SlideShare uma empresa Scribd logo

Social Engineering and Identity Theft

Transferir como PPTX, PDF
S
Scott Teipe, CISSP, CISM
1 de 28
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Social Engineering and Identity Theft How to avoid being a victim Scott Teipe – CISSP, CISM Manager of Information Security
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Social Engineering and Identity Theft Cases 2 Frank Abagnale (1969) – http://en.wikipedia.org/wiki/Frank_Abagnale Lifelock (2007) – http://en.wikipedia.org/wiki/Lifelock HBGary vs. Anonymous (2011) – http://en.wikipedia.org/wiki/HBGary Amar Singh (2012) – http://www.huffingtonpost.com/2012/08/07/largest-id-theft-in- history_n_1751241.html
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Identity Theft Statistics • One of the most common cybercrimes worldwide! The 2013 Identity Fraud Report released by Javelin Strategy & Research indicates:  In 2012 identity fraud incidents increased by more than one million victims.  Fraudsters stole more than $21 billion, the highest amount since 2009.  12.6 million victims in the United States in 2012.  1 new victim every 3 seconds!!! 3
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Identity Theft 4 Javelin Strategy & Research Report https://www.javelinstrategy.com/news/1387/92/More-Than-12-Million-Identity-Fraud-Victims-in- 2012-According-to-Latest-Javelin-Strategy-Research-Report/d,pressRoomDetail
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Identity Theft Once your personal data is obtained, it can be used to: • Apply for a job • Charge utilities • File for bankruptcy • File fraudulent tax returns • Open new accounts on your name • Commit a crime or get into legal trouble • Drain your checking account and savings • Go on a spending spree, purchase a car, appliances, services, etc. 5
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Social Engineering • Social Engineering - New term for an old problem: being scammed. • Exploit Human Nature Weakness – Desire to Help – Fear of Authority – Use of logic(mask a small lie within a series of true statements) – Exploit necessities and desires (money, sex, free services/entertainment, etc.) • Technical and Non Technical – Phone, email, trash, face to face – Target: Your personal information or third party information for which you have access. 6
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Social Engineering Techniques • Phishing and Spearphishing • Dumpster Diving – Be aware of what you throw in the trash. Someone’s trash is someone else’s treasure. • Shoulder surfing – Always check to ensure nobody is peeking over your shoulder when entering security credentials (PIN, Password, etc) Some of these techniques allow the attacker to bypass security controls (passwords, firewalls, etc) 7
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Scenario 1 • You find a USB key in the parking lot at your workplace, once you plug it in, you find a program that offer free access to a website in order to watch pirated first-run movies. 8
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Scenario 2 • You work in IT support and receive a phone call. The person on the other side of the line claims to be the new VP of the company and has forgotten his/her security credentials (pin/password) and asks you to reset their password. 9
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Strategy • Awareness and Common Sense – If its too good to be true… • Discipline and Education • If in doubt, look for confirmation • Efficient use of defensive technologies • Proper use, storage and disposal of your information 10
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Technology Defense Mechanisms • Security in depth: Multiple overlapping defenses – Remember there is no single solution that protects 100% against an attack • Proactive vs. Reactive • Firewall, Antivirus, System Patches • Most Modern operating systems have user friendly security features built-in • Passwords security • Data disposal 11
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Action Center • Windows 7/8 – Antivirus: • Win8: Windows Defender • Win7: Windows security essentials – Firewall: Windows Firewall – Patch Management: Windows Update – Other features: • Data Privacy/Protection (BitLocker Win7/8) • Antiphishing (Win8 Windows SmartScreen) • Family Safety (Win 8) 12
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Action Center • Display Important messages • Windows update: Make sure Windows Update is configured correctly and turned on! 13
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Windows Defender • Antivirus Real time protection • Status color coded: Green, Yellow, Red 14
