SlideShare uma empresa Scribd logo

social_engineering.pptx

Transferir como PPTX, PDF
A
alexadejumo

Real-Life Scenario of Social Engineering

Tecnologia
1 de 10
Real-life Scenerios of Social Engineering Social engineering may be the oldest type of attack on information systems still it works till today. Social engineering has become the backbone of many cyber threats, from phishing emails to smishing and vishing attacks. Here’s some real-life social engineering attacks
1. $ 100 Million Google and Facebook Spear Phishing Scam. • The biggest social engineering attack of all time (as far as we know) was perpetrated by Lithuanian national, Evaldas Rimasauskas, against two of the FAANG: Google and Facebook. Rimasauskas and his team set up a fake company, pretending to be a computer manufacturer that worked with Google and Facebook. Rimsauskas also set up bank accounts in the company’s name. • The scammers then sent phishing emails to specific Google and Facebook employees, invoicing them for goods and services that the manufacturer had genuinely provided — but directing them to deposit money into their fraudulent accounts. Between 2013 and 2015, Rimasauskas and his associates cheated the two tech giants out of over $100 million.
2. 2022 Persuasive email phishing attack imitates US Department of Labor • In January 2022, Bleeping Computer described a sophisticated phishing attack designed to steal Office 365 credentials in which the attackers imitated the US Department of Labor (DoL). The scam is a noteworthy example of how convincing phishing attempts are becoming. • The attack used two methods to impersonate the DoL’s email address—spoofing the actual DoL email domain (reply@dol[.]gov) and buying up look-a-like domains, including “dol-gov[.]com” and “dol- gov[.]us”. Using these domains, the phishing emails sailed through the target organizations’ security gateways.The emails used official DoL branding and were professionally written and invited recipients to bid on a government project. The supposed bidding instructions were included in a three-page PDF with a “Bid Now” button embedded.On clicking the link, targets were redirected to a phishing site that looked identical to the actual DoL site, hosted at a URL such as bid-dolgov[.]us. The fake bidding site instructed users to enter their Office 365 credentials. The site even displayed an “error” message after the first input, ensuring the target would enter their credentials twice and thus reducing the possibility of mistyped credentials.
3. Microsoft 365 phishing scam steals credentials in 2021 • In April 2021, security researchers discovered a Business Email Compromise (BEC) scam that tricks the recipient into installing malicious code on their device. • The target receives a blank email with a subject line about a “price revision.” The email contains an attachment that looks like an Excel spreadsheet file (.xlsx). However, the “spreadsheet” is actually a .html file in disguise. • Upon opening the (disguised) .html file, the target is directed to a website containing malicious code. The code triggers a pop-up notification, telling the user they’ve been logged out of Microsoft 365, and inviting them to re- enter their login credentials.
4. Sacramento phishing attack exposes health information in 2021. • Five employees at Sacramento County revealed their login credentials to cybercriminals after receiving phishing emails on June 22, 2021. • The attack was discovered five months later, after an internal audit of workers’ email inboxes. • The breach occurred after employees received phishing emails containing a link to a malicious website. The targets entered their usernames and passwords into a fake login page which were then harvested by cybercriminals. • The attack resulted in a data breach exposing 2,096 records of health information and 816 records of “personal identification information.” The county notified the victims by email and offered free credit monitoring and identity theft services. • It remains to be seen whether this proposed resolution by the county will be enough. Protection of health information is particularly tightly regulated in the US, under the Health Insurance Portability and Accountability Act (HIPAA), and data breaches involving health data have led to some hefty lawsuits in the past.
5. 2021 Singapore Bank phishing saga • Customers of the Oversea-Chinese Banking Corporation (OCBC) were hit by a string of phishing attacks and malicious transactions in 2021, leading to around $8.5 million of losses across approximately 470 customers. • OCBC customers were duped into giving up their account details after receiving phishing emails in December 2021. The situation escalated quickly despite the bank shutting down fraudulent domains and alerting customers of the scam.
6. 2011 RSA SecurID Phishing Attack • In 2011, one of these attacks bit encryption giant RSA and succeeded in netting hackers valuable information about the company’s SecurID two-factor authentication fobs. • Although RSA initially denied that the information could help hackers compromise anyone using SecurID, defense contractor Lockheed Martin soon detected hackers attempting to breach their network using stolen SecurID data. RSA backpedaled quickly and agreed to replace most of the distributed security tokens. • All this trouble boiled down to four employees at RSA parent corporation EMC. Attackers sent them email with a spoofed address purporting to be at a job recruitment website, with an Excel attachment titled 2011 Recruitment Plan. It wasn’t even clear why the employees would care about a spreadsheet from a third-party website, but they opened it—and a zero-day Flash exploit buried in the spreadsheet installed backdoor access to their work machines that soon laid open the keys to the kingdom.
7. 2021 Sharepoint Phishing Fraud targeting home workers • April 2021 saw yet another phishing attack emerge that appears specifically designed to target remote workers using cloud-based software. • The attack begins when the target receives an email—written in the urgent tone favored by phishing scammers—requesting their signature on a document hosted in Microsoft Sharepoint. • The email looks legitimate. It includes the Sharepoint logo and branding familiar to many office workers. But the link leads to a phishing site designed to siphon off users’ credentials.
2020 Vishing Scam results in compromise High- profile Twitter Users’ Accounts. • In July 2020, Twitter lost control of 130 Twitter accounts, including those of some of the world’s most famous people — Barack Obama, Joe Biden, and Kanye West. • Twitter has described the incident as a “phone spear phishing” attack (also known as a “vishing” attack). The calls’ details remain unclear, but somehow Twitter employees were tricked into revealing account credentials that allowed access to the compromised accounts.
Similarities of Social Engineering Attack Scenerios Some of the factors causing and influencing the success of these attacks • Fear • Greed • Curiosity • Urgency • Excess trust

