SlideShare a Scribd company logo

Social engineering

Download as PPT, PDF
Harold Giddings
Harold Giddings

The document discusses social engineering and phishing scams. It defines social engineering as manipulation to gain information through deception. Phishing involves using fake websites, emails or SMS to steal personal information. Common phishing techniques include email phishing, website spoofing, IM links to phishing sites, URL shorteners used to disguise malicious links, exploiting Java apps or browser flaws to gain full access to a target's computer, and caller ID spoofing to pose as legitimate companies. The document provides examples of these techniques and advises on how to protect yourself from social engineering attacks.

Technology
1 of 13
Harold Giddings Social Engineering and Phishing Scams Avoiding Social Engineering Online
Security II: Turn off the Message Bar and run code safely Overview • What is social engineering • What is phishing • What types of phishing are there • What do social engineers do • How do you protect yourself Feel free to ask questions
What Is Social Engineering? Security II: Turn off the Message Bar and run code safely •Manipulation •Method to gain information •The Art of Deception
What Is Phishing? • A fake website, email, or sms used to obtain information Security II: Turn off the Message Bar and run code safely • A method to obtain information • A form of deception • Used to commit ID theft (financial or social)
What Do Social Engineers Do | Tools Used Security II: Turn off the Message Bar and run code safely •Manipulation •Theft •Information •Corporate Spies •Social Engineer Toolkit •Caller ID Spoofing •SMS Spoofing •Modified Web Servers •TinyURL Services •Fake IDS
Email Phishing Security II: Turn off the Message Bar and run code safely An email from Wachovia, Wonder whats up with my account Be aware of emails like this, banks will never ask for your login details online. If concerned call your bank and NEVER respond to such emails “Your account access will remain limited until the issue has been resolved please login to your account by Note: A good tip off (but not always accurate) is to see if it was marked as clicking on the link below” spam, usually these users use unverified smtp servers that will be marked as spam, use a more secure email service like Google’s Gmail service.
Website Phishing Security II: Turn off the Message Bar and run code safely What is wrong with this picture? It appears to be the paypal login page…….right? Above you see the paypal login page, but look at the blown up image to right right and you’ll notice that the address bar does not read paypal.com This is a fake paypal spoof or clone (phish) that appears to be paypal in order to steal your money and account details
IM Phishing Security II: Turn off the Message Bar and run code safely Fake IM’s can link you to phished websites to gain your login info 1 2 The user send the victim a fake IM, telling him he uploaded some photos online The victim, concerned checks out the site, thinking he needs to login to the (fake) site to see the images, gives the social engineer his login details
TinyURL Security II: Turn off the Message Bar and run code safely URL shorteners like Tinyurl.com can be useful to make long urls shorter for you to send in emails or im’s. But they can also be useful to Social Enginners and Phishers This site makes long urls short Ex: http://google.com/long_address_that_is_long is changed to http://tinyurl.com/shorter_url But that means the phisher can make a suspisous url look safe Ex: 489.45.145.156/facebook.php look like http://tinyurl.com/my_new_fb_pics
Phishing For More Security II: Turn off the Message Bar and run code safely Fake or Phished websites can include java or browser exploits that give the social engineer full access to your pc To the right is an attacker using an iPhone 4 to make a fake facebook login page, shown above. Instead of taking the users login info, he uses a java exploit to access the entire machine
The Java Applet Security II: Turn off the Message Bar and run code safely Some phished WebPages will use java applications to allow them FULL access to your computer Sometimes they are persistent, that’s a sign of an exploited java app 1 2 Does the publisher match the site? Does the From address? Does the site have a good reason to run java? Ask yourself questions before doing something to save yourself trouble
Call Spoofing Security II: Turn off the Message Bar and run code safely Some social engineers will call you using fake information trying to verify your account information Using free software or cheap online services anyone can fake their caller id 1 2 Never talk about personally identifiable information unless you are sure you know who your talking to, preferably only if you called them. Ask yourself if you know the person, if they sound right. If you have an iPhone use apps like unhide to show the true caller id of the user
Resources Security II: Turn off the Message Bar and run code safely http://www.secmaniac.com/ http://www.offensive-security.com/ http://www.backtrack-linux.org/ http://www.hak5.org http://www.remote-exploit.org http://www.metasploit.com http://www.exploit-db.com/ http://www.social-engineer.org/ http://www.darkreading.com/ http://www.spoofcard.com

