security & Importance of Cyber Security
Cyber security & Importance of Cyber Security
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Ethical hacking Presentation
Ethical hacking PresentationEthical hacking Presentation
Ethical hacking Presentation
 
Phishing
PhishingPhishing
Phishing
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...Cyber Security 101: Training, awareness, strategies for small to medium sized...
Cyber Security 101: Training, awareness, strategies for small to medium sized...
 

Viewers also liked

Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen CatheySocial Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Catheynwrecruit
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Humans Are The Weakest Link – How DLP Can Help?
Humans Are The Weakest Link – How DLP Can Help?Humans Are The Weakest Link – How DLP Can Help?
Humans Are The Weakest Link – How DLP Can Help?Vera Trubacheva
 
Social Engineering
Social Engineering Social Engineering
Social Engineering Mirna Hanna
 
Customer Human Engineering jmg
Customer Human Engineering jmgCustomer Human Engineering jmg
Customer Human Engineering jmgJose Garcia
 
Skip the date quick start
Skip the date quick startSkip the date quick start
Skip the date quick startskipthedate
 
Verbal Judo: The Art of Using Words to Close More Deals
Verbal Judo: The Art of Using Words to Close More DealsVerbal Judo: The Art of Using Words to Close More Deals
Verbal Judo: The Art of Using Words to Close More DealsActiveRain
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackStefan Tanase
 
7 social engineering and insider threats
7 social engineering and insider threats 7 social engineering and insider threats
7 social engineering and insider threats mohamad Hamizi
 
2 cybersecurity best practices
2 cybersecurity best practices 2 cybersecurity best practices
2 cybersecurity best practices mohamad Hamizi
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 

Viewers also liked (18)

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen CatheySocial Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
Humans Are The Weakest Link – How DLP Can Help?
Humans Are The Weakest Link – How DLP Can Help?Humans Are The Weakest Link – How DLP Can Help?
Humans Are The Weakest Link – How DLP Can Help?
 
Social Engineering
Social Engineering Social Engineering
Social Engineering
 
Customer Human Engineering jmg
Customer Human Engineering jmgCustomer Human Engineering jmg
Customer Human Engineering jmg
 
Skip the date quick start
Skip the date quick startSkip the date quick start
Skip the date quick start
 
The Reid Technique
The Reid TechniqueThe Reid Technique
The Reid Technique
 
Verbal Judo: The Art of Using Words to Close More Deals
Verbal Judo: The Art of Using Words to Close More DealsVerbal Judo: The Art of Using Words to Close More Deals
Verbal Judo: The Art of Using Words to Close More Deals
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attack
 
7 social engineering and insider threats
7 social engineering and insider threats 7 social engineering and insider threats
7 social engineering and insider threats
 
2 cybersecurity best practices
2 cybersecurity best practices 2 cybersecurity best practices
2 cybersecurity best practices
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 

Similar to Social engineering

Social engineering
Social engineeringSocial engineering
Social engineeringHHSome
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT WorldAkshay Mittal
 
Unlocking the Hidden Potential
Unlocking the Hidden PotentialUnlocking the Hidden Potential
Unlocking the Hidden PotentialEricaCiko
 
VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1tgbrunet
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING ijmvsc
 
Issa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's RevengeIssa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's RevengeMike Murray
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
Cyber Security | Mayur Rele
Cyber Security | Mayur ReleCyber Security | Mayur Rele
Cyber Security | Mayur ReleMayur Rele
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text graphhoc
 

Similar to Social engineering (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT World
 
Unlocking the Hidden Potential
Unlocking the Hidden PotentialUnlocking the Hidden Potential
Unlocking the Hidden Potential
 
VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
 
Issa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's RevengeIssa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's Revenge
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
 
Cyber Security | Mayur Rele
Cyber Security | Mayur ReleCyber Security | Mayur Rele
Cyber Security | Mayur Rele
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text
 

More from Vîñàý Pãtêl

More from Vîñàý Pãtêl (7)

Psychotropic drugs review
Psychotropic drugs reviewPsychotropic drugs review
Psychotropic drugs review
 
Supernatural creatures
Supernatural creaturesSupernatural creatures
Supernatural creatures
 
Microscope
MicroscopeMicroscope
Microscope
 
Mutations
MutationsMutations
Mutations
 
Psychotropic drugs
Psychotropic drugsPsychotropic drugs
Psychotropic drugs
 
Bioweapons
Bioweapons Bioweapons
Bioweapons
 
RNA polymerase
RNA polymeraseRNA polymerase
RNA polymerase
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 

