Your SlideShare is downloading. ×
Social engineering power point
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Social engineering power point

340

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
340
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1.  Social engineering is the process of acquiring information from legitimate users for illegitimate means  Social engineering poses a significant threat to any organization.
  • 2.  Loss of company assets  Loss of client assets and information  Loss of revenue because companies cease to conduct business with entities that do not adequately protect their information  Can result in financial losses for individuals
  • 3.  Numerous customers of WFC discovered unauthorized purchases on their credit cards  Amounts exceeded $100,000  EW was required to pay $100,000 due to contract obligations  EW lost contracts with other companies  Mr. Farmer, Director of Web Promotion lost his job
  • 4.  Hacker used publicly available information to gain knowledge of company and employees  Hacker dropped the names of WFC and EW employees in an effort to build a relationship with Mr. Farmer  Hacker was able to exploit the misconduct of an employee in order to gain needed information  Mr. Farmer knew he was in trouble and the hacker played on this  Hacker acted as if he would protect Mr. Farmer from losing his job
  • 5.  Hacker was helping Mr. Farmer view more website that he liked  Mr. Farmer readily provided his password in hopes of not getting in trouble for the unapproved website viewing
  • 6.  Training was not conducted to educate employees of the implications of the release of information  Mr. Farmer was using IM to divulge personal information about himself  WFC and EW websites were thoroughly researched to find information that could be exploited  Mr. Farmer’s chat room discussion that revealed his employer and job title quite possible let to the hacker’s decision to target him
  • 7.  The same password was used for multiple accounts by Mr. Farmer  He used a strong password and felt it was adequate to use for all accounts
  • 8.  Employees should be educated on how to use strong passwords and not to use the same one for all accounts  Educate employees not to become a victim to coercion or enticement techniques employed by SEs  The company must not be narrowly focused concerning security. It must look at all areas that is can secure data  Utilization of secure password techniques  Sound policy on use of computers
  • 9.  Educate employees on ensuring the identity of people they are speaking with  Educate employees not to reveal information outside of official communication  Ensuring employees are not doing things that could be exploited by a potential hacker  Properly dispose of any information that could be used against the company, employees and clients
  • 10. Mr. Farmer put himself in the position of vulnerability to hackers by visiting these illicit websites.  What can an organization do to discourage this type of behavior?  How is a company to know that an individual is engaging in a certain type of behavior that would make the company vulnerable for an attack?
  • 11.  Honan, M. (2007). How Apple and Amazon Security Flaws Led to My Epic Hacking. Retrieved from: http://www.wired.com/gadgetlab/2012/08/ apple-amazon-mat-honan-hacking/all/

×