Recommended

Social Engineering
Social EngineeringSocial Engineering
Social EngineeringGiddingsComputerServices
 
AI And Cyber-security Threats
AI And Cyber-security ThreatsAI And Cyber-security Threats
AI And Cyber-security ThreatsSpotle.ai
 
Hacking
HackingHacking
HackingMo Irshad Ansari
 
Danger of facebook
Danger of facebookDanger of facebook
Danger of facebookamir khaled
 
Dangers of Facebook
Dangers of FacebookDangers of Facebook
Dangers of Facebookamir khaled
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
Verified Accounts
Verified AccountsVerified Accounts
Verified Accountsrymarbett
 
security for fb
security for fbsecurity for fb
security for fbharsh soni
 

Recommended

Social Engineering
Social EngineeringSocial Engineering
Social EngineeringGiddingsComputerServices
 
AI And Cyber-security Threats
AI And Cyber-security ThreatsAI And Cyber-security Threats
AI And Cyber-security ThreatsSpotle.ai
 
Hacking
HackingHacking
HackingMo Irshad Ansari
 
Danger of facebook
Danger of facebookDanger of facebook
Danger of facebookamir khaled
 
Dangers of Facebook
Dangers of FacebookDangers of Facebook
Dangers of Facebookamir khaled
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing FrameworkIJAEMSJORNAL
 
Verified Accounts
Verified AccountsVerified Accounts
Verified Accountsrymarbett
 
security for fb
security for fbsecurity for fb
security for fbharsh soni
 
RP Phishing Awareness
RP Phishing Awareness RP Phishing Awareness
RP Phishing Awareness Marketing Ruhrpumpen
 
INTERNET AND ITS APPLICATION RESOURCES
INTERNET AND ITS APPLICATION RESOURCESINTERNET AND ITS APPLICATION RESOURCES
INTERNET AND ITS APPLICATION RESOURCESsushantjuneja1
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Online Scams: How To Avoid Getting Fooled
Online Scams: How To Avoid Getting FooledOnline Scams: How To Avoid Getting Fooled
Online Scams: How To Avoid Getting Fooledlmccorkell
 
7 Ways To Attract Twitter Followers
7 Ways To Attract Twitter Followers 7 Ways To Attract Twitter Followers
7 Ways To Attract Twitter Followers Tyora Moody
 
Internet Security
Internet SecurityInternet Security
Internet SecurityAvnish Jain
 
Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017Alexandru Turcu
 
Online secuirty
Online secuirtyOnline secuirty
Online secuirtyMomina Mateen
 
2nd FACTOR: The Story of Mat Honan
2nd FACTOR: The Story of Mat Honan2nd FACTOR: The Story of Mat Honan
2nd FACTOR: The Story of Mat HonanJoel Cardella
 
Cel1
Cel1Cel1
Cel1angbeelee
 
How to create a twitter account
How to create a twitter accountHow to create a twitter account
How to create a twitter accountAsikurRahman28
 
Instagram -
Instagram - Instagram -
Instagram - 16479162
 
hire a hacker
hire a hackerhire a hacker
hire a hackerhackany1
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacksNamik Heydarov
 
Cyber peace for youth tanta
Cyber peace for youth tantaCyber peace for youth tanta
Cyber peace for youth tantaSamir Deutsch
 
1)danger of facebook
1)danger of facebook1)danger of facebook
1)danger of facebookjigawa state polytechnic Dutse
 
Cyber crimes
Cyber crimes Cyber crimes
Cyber crimes Neha Borkar
 
Cyber law cases and sections(1)
Cyber law cases and sections(1)Cyber law cases and sections(1)
Cyber law cases and sections(1)santoshdkamat
 
Twitter 2
Twitter 2Twitter 2
Twitter 2Unbreakablegirl Ritsu
 
Review of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackReview of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackjournalBEEI
 