Recomendados

Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHydn|u - The Open Security Community
 
Cybersecurity Awareness for employees.pptx
Cybersecurity Awareness for employees.pptxCybersecurity Awareness for employees.pptx
Cybersecurity Awareness for employees.pptxAbdullaFatiya3
 
Article how can organisations tackle business email compromise - paul wright
Article how can organisations tackle business email compromise - paul wrightArticle how can organisations tackle business email compromise - paul wright
Article how can organisations tackle business email compromise - paul wrightPaul Wright MSc
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022ndcmanagement
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceDulanja Liyanage
 
Databreach forecast
Databreach forecastDatabreach forecast
Databreach forecastSuresh Kesavan
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
 

Recomendados

Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHydn|u - The Open Security Community
 
Cybersecurity Awareness for employees.pptx
Cybersecurity Awareness for employees.pptxCybersecurity Awareness for employees.pptx
Cybersecurity Awareness for employees.pptxAbdullaFatiya3
 
Article how can organisations tackle business email compromise - paul wright
Article how can organisations tackle business email compromise - paul wrightArticle how can organisations tackle business email compromise - paul wright
Article how can organisations tackle business email compromise - paul wrightPaul Wright MSc
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022ndcmanagement
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceDulanja Liyanage
 
Databreach forecast
Databreach forecastDatabreach forecast
Databreach forecastSuresh Kesavan
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
 
O365Engage17 - Protecting your Users Against Email Spoofing and Phishing
O365Engage17 - Protecting your Users Against Email Spoofing and PhishingO365Engage17 - Protecting your Users Against Email Spoofing and Phishing
O365Engage17 - Protecting your Users Against Email Spoofing and PhishingNCCOMMS
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfBrafton
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gchiewmingli
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxtidwellveronique
 
Top Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryTop Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryProtected Harbor
 
