Harold        WiFiAwareness Social Engineeringand Phishing ScamsAvoiding Social Engineering          Online
Overview• What is social engineering• What is phishing• What types of phishing are there• What do social engineers do• How...
What Is Social Engineering?•Manipulation•Method to gain information•The Art of Deception       Security II: Turn off the M...
What Is Phishing?• A fake website, email, or sms used to obtain information• A method to obtain information• A form of dec...
What Do Social Engineers Do | Tools Used•Manipulation                               •Social Engineer Toolkit              ...
Email Phishing                                                                           An email from Wachovia,          ...
Website Phishing                                                                           What is wrong with this        ...
IM Phishing                                                                          Fake IM’s can link you to            ...
TinyURL                                                                          URL shorteners like                      ...
Phishing For More                                                                      Fake or Phished websites           ...
The Java Applet                                                                        Some phished WebPages will         ...
Call Spoofing                                                                         Some social engineers will call     ...
Resourceshttp://www.secmaniac.com/http://www.offensive-security.com/http://www.backtrack-linux.org/http://www.hak5.orghttp...
Upcoming SlideShare
Loading in...5
×

Social engineering and Phishing

1,504

Published on

Published in: Technology, News & Politics
1 Comment
0 Likes
Statistics
Notes
  • why donot Download
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
1,504
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide
  • And remember, if a file contains unsigned code, never open it unless you’re sure you can trust its creator.
  • Note: This process is slightly different in Microsoft Office Outlook ® and Microsoft Office Publisher.
  • Social engineering and Phishing

    1. 1. Harold WiFiAwareness Social Engineeringand Phishing ScamsAvoiding Social Engineering Online
    2. 2. Overview• What is social engineering• What is phishing• What types of phishing are there• What do social engineers do• How do you protect yourself Feel free to ask questions Security II: Turn off the Message Bar and run code safely
    3. 3. What Is Social Engineering?•Manipulation•Method to gain information•The Art of Deception Security II: Turn off the Message Bar and run code safely
    4. 4. What Is Phishing?• A fake website, email, or sms used to obtain information• A method to obtain information• A form of deception• Used to commit ID theft (financial or social) Security II: Turn off the Message Bar and run code safely
    5. 5. What Do Social Engineers Do | Tools Used•Manipulation •Social Engineer Toolkit •Caller ID Spoofing•Theft •SMS Spoofing•Information •Modified Web Servers •TinyURL Services•Corporate Spies •Fake IDS Security II: Turn off the Message Bar and run code safely
    6. 6. Email Phishing An email from Wachovia, Wonder whats up with my account Be aware of emails like this, banks will never ask for your login “Your account access will details online. If concerned call your bank and NEVER respond to remain limited until the issue such emails has been resolved please login to your account byNote: A good tip off (but not always accurate) is to see if it was marked as clicking on the link below”spam, usually these users use unverified smtp servers that will be marked asspam, use a more secure email service like Google’s Gmail service. Security II: Turn off the Message Bar and run code safely
    7. 7. Website Phishing What is wrong with this picture? It appears to be the paypal login page…….right?Above you see the paypal login page, but look at the blownup image to right right and you’ll notice that the address bardoes not read paypal.comThis is a fake paypal spoof or clone (phish) that appears tobe paypal in order to steal your money and account details Security II: Turn off the Message Bar and run code safely
    8. 8. IM Phishing Fake IM’s can link you to phished websites to gain your login info1 The user send the victim a fake IM, telling him he uploaded some photos online2 The victim, concerned checks out the site, thinking he needs to login to the (fake) site to see the images, gives the social engineer his login details Security II: Turn off the Message Bar and run code safely
    9. 9. TinyURL URL shorteners like Tinyurl.com can be useful to make long urls shorter for you to send in emails or im’s. But they can also be useful to Social Enginners and PhishersThis site makes long urls shortEx: http://google.com/long_address_that_is_long is changed to http://tinyurl.com/shorter_urlBut that means the phisher can make a suspisous url look safeEx: 489.45.145.156/facebook.php look like http://tinyurl.com/my_new_fb_pics Security II: Turn off the Message Bar and run code safely
    10. 10. Phishing For More Fake or Phished websites can include java or browser exploits that give the social engineer full access to your pcTo the right is an attacker using an iPhone 4 tomake a fake facebook login page, shown above.Instead of taking the users login info, he uses ajava exploit to access the entire machine Security II: Turn off the Message Bar and run code safely
    11. 11. The Java Applet Some phished WebPages will use java applications to allow them FULL access to your computer Sometimes they are persistent, that’s a sign of an exploited java app1 Does the publisher match the site? Does the From address? Ask yourself questions before doing something to Does the site have a good reason to run java? save yourself trouble2 Security II: Turn off the Message Bar and run code safely
    12. 12. Call Spoofing Some social engineers will call you using fake information trying to verify your account information Using free software or cheap online services anyone can fake their caller id1 Never talk about personally identifiable information unless you are Ask yourself if you know sure you know who your talking to, preferably only if you called the person, if they sound them. right.2 If you have an iPhone use apps like unhide to show the true caller id of the user Security II: Turn off the Message Bar and run code safely
    13. 13. Resourceshttp://www.secmaniac.com/http://www.offensive-security.com/http://www.backtrack-linux.org/http://www.hak5.orghttp://www.remote-exploit.orghttp://www.metasploit.comhttp://www.exploit-db.com/http://www.social-engineer.org/http://www.darkreading.com/http://www.spoofcard.com Security II: Turn off the Message Bar and run code safely

    ×