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Windows Smart Screen • Real time protection against malware • Offers phishing protection within IE in real time. 15
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Password Security • Length: 16 or more characters • Complexity – Avoid Dictionary words and personally identifiable information – Change the order - use numbers, symbols then letters. • Human nature is to use a capital letter then lower case then numbers and symbols to form a password. Hacking programs know this! – Use password generators • https://www.grc.com/passwords.htm • http://passwordsgenerator.net/ • Too many passwords? Try a password manager • Free Password Manager – Keepass – http://keepass.info/ 16
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Two Factor Authentication • Offers an extra layer of security • It requires an additional authentication factor • One of the following besides username and password: – Something you have: Security token – Something you know: PIN or pattern – Something you are: Biometrics like fingerprint, voice, etc • Google and Yahoo started offering two factor authentication as an additional security feature back in 2011. 17
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Digital Fingerprints • Where we are leaving traces of our lives: – Social Media (Twitter, Facebook, LinkedIN, etc) – Old Devices: Cellphones • What are we leaving behind: – Date/Place of birth – Family Members Information (Nicknames/Dates/etc) – Social Security Numbers, Phone Numbers, etc. 18
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. How to Manage Your Information • Install a data sanitation utility and use it to delete any important and/or personal information. • If you are going to sell/transfer a device wipe the storage device clean including the memory card! • Another excellent protection is to encrypt your sensitive information. 19
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Free Tools for Secure Erase • Eraser – http://eraser.heidi.ie/download.php • Ccleaner – http://www.piriform.com/ccleaner/download • File Shredder – http://www.fileshredder.org/ 20
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Free Tools for Data Wipe • Secure Erase – http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml • MHDD – http://hddguru.com/software/2005.10.02-MHDD/ • Hard disk vendors offer utilities to wipe the contents of their HD • Always wipe the Hard disk before disposing or donating an old computer!!! • Don’t become a victim of old personal data. 21
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Free Tools for Data Encryption • Truecrypt – http://www.truecrypt.org/ • Safehouse Explorer Encryption – http://www.safehousesoftware.com/ • Windows 7/8 Bitlocker – http://windows.microsoft.com/en- hk/windows7/products/features/bitlocker Encrypt data on removable storage (USB thumb drives, SD cards) 22
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Free Anti-virus – Avast: http://www.avast.com/index – AVG: http://free.avg.com/ww- en/homepage – Avira: http://www.avira.com/en/avira- free-antivirus 23
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Email Basic principles – Avoid clicking on links contained within e-mail messages. – Type the webpage into the browser instead of clicking on the link. – If in doubt, confirm the validity of the e-mail with the sender. WHY??? – It is very easy for hackers to forge the sender’s identity. – It is easy to forge the e-mail format to make it look legitimate. – Clicking on a legitimate looking link may install malicious software without your consent or knowledge. 24
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Email 25 No official UN or HSBC email addresses Take a look to the header
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Internet Browsing • Most vulnerabilities require you to click on something within the website to activate the vulnerability and cause your computer to crash or become very slow. • Websites make it difficult to choose the right place to click. Often times, buttons are just images coaxing you to perform an action such as clicking on a link embedded in an image. • Critical: keep your browser and computer updated with the latest versions and patches!!! 26
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Conclusions • Be aware, educated and disciplined. • Keep it simple (i.e: Just install the applications that you really need). • There are no silver bullets, having a strategy in conjunction with the proper use of technology will help you to minimize your exposure to fraud. 27
©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Questions?? 28