Intro phishing
Intro phishingIntro phishing
Intro phishingSayali Dayama
 
June NOW 2014
June NOW 2014June NOW 2014
June NOW 2014Louis Smith
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
The Cost Of Hacking
The Cost Of HackingThe Cost Of Hacking
The Cost Of Hackingbluecoatss
 
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...Executive Leaders Network
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docxaryan532920
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Securityscstatelibrary
 
Phishing
PhishingPhishing
PhishingSyahida
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Worst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodWorst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodSecPod Technologies
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishingRaviteja Chowdary Adusumalli
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Mais conteúdo relacionado

Semelhante a social_engineering.pptx

O365Engage17 - Protecting your Users Against Email Spoofing and Phishing
O365Engage17 - Protecting your Users Against Email Spoofing and PhishingO365Engage17 - Protecting your Users Against Email Spoofing and Phishing
O365Engage17 - Protecting your Users Against Email Spoofing and PhishingNCCOMMS
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfBrafton
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxtidwellveronique
 
Top Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryTop Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryProtected Harbor
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
The Cost Of Hacking
The Cost Of HackingThe Cost Of Hacking
The Cost Of Hackingbluecoatss
 
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...Executive Leaders Network
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docxaryan532920
 
Phishing
PhishingPhishing
PhishingSyahida
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Worst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodWorst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodSecPod Technologies
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 

Semelhante a social_engineering.pptx (20)

O365Engage17 - Protecting your Users Against Email Spoofing and Phishing
O365Engage17 - Protecting your Users Against Email Spoofing and PhishingO365Engage17 - Protecting your Users Against Email Spoofing and Phishing
O365Engage17 - Protecting your Users Against Email Spoofing and Phishing
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdf
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docx
 
Top Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryTop Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout History
 
Intro phishing
Intro phishingIntro phishing
Intro phishing
 
June NOW 2014
June NOW 2014June NOW 2014
June NOW 2014
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
The Cost Of Hacking
The Cost Of HackingThe Cost Of Hacking
The Cost Of Hacking
 
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Security
 
Phishing
PhishingPhishing
Phishing
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
 
Worst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodWorst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPod
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
 

