Social Engineering Brief >> 08.06.2012                   Social Engineering
Social Engineering Brief >> 08.06.2012Social EngineeringNew media and new socialapplications add to the long list oftools ...
Social Engineering Brief >> 08.06.2012DefinitionSocial engineering is a non-technical way of intrusion thatexploits human ...
Social Engineering Brief >> 08.06.2012ActivitiesPhishing – per e-mail or telephoneemployees are convinced todisclose sensi...
Social Engineering Brief >> 08.06.2012ActivitiesDustbin searching – socialengineers search and analyzedustbin contentPassw...
Social Engineering Brief >> 08.06.2012TacticsSocial Engineering exploits humanbehavior and addresses traits suchas vanity,...
Social Engineering Brief >> 08.06.2012DefendBeyond a comprehensive and strictcorporate information policy andemployee guid...
Social Engineering Brief >> 08.06.2012DefendSecond rule – avoid time pressure;ask for a telephone number or e-mail address...
Social Engineering Brief >> 08.06.2012DefendFourth rule – in case of uncertaintyimmediately involve superiors /security pe...
Social Engineering Brief >> 08.06.2012INFO + DATENINFO + DATEN GmbH & Co. KGUdo HohlfeldP:   +49 6731 5493512M: contact @ ...
Upcoming SlideShare
Loading in …5
×

Social engineering brief

529 views
424 views

Published on

Self-read brief on social engineering - definition, activities, tactics, defense

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
529
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Social engineering brief

  1. 1. Social Engineering Brief >> 08.06.2012 Social Engineering
  2. 2. Social Engineering Brief >> 08.06.2012Social EngineeringNew media and new socialapplications add to the long list oftools and techniques to elicit criticalbusiness information fromemployees. This information can beused to harm businesses and to putthem in a disadvantage position intheir competitive environment.
  3. 3. Social Engineering Brief >> 08.06.2012DefinitionSocial engineering is a non-technical way of intrusion thatexploits human behavior based onhuman interaction. Often socialengineering involves false claims,statements and identities to tricktarget individuals and have thembreak normal security procedures.Actually, social engineering is part ofall kinds of exploits.
  4. 4. Social Engineering Brief >> 08.06.2012ActivitiesPhishing – per e-mail or telephoneemployees are convinced todisclose sensitive informationMalware – employees are urged torun virus infected software oncorporate devicesShoulder surfing – social engineerslook over employees’ shoulders tomemorize passwords
  5. 5. Social Engineering Brief >> 08.06.2012ActivitiesDustbin searching – socialengineers search and analyzedustbin contentPassword guessing – socialengineers take advantage ofemployees’ natural habit to usepasswords that are meaningful totheir personal circumstances andthus can be easily guessed
  6. 6. Social Engineering Brief >> 08.06.2012TacticsSocial Engineering exploits humanbehavior and addresses traits suchas vanity, lack of self-confidence,greed, craving for recognition,helpfulness … A supportive fact tosuccessful social engineering is thatnowadays employees have notcompletely grasped the value ofinformation in general and ofbusiness related information inparticular. The complexity of theinformation society adds to this, too.
  7. 7. Social Engineering Brief >> 08.06.2012DefendBeyond a comprehensive and strictcorporate information policy andemployee guideline, there are fourrules that can be easily followed toprotect the employee and theemployer against social engineering:First rule – inhale and follow thecorporate information policy andguideline
  8. 8. Social Engineering Brief >> 08.06.2012DefendSecond rule – avoid time pressure;ask for a telephone number or e-mail address to get back in touchThird rule – verify claims /statements which put you on thespot and urge you to act withoutthinking; verify the urgency, theindividual, the situation, the requestat all
  9. 9. Social Engineering Brief >> 08.06.2012DefendFourth rule – in case of uncertaintyimmediately involve superiors /security personal
  10. 10. Social Engineering Brief >> 08.06.2012INFO + DATENINFO + DATEN GmbH & Co. KGUdo HohlfeldP: +49 6731 5493512M: contact @ infoplusdaten . netW: www.infoplusdaten.net

×