Understand Social Engineering on a new perspective, beyond the conventional understanding that we have, learn how we use it on social development and securing the weakest link in cybersecurity
2. Objective
• Understand the principles of Social Engineering on both ends, the
good and the bad
• Define the goals of Social Engineering
• Recognize the signs of Social Engineering
• Social Media and Social Engineering
• Identify ways how to sort out information to protect or comply
responsibly
3. Social Engineering?
• Definition 1
• A method by which people are manipulated, consciously or unconsciously to
extract information, personal and valuable information for the following
purposes:
• Hacking into accounts
• Identity Theft
• Done with:
• Psychological Manipulation
• Trickery or Deception
4. Social Engineering?
• Definition 2
• It is a way by criminals to lure victims to an infected item to secretly install
spyware, trojans and malwares or to use a mock up login page to trick users
to enter their username and password.
5. Social Engineering?
• Definition 3
• It is the most effective way to steal confidential data from an unsuspecting
victims.
• According to Siemens Enterprise Communications, based in Germany. In a
recent Siemens test, 85 percent of office workers were duped by
engineering.
“Most employees are utterly unaware that they are being manipulated,” says
Colin Greenlees, security and counter-fraud consultant at Siemens.
6. Social Engineering?
It is a method governed by several discipline such as psychology and
mathematics to bring about shift on mindset or thinking of the
target individual or population to bring about compliance based on
goals and targets of the Social Engineer, whether it is good or bad…
Good Bad
Rapid Mind shift towards Social Change for
the Better
Inciting Rebellion
Effective Compliance to Laws Data Leakage through irresponsible mind or
thought shaping
7. Social Engineering and Security Challenges
• What are they up to?
• Valuable Information
• Identity
• Profiling Data
• Compliance
• Manipulation
8. Social Engineering and Security
• Information Theft
• Obtaining simple information such as your pet's name, birthday, where
you're from, the places you've visited; information that you'd give out freely
to your friends.
• Think of yourself as a walking computer, full of valuable information about
yourself. You've got a name, address, and valuables. Now categorize those items
like a business does. Personally identifiable data, financial information,
cardholder data, health insurance data, credit reporting data, and so on…
9. Social Engineering and Security
• Where do you use the information?
• Answers to secret questions…
What's the name of your first pet?
What is your maiden name?
When was your mother/father born?
Where were you born?
When are you born?
10. Social Engineering and Security
• Common strategies that are used:
Pretexting – Creating a fake scenario “Mr. Zimbabwe”
Phishing and Fake Websites – Send out bait to fool victims into giving
away their information using a site that looks like the real thing. Log in
with real credentials that are now compromised “FB Fake Login Page”
–Fake Pop-up – Pops up in front of real web site to obtain user
credentials “Special Offer”
11.
12. Social Engineering and Security
• Large Scale Mind Shift Operation
• FB Emotion Targeting Experiment
• Negative post are increased that affected users emotions and pushed them to post
more negative stuff
• “Million People March”
• A viral phenomenon where the citizenry’s flared up emotions are used to bring them
to gather around Rizal Park last 2011, organizers used social engineering to
effectively invite people
• Smarter Philippines Rapid Mind Shift Framework
• Highly based on social engineering principles to rapidly shift the mindset of the
target social group to enhance productivity and compliance
13. Protection?
• To protect yourself from the bad side of Social Engineering you
should:
Recognize inappropriate requests for information
Take ownership for corporate security
Understand risk and impact of security breeches
Social engineering attacks are personal
Password management
Two factor authentication
Physical security
Understand what information you are putting on the Web for targeting at social
network sites
14. Making it Effective?
• How to make if effective if you are geared towards the good side
of Social Engineering?
• Know the target, weaknesses and strengths
• Work on the need
• Localize
• Rapid IEC
• Real Results