Recomendados

How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data Safe
Rocket Matter, LLC
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd period
charvill
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
Jennifer Polack
 
Chapter 3 ethics and privacy
Chapter 3 ethics and privacyChapter 3 ethics and privacy
Chapter 3 ethics and privacy
mrzapper
 
Psi 10 security and ethical challenges
Psi 10 security and ethical challengesPsi 10 security and ethical challenges
Psi 10 security and ethical challenges
Silvia Afrima Chandra
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
Jim Brashear
 
Computer security
Computer securityComputer security
Computer security
RoshanMaharjan13
 
Data breach at sony
Data breach at sonyData breach at sony
Data breach at sony
BlueBit Technologies
 

Recomendados

How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data Safe
Rocket Matter, LLC
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd period
charvill
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
Jennifer Polack
 
Chapter 3 ethics and privacy
Chapter 3 ethics and privacyChapter 3 ethics and privacy
Chapter 3 ethics and privacy
mrzapper
 
Psi 10 security and ethical challenges
Psi 10 security and ethical challengesPsi 10 security and ethical challenges
Psi 10 security and ethical challenges
Silvia Afrima Chandra
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
Jim Brashear
 
Computer security
Computer securityComputer security
Computer security
RoshanMaharjan13
 
Data breach at sony
Data breach at sonyData breach at sony
Data breach at sony
BlueBit Technologies
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
Murray Security Services
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
Gabor Szathmari
 
Cybercrime in Nigeria - Technology and Society
Cybercrime in Nigeria - Technology and SocietyCybercrime in Nigeria - Technology and Society
Cybercrime in Nigeria - Technology and Society
PELUMI APANTAKU
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social Engineering
Jack Kessler
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass Houses
Paige Rasid
 
digital law
digital lawdigital law
digital law
11tsk
 
Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)
Nawanan Theera-Ampornpunt
 
Cyber Security for 5th and 6th Graders
Cyber Security for 5th and 6th GradersCyber Security for 5th and 6th Graders
Cyber Security for 5th and 6th Graders
Stephen Thomas, CISSP
 
Privacy and E-Commerce
Privacy and E-CommercePrivacy and E-Commerce
Privacy and E-Commerce
Aleksandr Yampolskiy
 
Computer crime
Computer crimeComputer crime
Computer crime
Vinil Patel
 
Internal social media: risks and added value
Internal social media: risks and added valueInternal social media: risks and added value
Internal social media: risks and added value
Prof. Jacques Folon (Ph.D)
 
N3275466 - Final Presentation Advance network (1)
N3275466 - Final Presentation Advance network (1)N3275466 - Final Presentation Advance network (1)
N3275466 - Final Presentation Advance network (1)
Christopher Lisasi
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
MrunalBakshi
 
OSAC: Personal Digital Security Presentation
OSAC: Personal Digital Security PresentationOSAC: Personal Digital Security Presentation
OSAC: Personal Digital Security Presentation
Dr. Lydia Kostopoulos
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ade Ismail Isnan
 
Looking at information security from different perspectives
Looking at information security from different perspectivesLooking at information security from different perspectives
Looking at information security from different perspectives
Edgard Chammas
 
Cybersecurity2021
Cybersecurity2021Cybersecurity2021
Cybersecurity2021
PrabhatChoudhary11
 
Keynote Petteri Järvinen - Cybersecurity and Privacy in 2020 - Mindtrek 2016
Keynote Petteri Järvinen - Cybersecurity and Privacy in 2020 - Mindtrek 2016Keynote Petteri Järvinen - Cybersecurity and Privacy in 2020 - Mindtrek 2016
Keynote Petteri Järvinen - Cybersecurity and Privacy in 2020 - Mindtrek 2016
Mindtrek
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
Jose L. Quiñones-Borrero
 
SLIDE FINAL PAPER PALEMBANG
SLIDE FINAL PAPER PALEMBANGSLIDE FINAL PAPER PALEMBANG
SLIDE FINAL PAPER PALEMBANG
RSCM Jakarta
 
First class Testing
First class TestingFirst class Testing
First class Testing
Return on Intelligence
 

Mais conteúdo relacionado

Mais procurados

Cybercrime in Nigeria - Technology and Society
Cybercrime in Nigeria - Technology and SocietyCybercrime in Nigeria - Technology and Society
Cybercrime in Nigeria - Technology and Society
PELUMI APANTAKU
 
digital law
digital lawdigital law
digital law
11tsk
 
N3275466 - Final Presentation Advance network (1)
N3275466 - Final Presentation Advance network (1)N3275466 - Final Presentation Advance network (1)
N3275466 - Final Presentation Advance network (1)
Christopher Lisasi
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
Looking at information security from different perspectives
Looking at information security from different perspectivesLooking at information security from different perspectives
Looking at information security from different perspectives
Edgard Chammas
 