и.и. люлников
и.и. люлникови.и. люлников
и.и. люлниковПаша Черемин
 
Group daynamics 1414911502848
Group daynamics 1414911502848Group daynamics 1414911502848
Group daynamics 1414911502848sumit payal
 

More Related Content

What's hot

INTERNET AND ITS APPLICATION RESOURCES
INTERNET AND ITS APPLICATION RESOURCESINTERNET AND ITS APPLICATION RESOURCES
INTERNET AND ITS APPLICATION RESOURCESsushantjuneja1
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Online Scams: How To Avoid Getting Fooled
Online Scams: How To Avoid Getting FooledOnline Scams: How To Avoid Getting Fooled
Online Scams: How To Avoid Getting Fooledlmccorkell
 
7 Ways To Attract Twitter Followers
7 Ways To Attract Twitter Followers 7 Ways To Attract Twitter Followers
7 Ways To Attract Twitter Followers Tyora Moody
 
Internet Security
Internet SecurityInternet Security
Internet SecurityAvnish Jain
 
Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017Alexandru Turcu
 
2nd FACTOR: The Story of Mat Honan
2nd FACTOR: The Story of Mat Honan2nd FACTOR: The Story of Mat Honan
2nd FACTOR: The Story of Mat HonanJoel Cardella
 
How to create a twitter account
How to create a twitter accountHow to create a twitter account
How to create a twitter accountAsikurRahman28
 
Instagram -
Instagram - Instagram -
Instagram - 16479162
 
hire a hacker
hire a hackerhire a hacker
hire a hackerhackany1
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacksNamik Heydarov
 
Cyber peace for youth tanta
Cyber peace for youth tantaCyber peace for youth tanta
Cyber peace for youth tantaSamir Deutsch
 
Cyber law cases and sections(1)
Cyber law cases and sections(1)Cyber law cases and sections(1)
Cyber law cases and sections(1)santoshdkamat
 
Review of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackReview of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackjournalBEEI
 

What's hot (20)

RP Phishing Awareness
RP Phishing Awareness RP Phishing Awareness
RP Phishing Awareness
 
INTERNET AND ITS APPLICATION RESOURCES
INTERNET AND ITS APPLICATION RESOURCESINTERNET AND ITS APPLICATION RESOURCES
INTERNET AND ITS APPLICATION RESOURCES
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Online Scams: How To Avoid Getting Fooled
Online Scams: How To Avoid Getting FooledOnline Scams: How To Avoid Getting Fooled
Online Scams: How To Avoid Getting Fooled
 
7 Ways To Attract Twitter Followers
7 Ways To Attract Twitter Followers 7 Ways To Attract Twitter Followers
7 Ways To Attract Twitter Followers
 
Internet Security
Internet SecurityInternet Security
Internet Security
 
Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017Internet Fraud #scichallenge2017
Internet Fraud #scichallenge2017
 
Online secuirty
Online secuirtyOnline secuirty
Online secuirty
 
2nd FACTOR: The Story of Mat Honan
2nd FACTOR: The Story of Mat Honan2nd FACTOR: The Story of Mat Honan
2nd FACTOR: The Story of Mat Honan
 
Cel1
Cel1Cel1
Cel1
 
How to create a twitter account
How to create a twitter accountHow to create a twitter account
How to create a twitter account
 
Instagram -
Instagram - Instagram -
Instagram -
 
hire a hacker
hire a hackerhire a hacker
hire a hacker
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacks
 
Cyber peace for youth tanta
Cyber peace for youth tantaCyber peace for youth tanta
Cyber peace for youth tanta
 
1)danger of facebook
1)danger of facebook1)danger of facebook
1)danger of facebook
 
Cyber crimes
Cyber crimes Cyber crimes
Cyber crimes
 
Cyber law cases and sections(1)
Cyber law cases and sections(1)Cyber law cases and sections(1)
Cyber law cases and sections(1)
 
Twitter 2
Twitter 2Twitter 2
Twitter 2
 
Review of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attackReview of the machine learning methods in the classification of phishing attack
Review of the machine learning methods in the classification of phishing attack
 