Último

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

social_engineering.pptx

  • 1. Real-life Scenerios of Social Engineering Social engineering may be the oldest type of attack on information systems still it works till today. Social engineering has become the backbone of many cyber threats, from phishing emails to smishing and vishing attacks. Here’s some real-life social engineering attacks
  • 2. 1. $ 100 Million Google and Facebook Spear Phishing Scam. • The biggest social engineering attack of all time (as far as we know) was perpetrated by Lithuanian national, Evaldas Rimasauskas, against two of the FAANG: Google and Facebook. Rimasauskas and his team set up a fake company, pretending to be a computer manufacturer that worked with Google and Facebook. Rimsauskas also set up bank accounts in the company’s name. • The scammers then sent phishing emails to specific Google and Facebook employees, invoicing them for goods and services that the manufacturer had genuinely provided — but directing them to deposit money into their fraudulent accounts. Between 2013 and 2015, Rimasauskas and his associates cheated the two tech giants out of over $100 million.
  • 3. 2. 2022 Persuasive email phishing attack imitates US Department of Labor • In January 2022, Bleeping Computer described a sophisticated phishing attack designed to steal Office 365 credentials in which the attackers imitated the US Department of Labor (DoL). The scam is a noteworthy example of how convincing phishing attempts are becoming. • The attack used two methods to impersonate the DoL’s email address—spoofing the actual DoL email domain (reply@dol[.]gov) and buying up look-a-like domains, including “dol-gov[.]com” and “dol- gov[.]us”. Using these domains, the phishing emails sailed through the target organizations’ security gateways.The emails used official DoL branding and were professionally written and invited recipients to bid on a government project. The supposed bidding instructions were included in a three-page PDF with a “Bid Now” button embedded.On clicking the link, targets were redirected to a phishing site that looked identical to the actual DoL site, hosted at a URL such as bid-dolgov[.]us. The fake bidding site instructed users to enter their Office 365 credentials. The site even displayed an “error” message after the first input, ensuring the target would enter their credentials twice and thus reducing the possibility of mistyped credentials.
  • 4. 3. Microsoft 365 phishing scam steals credentials in 2021 • In April 2021, security researchers discovered a Business Email Compromise (BEC) scam that tricks the recipient into installing malicious code on their device. • The target receives a blank email with a subject line about a “price revision.” The email contains an attachment that looks like an Excel spreadsheet file (.xlsx). However, the “spreadsheet” is actually a .html file in disguise. • Upon opening the (disguised) .html file, the target is directed to a website containing malicious code. The code triggers a pop-up notification, telling the user they’ve been logged out of Microsoft 365, and inviting them to re- enter their login credentials.
  • 5. 4. Sacramento phishing attack exposes health information in 2021. • Five employees at Sacramento County revealed their login credentials to cybercriminals after receiving phishing emails on June 22, 2021. • The attack was discovered five months later, after an internal audit of workers’ email inboxes. • The breach occurred after employees received phishing emails containing a link to a malicious website. The targets entered their usernames and passwords into a fake login page which were then harvested by cybercriminals. • The attack resulted in a data breach exposing 2,096 records of health information and 816 records of “personal identification information.” The county notified the victims by email and offered free credit monitoring and identity theft services. • It remains to be seen whether this proposed resolution by the county will be enough. Protection of health information is particularly tightly regulated in the US, under the Health Insurance Portability and Accountability Act (HIPAA), and data breaches involving health data have led to some hefty lawsuits in the past.
  • 6. 5. 2021 Singapore Bank phishing saga • Customers of the Oversea-Chinese Banking Corporation (OCBC) were hit by a string of phishing attacks and malicious transactions in 2021, leading to around $8.5 million of losses across approximately 470 customers. • OCBC customers were duped into giving up their account details after receiving phishing emails in December 2021. The situation escalated quickly despite the bank shutting down fraudulent domains and alerting customers of the scam.
  • 7. 6. 2011 RSA SecurID Phishing Attack • In 2011, one of these attacks bit encryption giant RSA and succeeded in netting hackers valuable information about the company’s SecurID two-factor authentication fobs. • Although RSA initially denied that the information could help hackers compromise anyone using SecurID, defense contractor Lockheed Martin soon detected hackers attempting to breach their network using stolen SecurID data. RSA backpedaled quickly and agreed to replace most of the distributed security tokens. • All this trouble boiled down to four employees at RSA parent corporation EMC. Attackers sent them email with a spoofed address purporting to be at a job recruitment website, with an Excel attachment titled 2011 Recruitment Plan. It wasn’t even clear why the employees would care about a spreadsheet from a third-party website, but they opened it—and a zero-day Flash exploit buried in the spreadsheet installed backdoor access to their work machines that soon laid open the keys to the kingdom.
  • 8. 7. 2021 Sharepoint Phishing Fraud targeting home workers • April 2021 saw yet another phishing attack emerge that appears specifically designed to target remote workers using cloud-based software. • The attack begins when the target receives an email—written in the urgent tone favored by phishing scammers—requesting their signature on a document hosted in Microsoft Sharepoint. • The email looks legitimate. It includes the Sharepoint logo and branding familiar to many office workers. But the link leads to a phishing site designed to siphon off users’ credentials.
  • 9. 2020 Vishing Scam results in compromise High- profile Twitter Users’ Accounts. • In July 2020, Twitter lost control of 130 Twitter accounts, including those of some of the world’s most famous people — Barack Obama, Joe Biden, and Kanye West. • Twitter has described the incident as a “phone spear phishing” attack (also known as a “vishing” attack). The calls’ details remain unclear, but somehow Twitter employees were tricked into revealing account credentials that allowed access to the compromised accounts.
  • 10. Similarities of Social Engineering Attack Scenerios Some of the factors causing and influencing the success of these attacks • Fear • Greed • Curiosity • Urgency • Excess trust