Mais procurados (20)

Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
 
Cybercrime in Nigeria - Technology and Society
Cybercrime in Nigeria - Technology and SocietyCybercrime in Nigeria - Technology and Society
Cybercrime in Nigeria - Technology and Society
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social Engineering
 
Cyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass HousesCyber War, Cyber Peace, Stones and Glass Houses
Cyber War, Cyber Peace, Stones and Glass Houses
 
digital law
digital lawdigital law
digital law
 
Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)Health Information Privacy and Security (October 21, 2020)
Health Information Privacy and Security (October 21, 2020)
 
Cyber Security for 5th and 6th Graders
Cyber Security for 5th and 6th GradersCyber Security for 5th and 6th Graders
Cyber Security for 5th and 6th Graders
 
Privacy and E-Commerce
Privacy and E-CommercePrivacy and E-Commerce
Privacy and E-Commerce
 
Computer crime
Computer crimeComputer crime
Computer crime
 
Internal social media: risks and added value
Internal social media: risks and added valueInternal social media: risks and added value
Internal social media: risks and added value
 
N3275466 - Final Presentation Advance network (1)
N3275466 - Final Presentation Advance network (1)N3275466 - Final Presentation Advance network (1)
N3275466 - Final Presentation Advance network (1)
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
OSAC: Personal Digital Security Presentation
OSAC: Personal Digital Security PresentationOSAC: Personal Digital Security Presentation
OSAC: Personal Digital Security Presentation
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Looking at information security from different perspectives
Looking at information security from different perspectivesLooking at information security from different perspectives
Looking at information security from different perspectives
 
Cybersecurity2021
Cybersecurity2021Cybersecurity2021
Cybersecurity2021
 
Keynote Petteri Järvinen - Cybersecurity and Privacy in 2020 - Mindtrek 2016
Keynote Petteri Järvinen - Cybersecurity and Privacy in 2020 - Mindtrek 2016Keynote Petteri Järvinen - Cybersecurity and Privacy in 2020 - Mindtrek 2016
Keynote Petteri Järvinen - Cybersecurity and Privacy in 2020 - Mindtrek 2016
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 

Destaque

SLIDE FINAL PAPER PALEMBANG
SLIDE FINAL PAPER PALEMBANGSLIDE FINAL PAPER PALEMBANG
SLIDE FINAL PAPER PALEMBANG
RSCM Jakarta
 
Fast start tv b#1 p11_mvp_produto_minimo_viavel
Fast start tv b#1 p11_mvp_produto_minimo_viavelFast start tv b#1 p11_mvp_produto_minimo_viavel
Fast start tv b#1 p11_mvp_produto_minimo_viavel
fabricastartups
 
3.formulario de agenda telefonica
3.formulario de agenda telefonica3.formulario de agenda telefonica
3.formulario de agenda telefonica
mafemoseco
 
Extra clase de religión4654
Extra clase de religión4654Extra clase de religión4654
Extra clase de religión4654
Jeremy GF
 
Extra clase de religión
Extra clase de religiónExtra clase de religión
Extra clase de religión
Jeremy GF
 
Aprendisaje en las materias durate el semestre
Aprendisaje en las materias durate el semestreAprendisaje en las materias durate el semestre
Aprendisaje en las materias durate el semestre
marioblog
 

Destaque (20)

SLIDE FINAL PAPER PALEMBANG
SLIDE FINAL PAPER PALEMBANGSLIDE FINAL PAPER PALEMBANG
SLIDE FINAL PAPER PALEMBANG
 
First class Testing
First class TestingFirst class Testing
First class Testing
 
CORLEE BOB LARENA
CORLEE BOB LARENACORLEE BOB LARENA
CORLEE BOB LARENA
 
JavaScript
JavaScriptJavaScript
JavaScript
 
Fast start tv b#1 p11_mvp_produto_minimo_viavel
Fast start tv b#1 p11_mvp_produto_minimo_viavelFast start tv b#1 p11_mvp_produto_minimo_viavel
Fast start tv b#1 p11_mvp_produto_minimo_viavel
 