Viewers also liked

Group daynamics 1414911502848
Group daynamics 1414911502848Group daynamics 1414911502848
Group daynamics 1414911502848sumit payal
 
Group daynamics 1414911502848
Group daynamics 1414911502848Group daynamics 1414911502848
Group daynamics 1414911502848sumit payal
 
working capital management dcm textile
working capital management dcm textile working capital management dcm textile
working capital management dcm textile sumit payal
 
Group daynamics 1414911502848
Group daynamics 1414911502848Group daynamics 1414911502848
Group daynamics 1414911502848sumit payal
 
Journalism headline(Sakunrat 690)
Journalism headline(Sakunrat 690)Journalism headline(Sakunrat 690)
Journalism headline(Sakunrat 690)Sakunrat Chinna
 
credit raing seminar
credit raing seminarcredit raing seminar
credit raing seminarsumit payal
 
working capital management dcm textile summer report
working capital management dcm textile summer reportworking capital management dcm textile summer report
working capital management dcm textile summer reportsumit payal
 
English for specific purpose hbfgd
English for specific purpose hbfgdEnglish for specific purpose hbfgd
English for specific purpose hbfgdrianthymaurer
 
Presentasjon til slideshare
Presentasjon til slidesharePresentasjon til slideshare
Presentasjon til slideshareIngelin
 
Thực hành đa dạng giới sinh vật
Thực hành đa dạng giới sinh vậtThực hành đa dạng giới sinh vật
Thực hành đa dạng giới sinh vậtphuongvyy
 
Onderzoek en concept 2.0
Onderzoek en concept 2.0Onderzoek en concept 2.0
Onderzoek en concept 2.0Nicole van Dijk
 

Viewers also liked (15)

и.и. люлников
и.и. люлникови.и. люлников
и.и. люлников
 
Group daynamics 1414911502848
Group daynamics 1414911502848Group daynamics 1414911502848
Group daynamics 1414911502848
 
Group daynamics 1414911502848
Group daynamics 1414911502848Group daynamics 1414911502848
Group daynamics 1414911502848
 
working capital management dcm textile
working capital management dcm textile working capital management dcm textile
working capital management dcm textile
 
Calendar
CalendarCalendar
Calendar
 
Group daynamics 1414911502848
Group daynamics 1414911502848Group daynamics 1414911502848
Group daynamics 1414911502848
 
Journalism headline(Sakunrat 690)
Journalism headline(Sakunrat 690)Journalism headline(Sakunrat 690)
Journalism headline(Sakunrat 690)
 
credit raing seminar
credit raing seminarcredit raing seminar
credit raing seminar
 
working capital management dcm textile summer report
working capital management dcm textile summer reportworking capital management dcm textile summer report
working capital management dcm textile summer report
 
English for specific purpose hbfgd
English for specific purpose hbfgdEnglish for specific purpose hbfgd
English for specific purpose hbfgd
 
Cash management
Cash managementCash management
Cash management
 
Presentasjon til slideshare
Presentasjon til slidesharePresentasjon til slideshare
Presentasjon til slideshare
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Thực hành đa dạng giới sinh vật
Thực hành đa dạng giới sinh vậtThực hành đa dạng giới sinh vật
Thực hành đa dạng giới sinh vật
 
Onderzoek en concept 2.0
Onderzoek en concept 2.0Onderzoek en concept 2.0
Onderzoek en concept 2.0
 

Similar to Social engineering

Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishingthecorrosiveone
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjrpypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjrSurajGurushetti
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptxTanvir Amin
 
CYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYCYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYFaMulan2
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessMaherHamza9
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldAvishek Datta
 
Guide to facebook security
Guide to facebook securityGuide to facebook security
Guide to facebook securityErnest Staats
 

Similar to Social engineering (20)

Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishing
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
 
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjrpypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
 
Phishing
PhishingPhishing
Phishing
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptx
 
CYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYCYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTY
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
Spam and hackers
Spam and hackersSpam and hackers
Spam and hackers
 
