Nowadays if you want to hack a corporation or damage a personal "enemy" fast, Social Engineering techniques work every time and more often than not it works the first time. Within the presentation you will be able to learn what social engineering is, types of social engineering and related threats.
3. Social Engineering: Content
• Content:
– What is social engineering?
– Types of social engineering & new age threats
– How to use Facebook to ruin someone’s life
– Countermeasures
– Q&A
6. Social Engineering: Intro
• Victims of social engineering
– RSA
• Infected Excel attachment, over $100 million of damage
– Well Fargo Bank
• “Catholic Healthcare” phone call, $2.1 million vanished
– Vodafone Help Desk
• Malware and fraud call, end user lost everything
8. Social Engineering: Basics to Succeed
• What is social engineering?
The attempt to control social behaviour.
– The 3 Critical Success Factors:
• trust
• satisfaction
• relationship
12. Social Engineering: Types
• Old-Fashioned Types of Social Engineering Techniques:
– Direct approach
– Important user
– Helpless user
– Technical support
– Mail-outs
– Social media - Facebook
16. Social Engineering: Types
• New-Fashioned Types of Social Engineering Techniques:
– 1. Phishing with new lethal-strains of ransomware
17. Social Engineering: Types
• New-Fashioned Types of Social Engineering Techniques:
– 2. IVR and robocalls for credit card information
Did you purchase a flat screen TV for
$3,295? Press 1 for yes or 2 for no.
18. Social Engineering: Types
• New-Fashioned Types of Social Engineering Techniques:
– 3. Phishing with funerals
20. Social Engineering: Practical example
• 1st step: Protect your identity
– Install new operation system on a new disk
– Encrypt your disk
– Use anonymous proxy
– Use free Wi-Fi in a bar
– Preform attack drinking cold beer
21. Social Engineering: Practical example
• 2nd step: Fake e-mail and Facebook account
– The character must be:
• Woman*
• 25 to 35 years old
• Single
• High educated
• Interesting
* Statistically is proven that the success rate using a woman character
is more than 100 times (!) higher then using a male profile.
22. Social Engineering: Practical example
• 3rd step: Select the victim(s)
– Before sending the invitation:
• Get him/her friends
• Get him/her interests
23. Social Engineering: Practical example
• 4th step: Get the victim(s) as friend
– Start chatting and get sensitive information
– Start chat and get “sensitive” photos
– Post link to an infected site
– …
24. Social Engineering: How to spot
• How to spot Social Engineering attack?
– unusual requirements
– requiring respect for authority
– threating with negative consequences
– giving praise and flattery
– offering something for nothing
– seems too good to be true, etc…
25. Social Engineering: Countermeasure
• Social Engineering Countermeasure
– Slow down and Research the facts
– Delete any request for financial information or passwords.
– Reject requests for help or offers of help
– Don’t let a link in control of where you land
– Do not post yours personal data or photos
– Do not reveal sensitive data (e.g. passwords)
– Do not avoid policies and procedures
– Report any suspicious activity
26. Social Engineering: Last Slide… Promise!
• Questions and discussion
“There is no such thing as a stupid question, only stupid answers“: Colin Powell
www.facebook.com/realexninja
Company HistoryFounded in 2000 – Founder Colm Lyon remains our CEO – still heavily involved.Key Focus on connecting CNP multi-channel merchants to banksPayment solutions,
You probably remember the story of the Trojan War, because this war was one of the most important events in Greek mythology. You probably also remember that Achaean (ARKIJN) troops besieged the city of Troy for ten years without any results and a lot of soldiers died in vain. Because the raw Attack on Trojans technology or walls did not work, the army of Achaean decided to attack the Trojans mind. And then the city fell to the ruse of the Trojan Horse made by wood in just one day. Why the wooden trick was so efficient? Because of usage of the power of social engineering.
An unidentified scammer managed to convince Well Fargo Bank to transfer $2.1 million to him from Catholic Healthcare West's bank account."The brazen theft was pulled off ingeniously, but the biggest responsibility for its successful realization seems to lay with the Wells Fargo escrow agent who authorized the transfer without thoroughly checking on the legitimacy of the requests," writes Help Net Security's ZeljkaZorz."Armed with the name of the bank where Catholic Healthcare West had the account and the name and signature of the chain's CFO, the fraudster put the plan in motion in December 2011, Forbes reports," Zorz writes.
An unidentified scammer managed to convince Well Fargo Bank to transfer $2.1 million to him from Catholic Healthcare West's bank account."The brazen theft was pulled off ingeniously, but the biggest responsibility for its successful realization seems to lay with the Wells Fargo escrow agent who authorized the transfer without thoroughly checking on the legitimacy of the requests," writes Help Net Security's ZeljkaZorz."Armed with the name of the bank where Catholic Healthcare West had the account and the name and signature of the chain's CFO, the fraudster put the plan in motion in December 2011, Forbes reports," Zorz writes.