3.formulario de agenda telefonica
3.formulario de agenda telefonica3.formulario de agenda telefonica
3.formulario de agenda telefonica
 
Testing your code
Testing your codeTesting your code
Testing your code
 
Extra clase de religión4654
Extra clase de religión4654Extra clase de religión4654
Extra clase de religión4654
 
Dr Heather Williams
Dr Heather WilliamsDr Heather Williams
Dr Heather Williams
 
Extra clase de religión
Extra clase de religiónExtra clase de religión
Extra clase de religión
 
Jakub Cimoradsky
Jakub CimoradskyJakub Cimoradsky
Jakub Cimoradsky
 
Licen
LicenLicen
Licen
 
Relatório agosto - Quem se Importa
Relatório agosto - Quem se ImportaRelatório agosto - Quem se Importa
Relatório agosto - Quem se Importa
 
Reittiluokitus of 2013 suomen latu
Reittiluokitus of 2013 suomen latuReittiluokitus of 2013 suomen latu
Reittiluokitus of 2013 suomen latu
 
Resolving conflicts
Resolving conflictsResolving conflicts
Resolving conflicts
 
Gps -paikantimen datan syöttäminen Garmin BaseCampiin
Gps -paikantimen datan syöttäminen Garmin BaseCampiinGps -paikantimen datan syöttäminen Garmin BaseCampiin
Gps -paikantimen datan syöttäminen Garmin BaseCampiin
 
Introduction to selenium web driver
Introduction to selenium web driverIntroduction to selenium web driver
Introduction to selenium web driver
 
Graphs of Log functions
Graphs of Log functionsGraphs of Log functions
Graphs of Log functions
 
P1 disenho antena
P1 disenho antenaP1 disenho antena
P1 disenho antena
 
Aprendisaje en las materias durate el semestre
Aprendisaje en las materias durate el semestreAprendisaje en las materias durate el semestre
Aprendisaje en las materias durate el semestre
 

Semelhante a Social Engineering and Identity Theft

Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
Priyanka Aash
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about security
Alison Gianotto
 

Semelhante a Social Engineering and Identity Theft (20)

Social Engineering and Identity Theft.pptx
Social Engineering and Identity Theft.pptxSocial Engineering and Identity Theft.pptx
Social Engineering and Identity Theft.pptx
 
Staying Safe and Secure Online
Staying Safe and Secure OnlineStaying Safe and Secure Online
Staying Safe and Secure Online
 
12990739.ppt
12990739.ppt12990739.ppt
12990739.ppt
 
Phish training final
Phish training finalPhish training final
Phish training final
 
Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 
5 Cybersecurity Threats Your Business Can't Afford to Ignore
5 Cybersecurity Threats Your Business Can't Afford to Ignore5 Cybersecurity Threats Your Business Can't Afford to Ignore
5 Cybersecurity Threats Your Business Can't Afford to Ignore
 
Cybercrime trends in last five years
Cybercrime trends in last five yearsCybercrime trends in last five years
Cybercrime trends in last five years
 
Basic Digital Security
Basic Digital SecurityBasic Digital Security
Basic Digital Security
 
Judy Taylour's Digital Privacy Day 2014 Presentation
Judy Taylour's Digital Privacy Day 2014 PresentationJudy Taylour's Digital Privacy Day 2014 Presentation
Judy Taylour's Digital Privacy Day 2014 Presentation
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
ch07-Security.pptx
ch07-Security.pptxch07-Security.pptx
ch07-Security.pptx
 