Spam and hackers
Spam and hackersSpam and hackers
Spam and hackers
 
Phis
PhisPhis
Phis
 
Guide to facebook security
Guide to facebook securityGuide to facebook security
Guide to facebook security
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Recently uploaded (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Social engineering

  • 1. Harold Giddings Social Engineering and Phishing Scams Avoiding Social Engineering Online
  • 2. Security II: Turn off the Message Bar and run code safely Overview • What is social engineering • What is phishing • What types of phishing are there • What do social engineers do • How do you protect yourself Feel free to ask questions
  • 3. What Is Social Engineering? Security II: Turn off the Message Bar and run code safely •Manipulation •Method to gain information •The Art of Deception
  • 4. What Is Phishing? • A fake website, email, or sms used to obtain information Security II: Turn off the Message Bar and run code safely • A method to obtain information • A form of deception • Used to commit ID theft (financial or social)
  • 5. What Do Social Engineers Do | Tools Used Security II: Turn off the Message Bar and run code safely •Manipulation •Theft •Information •Corporate Spies •Social Engineer Toolkit •Caller ID Spoofing •SMS Spoofing •Modified Web Servers •TinyURL Services •Fake IDS
  • 6. Email Phishing Security II: Turn off the Message Bar and run code safely An email from Wachovia, Wonder whats up with my account Be aware of emails like this, banks will never ask for your login details online. If concerned call your bank and NEVER respond to such emails “Your account access will remain limited until the issue has been resolved please login to your account by Note: A good tip off (but not always accurate) is to see if it was marked as clicking on the link below” spam, usually these users use unverified smtp servers that will be marked as spam, use a more secure email service like Google’s Gmail service.
  • 7. Website Phishing Security II: Turn off the Message Bar and run code safely What is wrong with this picture? It appears to be the paypal login page…….right? Above you see the paypal login page, but look at the blown up image to right right and you’ll notice that the address bar does not read paypal.com This is a fake paypal spoof or clone (phish) that appears to be paypal in order to steal your money and account details
  • 8. IM Phishing Security II: Turn off the Message Bar and run code safely Fake IM’s can link you to phished websites to gain your login info 1 2 The user send the victim a fake IM, telling him he uploaded some photos online The victim, concerned checks out the site, thinking he needs to login to the (fake) site to see the images, gives the social engineer his login details
  • 9. TinyURL Security II: Turn off the Message Bar and run code safely URL shorteners like Tinyurl.com can be useful to make long urls shorter for you to send in emails or im’s. But they can also be useful to Social Enginners and Phishers This site makes long urls short Ex: http://google.com/long_address_that_is_long is changed to http://tinyurl.com/shorter_url But that means the phisher can make a suspisous url look safe Ex: 489.45.145.156/facebook.php look like http://tinyurl.com/my_new_fb_pics
  • 10. Phishing For More Security II: Turn off the Message Bar and run code safely Fake or Phished websites can include java or browser exploits that give the social engineer full access to your pc To the right is an attacker using an iPhone 4 to make a fake facebook login page, shown above. Instead of taking the users login info, he uses a java exploit to access the entire machine
  • 11. The Java Applet Security II: Turn off the Message Bar and run code safely Some phished WebPages will use java applications to allow them FULL access to your computer Sometimes they are persistent, that’s a sign of an exploited java app 1 2 Does the publisher match the site? Does the From address? Does the site have a good reason to run java? Ask yourself questions before doing something to save yourself trouble
  • 12. Call Spoofing Security II: Turn off the Message Bar and run code safely Some social engineers will call you using fake information trying to verify your account information Using free software or cheap online services anyone can fake their caller id 1 2 Never talk about personally identifiable information unless you are sure you know who your talking to, preferably only if you called them. Ask yourself if you know the person, if they sound right. If you have an iPhone use apps like unhide to show the true caller id of the user
  • 13. Resources Security II: Turn off the Message Bar and run code safely http://www.secmaniac.com/ http://www.offensive-security.com/ http://www.backtrack-linux.org/ http://www.hak5.org http://www.remote-exploit.org http://www.metasploit.com http://www.exploit-db.com/ http://www.social-engineer.org/ http://www.darkreading.com/ http://www.spoofcard.com