Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Amazon Social Engineering slides

40 views

Published on

Amazon Social Engineering slides

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Amazon Social Engineering slides

  1. 1. HOW TO SPOT A SOCIAL ENGINEERING EMAIL
  2. 2. Social engineering is essentially the act of manipulating people into giving access to confidential information or areas, rather than using force or hacking. The information they seek can be anything from passwords to bank details, or even employee records from businesses. Some common social engineering techniques include pretexting, baiting, tailgating, and - most prominently – phishing. All of these tactics differ from each other slightly, but they all depend on the attacker’s ability to trick the victim into trusting them.
  3. 3. 1. Check Email Addresses The display name might look authentic, but email addresses are much harder to falsify. With many companies purchasing their own domain names, attackers often have to alter the spelling slightly – in our example you can see that the domain replaces the O in ‘Amazon’ with an A.
  4. 4. 2. Hyperlinks If an email from an unknown source includes lots of pushy links or buttons be wary; they can often harbour malicious software that can log your keystrokes or take you to a convincing website where they can steal your login details. Avoiding links altogether is the best practice, but if it seems to be for an important page try using a trusted search engine to find it instead, or hover over the link before clicking to reveal the URL.
  5. 5. 3. The Context Different social engineering tactics use different methods to try to persuade the user into complying. In this instance, the message offers a reward in exchange for following the link, which is an example of a baiting email. Other tactics may offer a service or use urgent language to scare the target into clicking through the link.
  6. 6. 4. Too good to be true The biggest give-away with scam emails is that they always go for the big flashy prizes, or large sums of money. In this instance, the example doesn’t give an amount for the refund, but it does offer a scenario, meaning you can easily check your bank to see if you really were ‘double charged’ before proceeding.
  7. 7. For more topics and training material visit the Boxphish website.

×