Cyber Security Seminar
Cyber Security SeminarCyber Security Seminar
Cyber Security Seminar
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Security risks with fake apps
Security risks with fake appsSecurity risks with fake apps
Security risks with fake apps
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Security
 
iGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICTiGCSE Theory Unit 6 – Effects of Using ICT
iGCSE Theory Unit 6 – Effects of Using ICT
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & security
 
Getting users to care about security
Getting users to care about securityGetting users to care about security
Getting users to care about security
 

Social Engineering and Identity Theft

  • 1. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Social Engineering and Identity Theft How to avoid being a victim Scott Teipe – CISSP, CISM Manager of Information Security
  • 2. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Social Engineering and Identity Theft Cases 2 Frank Abagnale (1969) – http://en.wikipedia.org/wiki/Frank_Abagnale Lifelock (2007) – http://en.wikipedia.org/wiki/Lifelock HBGary vs. Anonymous (2011) – http://en.wikipedia.org/wiki/HBGary Amar Singh (2012) – http://www.huffingtonpost.com/2012/08/07/largest-id-theft-in- history_n_1751241.html
  • 3. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Identity Theft Statistics • One of the most common cybercrimes worldwide! The 2013 Identity Fraud Report released by Javelin Strategy & Research indicates:  In 2012 identity fraud incidents increased by more than one million victims.  Fraudsters stole more than $21 billion, the highest amount since 2009.  12.6 million victims in the United States in 2012.  1 new victim every 3 seconds!!! 3
  • 4. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Identity Theft 4 Javelin Strategy & Research Report https://www.javelinstrategy.com/news/1387/92/More-Than-12-Million-Identity-Fraud-Victims-in- 2012-According-to-Latest-Javelin-Strategy-Research-Report/d,pressRoomDetail
  • 5. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Identity Theft Once your personal data is obtained, it can be used to: • Apply for a job • Charge utilities • File for bankruptcy • File fraudulent tax returns • Open new accounts on your name • Commit a crime or get into legal trouble • Drain your checking account and savings • Go on a spending spree, purchase a car, appliances, services, etc. 5
  • 6. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Social Engineering • Social Engineering - New term for an old problem: being scammed. • Exploit Human Nature Weakness – Desire to Help – Fear of Authority – Use of logic(mask a small lie within a series of true statements) – Exploit necessities and desires (money, sex, free services/entertainment, etc.) • Technical and Non Technical – Phone, email, trash, face to face – Target: Your personal information or third party information for which you have access. 6
  • 7. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Social Engineering Techniques • Phishing and Spearphishing • Dumpster Diving – Be aware of what you throw in the trash. Someone’s trash is someone else’s treasure. • Shoulder surfing – Always check to ensure nobody is peeking over your shoulder when entering security credentials (PIN, Password, etc) Some of these techniques allow the attacker to bypass security controls (passwords, firewalls, etc) 7
  • 8. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Scenario 1 • You find a USB key in the parking lot at your workplace, once you plug it in, you find a program that offer free access to a website in order to watch pirated first-run movies. 8
  • 9. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Scenario 2 • You work in IT support and receive a phone call. The person on the other side of the line claims to be the new VP of the company and has forgotten his/her security credentials (pin/password) and asks you to reset their password. 9
  • 10. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Strategy • Awareness and Common Sense – If its too good to be true… • Discipline and Education • If in doubt, look for confirmation • Efficient use of defensive technologies • Proper use, storage and disposal of your information 10
  • 11. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Technology Defense Mechanisms • Security in depth: Multiple overlapping defenses – Remember there is no single solution that protects 100% against an attack • Proactive vs. Reactive • Firewall, Antivirus, System Patches • Most Modern operating systems have user friendly security features built-in • Passwords security • Data disposal 11
  • 12. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Action Center • Windows 7/8 – Antivirus: • Win8: Windows Defender • Win7: Windows security essentials – Firewall: Windows Firewall – Patch Management: Windows Update – Other features: • Data Privacy/Protection (BitLocker Win7/8) • Antiphishing (Win8 Windows SmartScreen) • Family Safety (Win 8) 12
