Your SlideShare is downloading. ×
Social engineering power point
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Social engineering power point


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1.  Social engineering is the process of acquiring information from legitimate users for illegitimate means  Social engineering poses a significant threat to any organization.
  • 2.  Loss of company assets  Loss of client assets and information  Loss of revenue because companies cease to conduct business with entities that do not adequately protect their information  Can result in financial losses for individuals
  • 3.  Numerous customers of WFC discovered unauthorized purchases on their credit cards  Amounts exceeded $100,000  EW was required to pay $100,000 due to contract obligations  EW lost contracts with other companies  Mr. Farmer, Director of Web Promotion lost his job
  • 4.  Hacker used publicly available information to gain knowledge of company and employees  Hacker dropped the names of WFC and EW employees in an effort to build a relationship with Mr. Farmer  Hacker was able to exploit the misconduct of an employee in order to gain needed information  Mr. Farmer knew he was in trouble and the hacker played on this  Hacker acted as if he would protect Mr. Farmer from losing his job
  • 5.  Hacker was helping Mr. Farmer view more website that he liked  Mr. Farmer readily provided his password in hopes of not getting in trouble for the unapproved website viewing
  • 6.  Training was not conducted to educate employees of the implications of the release of information  Mr. Farmer was using IM to divulge personal information about himself  WFC and EW websites were thoroughly researched to find information that could be exploited  Mr. Farmer’s chat room discussion that revealed his employer and job title quite possible let to the hacker’s decision to target him
  • 7.  The same password was used for multiple accounts by Mr. Farmer  He used a strong password and felt it was adequate to use for all accounts
  • 8.  Employees should be educated on how to use strong passwords and not to use the same one for all accounts  Educate employees not to become a victim to coercion or enticement techniques employed by SEs  The company must not be narrowly focused concerning security. It must look at all areas that is can secure data  Utilization of secure password techniques  Sound policy on use of computers
  • 9.  Educate employees on ensuring the identity of people they are speaking with  Educate employees not to reveal information outside of official communication  Ensuring employees are not doing things that could be exploited by a potential hacker  Properly dispose of any information that could be used against the company, employees and clients
  • 10. Mr. Farmer put himself in the position of vulnerability to hackers by visiting these illicit websites.  What can an organization do to discourage this type of behavior?  How is a company to know that an individual is engaging in a certain type of behavior that would make the company vulnerable for an attack?
  • 11.  Honan, M. (2007). How Apple and Amazon Security Flaws Led to My Epic Hacking. Retrieved from: apple-amazon-mat-honan-hacking/all/