Social engineering

  • 2. Simple Definition  Social engineering is a psycho-social attack that subverts human trust and helpfulness in order to attain the attacker’s goals.
  • 3. Outline  What is it?  How is it done?  Who is at risk?  Approach?
  • 4. What is it?  Social engineering is the oldest form of hacking.  Social engineers focus on the users of the system. By gaining the trust of the user, a social engineer can simply ask for whatever information he or she wants…and usually get it.
  • 5. The Social Engineering!!!!  Uses Psychological Methods  Exploits human tendency to trust  Goals are the Same as Hacking “the art and science of getting people to comply with your wishes”
  • 6. Why Social Engineering?  Easier than technical hacking  Hard to detect and track
  • 7. A social engineer’s mantra… “There is no patch for human stupidity.”
  • 8. The Mind of a Social Engineer  More like actors than hackers  Learn to know how people feel by observing their actions  can alter these feelings by changing what they say and do  make the victim want to give them the information they need
  • 9. How is it done?  Attacks come in various forms:  On the phone, over e-mail, in person impersonation
  • 10. Impersonation  Play the part!  Social Engineers must:  Anticipate problems  Know jargon and procedures of the role
  • 11. Impersonation  And most importantly, knowledge of how to build trust with whomever they need information from.  Social engineers most often impersonate authority figures, assistants to authority figure, and new employees.
  • 12. More techniques…  Dummy Mode  Bury the key question  Research (Google)
  • 13. Over the phone  The phone is the most popular method of social engineering because it is difficult to verify or deny someone’s identity.
  • 14. Over e-mail and IM  E-mail attacks are very common (phishing).  E-mail is also used for impersonation.  Obtaining password for an IM account could lead to access to a bank account, other personal data.
  • 15. Dumpster diving  Digging through trash at corporations in search of sensitive data.
  • 16. Outline  What is it?  How is it done?  Who is at risk?  Approach?
  • 17. Who is at risk?  Everyone.  Everyone with information is a potential target!
  • 18. Real World Examples  90% of office workers gave away their password for a pen.  70% of people who trade their password for a bar of chocolate.
  • 19. Real World Examples  1/3 of the IRS employees provided their user name and changed their password in a 2005 security audit.  USC vs. Cal basketball game
  • 20. Approaches  Carelessness  Comfort Zone  Helpfulness  Fear
  • 21. Careless Approach  Victim is Careless  Does not implement, use, or enforce proper countermeasures  Used for Reconnaissance  Looking for what is laying around
  • 22. Careless Examples  Dumpster Diving/Trashing  Huge amount of information in the trash  Most of it does not seem to be a threat  The who, what and where of an organization  Knowledge of internal systems  Materials for greater authenticity  Intelligence Agencies have done this for years
  • 23. Comfort Zone Examples  Impersonation  Could be anyone  Tech Support  Co-Worker  Boss  CEO  User  Maintenance Staff  Generally Two Goals  Asking for a password  Building access - Careless Approach
  • 24. Comfort Zone Approach  Victim organization members are in a comfortable environment  Lower threat perception  Usually requires the use of another approach
  • 25. Helpful Approach  People generally try to help even if they do not know who they are helping  Usually involves being in a position of obvious need  Attacker generally does not even ask for the help they receive
  • 26. Helpful Examples  Piggybacking  Attacker will trail an employee entering the building  More Effective:  Carry something large so they hold the door open for you  Go in when a large group of employees are going in  Pretend to be unable to find door key
  • 27. Fear Approach  Usually draws from the other approaches  Puts the user in a state of fear and anxiety  Very aggressive
  • 28. Fear Examples  Conformity  The user is the only one who has not helped out the attacker with this request in the past  Personal responsibility is diffused  User gets justification for granting an attack.
  • 29. Combating Social Engineers  User Education and Training  Identifying Areas of Risk  Tactics correspond to Area  Strong, Enforced, and Tested Security Policy
  • 30. User Education and Training  Security Orientation for new employees  Yearly security training for all employees  Weekly newsletters, videos, brochures, games and booklets detailing incidents and how they could have been prevented  Signs, posters, coffee mugs, pens, pencils, mouse pads, screen savers, etc with security slogans (I.e. “Loose lips sink ships”).
  • 31. Security Policy  Management should know the importance of protecting against social engineering attacks  Specific enough that employees should not have to make judgment calls  Include procedure for responding to an attack
  • 32. Areas of Risk  Certain areas have certain risks  What are the risks for these areas?  Help Desk, Building entrance, Office, Mail Room, Machine room/Phone Closet, Dumpsters, Intranet/Internet, Overall
  • 33. Conclusions  Social Engineering is a very real threat  Realistic prevention is hard  Can be expensive  Militant Vs. Helpful Helpdesk Staff  Reasonable Balance
  • 34. “You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” -Kevin Mitnick
  • 36. References  Psychological Based Social Engineering, Charles Lively. December 2003. SANS Institute. 10 September 2005. http://www.giac.org/certified_professionals/practicals/gsec/3547.php  Sarah Granger, “Social Engineering Fundamentals: Part I”. Security Focus. December 2001. 10 September 2005. http://www.securityfocus.com/infocus/1527  Sarah Granger, “Social Engineering Fundamentals: Part II”. Security Focus. January 2002. 10 September 2005. http://www.securityfocus.com/infocus/1533