Definition of Social Engineering
Social engineering is the art of manipulating people to disclose confidential information, perform actions, or compromise security.
It involves psychological manipulation and technical exploits
2. Definition of Social
Engineering
Social engineering is the art of manipulating people to
disclose confidential information, perform actions, or
compromise security.
It involves psychological manipulation and technical
exploits.
Goals of Social Engineering
Obtain sensitive information (passwords, credit card
details, etc.)
Gain unauthorized access to systems or physical
spaces
Influence people's behavior to perform specific actions
Circumvent security measures and controls
3. Types of Social Engineering
Attacks
Phishing: Sending deceptive emails or messages to
trick recipients into revealing sensitive information.
Pretexting: Creating a false narrative or scenario to gain
someone's trust and extract information or access.
Baiting: Offering something enticing (e.g., USB drive, free
merchandise) to prompt a person to take an action that
compromises security.
Tailgating: Unauthorized entry to a restricted area by
following someone who has authorized access.
Impersonation: Pretending to be someone else, such as
a trusted authority figure, to gain trust and manipulate
individuals.
4. Phishing
91% of UK companies experienced at least one successful phishing attack in 2021
Phishing
When criminals use scam emails,
text messages (smishing) or
phone calls (vishing) to trick their
victim with the aim to make you
visit a website or open a file,
which may download a virus onto
your device or direct you to a
malicious website to steal your
personal details.
Don’t take the
bait
URGE
NT
DOES IT LOOK
LEGITIMATE?
REPORT
IT
Use your 'report
suspicious email'
button located at
the top of your
outlook window.
SPELLI
NG
MISTAK
ES
VAGU
E
FISHING THE
PHISH
5. Phishing CASES
A real-life demo of a phishing scam – this could be you!
FISHING THE
PHISH
2020: TWITTER In 2020, Twitter became the site of social engineering attacks where the
accounts of Barack Obama, Bill Gates, Elon Musk, and others were compromised to
solicit Bitcoins from their followers. The creators of the social engineering attack earned
nearly $120,000 in Bitcoin, but the greatest danger was the clear access the hackers
had to the celebrities' accounts, although supposedly no personal data was
compromised.
2016: Democratic Party The email hack of the US Democratic
Party during the presidential election campaign in 2016 is
one of the most emblematic social engineering attacks in recent memory.
Russian hackers launched a spear-phishing attack against Democratic Party leaders,
which allowed them to access sensitive campaign information and data from nearly
500,000 voters.
2019: Tinder Swindler The infamous "Tinder Swindler" has been around since 2011
and has deceived victims into financing a luxurious lifestyle through a series of
romantic scams. He used a combination of manipulation, love influence, and a lie as
an excuse, eventually stealing around $10 million in his last two years of social
engineering tricks. In 2019, he was convicted, and in 2022, the swindler himself fell
victim to a scam, losing nearly $7,000 of the money he had worked hard to earn
(through the scam).
2018: The Federal Police (PF) investigate the theft of computers from Petrobras
contained strategic information about oil exploration activities. According to PF
delegate Carla Dolinski in Macaé, the information was stored on four notebooks and
two hard drives belonging to the service provider company Halliburton, which were
stolen from a container transported from Santos to Macaé by the carrier Transmagno.
The shipment left Santos on January 18th and arrived in Macaé 12 days later. "On
January 31st, Halliburton employees noticed that the seal of the container had been
broken," the delegate said.).
6. Phishing
Best Practices for Personal
Security
• Protect personal information (e.g., avoid sharing sensitive details on social
media).
• Regularly update passwords and use strong, unique passwords for different
accounts.
• Enable two-factor authentication wherever possible.
• Be cautious when clicking on links or downloading attachments from unknown
or suspicious sources.
Conclusion
Social engineering attacks exploit human psychology and trust. By
understanding the techniques used in social engineering attacks, we can better
protect ourselves and our organizations.
Stay informed, stay
vigilant, and stay secure!