  • 13. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Action Center • Display Important messages • Windows update: Make sure Windows Update is configured correctly and turned on! 13
  • 14. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Windows Defender • Antivirus Real time protection • Status color coded: Green, Yellow, Red 14
  • 15. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Windows Smart Screen • Real time protection against malware • Offers phishing protection within IE in real time. 15
  • 16. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Password Security • Length: 16 or more characters • Complexity – Avoid Dictionary words and personally identifiable information – Change the order - use numbers, symbols then letters. • Human nature is to use a capital letter then lower case then numbers and symbols to form a password. Hacking programs know this! – Use password generators • https://www.grc.com/passwords.htm • http://passwordsgenerator.net/ • Too many passwords? Try a password manager • Free Password Manager – Keepass – http://keepass.info/ 16
  • 17. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Two Factor Authentication • Offers an extra layer of security • It requires an additional authentication factor • One of the following besides username and password: – Something you have: Security token – Something you know: PIN or pattern – Something you are: Biometrics like fingerprint, voice, etc • Google and Yahoo started offering two factor authentication as an additional security feature back in 2011. 17
  • 18. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Digital Fingerprints • Where we are leaving traces of our lives: – Social Media (Twitter, Facebook, LinkedIN, etc) – Old Devices: Cellphones • What are we leaving behind: – Date/Place of birth – Family Members Information (Nicknames/Dates/etc) – Social Security Numbers, Phone Numbers, etc. 18
  • 19. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. How to Manage Your Information • Install a data sanitation utility and use it to delete any important and/or personal information. • If you are going to sell/transfer a device wipe the storage device clean including the memory card! • Another excellent protection is to encrypt your sensitive information. 19
  • 20. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Free Tools for Secure Erase • Eraser – http://eraser.heidi.ie/download.php • Ccleaner – http://www.piriform.com/ccleaner/download • File Shredder – http://www.fileshredder.org/ 20
  • 21. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Free Tools for Data Wipe • Secure Erase – http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml • MHDD – http://hddguru.com/software/2005.10.02-MHDD/ • Hard disk vendors offer utilities to wipe the contents of their HD • Always wipe the Hard disk before disposing or donating an old computer!!! • Don’t become a victim of old personal data. 21
  • 22. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Free Tools for Data Encryption • Truecrypt – http://www.truecrypt.org/ • Safehouse Explorer Encryption – http://www.safehousesoftware.com/ • Windows 7/8 Bitlocker – http://windows.microsoft.com/en- hk/windows7/products/features/bitlocker Encrypt data on removable storage (USB thumb drives, SD cards) 22
  • 23. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Free Anti-virus – Avast: http://www.avast.com/index – AVG: http://free.avg.com/ww- en/homepage – Avira: http://www.avira.com/en/avira- free-antivirus 23
  • 24. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Email Basic principles – Avoid clicking on links contained within e-mail messages. – Type the webpage into the browser instead of clicking on the link. – If in doubt, confirm the validity of the e-mail with the sender. WHY??? – It is very easy for hackers to forge the sender’s identity. – It is easy to forge the e-mail format to make it look legitimate. – Clicking on a legitimate looking link may install malicious software without your consent or knowledge. 24
  • 25. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Email 25 No official UN or HSBC email addresses Take a look to the header
  • 26. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Internet Browsing • Most vulnerabilities require you to click on something within the website to activate the vulnerability and cause your computer to crash or become very slow. • Websites make it difficult to choose the right place to click. Often times, buttons are just images coaxing you to perform an action such as clicking on a link embedded in an image. • Critical: keep your browser and computer updated with the latest versions and patches!!! 26
  • 27. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Conclusions • Be aware, educated and disciplined. • Keep it simple (i.e: Just install the applications that you really need). • There are no silver bullets, having a strategy in conjunction with the proper use of technology will help you to minimize your exposure to fraud. 27
  • 28. ©2011 Gogo Inc. and Affiliates. Proprietary & Confidential. Questions?? 28