SlideShare a Scribd company logo

Social Engineering - Are You Protecting Your Data Enough?

Download as PPSX, PDF
J
JamRivera1

Social engineering involves deceiving people into providing private information through manipulation. Common social engineering attacks include phishing scams by email or phone that try to steal login credentials. Other methods are shoulder surfing to see passwords, dumpster diving to find sensitive trash, and tailgating to access restricted areas. Social engineering works because people are inclined to trust authority, follow social proof, reciprocate kindness, and make decisions based on scarcity and distractions. Protecting against social engineering requires vigilance, secure disposal of documents, awareness of manipulation tactics, and escalating any suspicious requests for information.

Technology
1 of 29
What is SOCIAL ENGINEERING? Jam Rivera
Social engineering is the process of deceiving people into giving confidential, private and or privileged information to unauthorized people. Apart from breaching confidentiality, social engineering compromises data integrity and its availability.
What are the common types of SOCIAL ENGINEERING attacks?
D E C E P T I V E P H I S H I N G Fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want. S P E A R P H I S H I N G Fraudsters customize their attack emails with the target’s name, position, company, work phone number and other information in an attempt to trick the recipient into believing that they have a connection with the sender. The goal is the same as deceptive phishing, even so: trick the victim into clicking on a malicious URL or email attachment so that they will hand over their personal data. S H O U L D E R S U R F I N G The practice of spying on the user of an ATM, computer, or other electronic device in order to obtain their personal access information. D U M P S T E R D I V I N G This is the process of searching trash to obtain useful information about a person/business. Dumpster divers will be looking for the following: • Email address/address • Phone numbers to carry out Vishing • Passwords and other social security numbers that might have been written on sticky notes for convenience • Bank statements/financial statements • Medical records • Important documents • Account login credentials • Business secrets and marketing secrets • Information of the employees • Information about the software, tools, or technologies that is being used at the company V I S H I N G This type of phishing attack dispenses with sending out an email and instead goes for placing a phone call. THE DI FFERENT FORMS OF PHI SHING
W A T E R H O L I N G Watering hole attacks are used to distribute malware onto victims’ computers in a similar way phishing activities are conducted. Cybercriminals infect popular websites with malware, and anyone who has had the misfortune to visit have their computers automatically loaded with malware. The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. In extreme cases, the hacker will actively take control of the infected computer. C E O F R A U D In these scams, fraudsters try to harpoon an executive and steal their login details. P H A R M I N G This method of phishing uses a cache poisoning attack which allows attackers to redirect users from a valid website to a malicious website. Under this kind of attack, a pharmer targets a DNS server and changes the IP address associated with an alphabetical website name. That means an attacker can redirect users to a malicious website of their choice. That’s the case even if the victim enters the correct site name. R E V E R S E S O C I A L E N G I N E E R I N G In a reverse social engineering attack, the attacker does not initiate contact with the victim. Rather, the victim is tricked into contacting the attacker herself. As a result, a high degree of trust is established between the victim and the attacker as the victim is the entity that established the relationship.
Apart from phishing, social engineering attacks occur in the following ways:
Ta i l g a t i n g involves an attacker seeking entry to a restricted area that lacks the proper authentication. Example: An attacker who does not have an ID or badge can simply walk in behind a person who is authorized to access the area. B a i t i n g occurs when attackers use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware. Example: Malware-infected flash drives that look authentic, labelled as the company's payroll list A d v a n c e d P e r s i s t e n t T h r e a t is an advanced persistent threat is an attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected. The goal of APT is to spy, obtain financial gain, perpetrate hacktivism, and to destruct.
Why and how is social engineering effective? People value authority, social proof, similarities, and reciprocity. Also, social engineers are skilled in using scarcity and deception to malign others.
SOCIAL ENGINEERING is effective because of: Authority Society trains people not to question authority and majority of the public has the tendency to follow blindly. Social Poof People let their guard and suspicion down when everyone else appears to share the same behaviors and risks. In this way, they will not be held solely responsible for their actions. Liking, Similarity & Deception People prefer to abide to whom (they think) they know or like, or to whom they are similar to or familiar with, as well as attracted to. Jam Rivera
Commitment, Reciprocation & Consistency People feel more confident in their decision once they commit (publicly) to a specific action. They have the tendency to want to follow it through until the end. The majority is also inclined to believe what others say, especially when it comes to needing something from them. When people are given kindness to, there is also a natural response to want to return the favor. Distraction People tend to focus their attention on what they can gain, what they need, what they can lose. what they might miss out on. These distractions can heighten people’s emotional state and make them forget other logical facts to consider when making decisions. Scarcity Perceived scarcity will generate demand. Jam Rivera
How do social engineers attack?
Social engineers usually go through a 4-STEP ATTACK CYCLE: Information gathering In this step, the attacker gathers as much data about the target victim. Social media is a frequent source of information. Engaging with victim After gathering enough information, the attacker will begin to start conversations with the target. The goal of this step is to gain trust to obtain any missing data required to fulfill the goal. Jam Rivera
Closing the interaction During this step, the attacker will spend more time masquerading the attack and the proceeds of it. Less to nil time will be spent engaging with the victim. If the attacker leaves the communication open, the only purpose is for the attack to reoccur. Sometimes the entire social engineering cycle has been completed without the victim knowing. Attacking By the time the attacker has enough data through research and conversations with the target, the attack will commence.
How do you protect your data against social engineering attacks?
BEST PRACTICES AGAINST SOCIAL ENGINEERING Phishing Recognize the refusal to give contact information, rushing, namedropping, intimidation, small mistakes (misspellings, misnomers, odd questions), and requesting forbidden information. “Look for things that don’t quite add up.” Escalate any suspicions around phishing. Common ways to detect phishing emails: • A mismatched URL • URLs with a misleading domain name • Poor spellings and grammatical error • Asking for sensitive information • Too good to be true message • Surprise lottery! • Asking to send money to cover for medical expenses • Unrealistic threats • From a government agency Jam Rivera
Shoulder Surfing • Angle your computer or cell phone screen so that other people cannot see what you are typing • Use a privacy screen to make your screen less visible to others • If possible, sit or stand with your back to a wall when entering a password on a device in public • Stand in a quiet spot away from a crowd of people • Try to avoid opening personal accounts in public • Shield forms from viewing when filling out paperwork in public • Use strong passwords to make it more difficult for someone to try and guess what you typed • As always, remember to lock your computer or device when you leave your desk Jam Rivera
Dumpster Diving o Limit social sharing o Safely dispose and put away any documents containing the following information: • Pre-approved credit card offers • Street address • Social Security number • Telephone number • Email address • Bank account information • Employment history • Other personal information Jam Rivera
Waterholing • Remove or disable software vulnerable to watering hole attacks. • Have a malware- protection system Baiting Only rely on flash drives you know and trust. Jam Rivera
Tailgating • Lock your system and other devices while leaving the work station • Do not let unknown people enter restricted premises of office unless they have appropriate credentials or authority of access • Never help strangers access a secured location when they ask to open the door or are from delivery services • Always keep your access identity card with you while you are on the premises; keep it secure from being misused by unauthorized employees Jam Rivera
Here’s some of the most prominent social engineering attacks recently:
Sony Pictures On Monday, November 24, 2014, many of Sony Picture’s employees began to see skulls appearing on their computer screens with software rendering their machines inoperable. This social engineering attack lead to the leaking of unreleased films to social media with theaters opting not to screen these movies anymore. The effect of this hacking also revealed that many female actors were paid less than their male counterparts. In addition, personal information about employees were leaked, including information about their families, inter-office e-mails, salary, and more.
Toyota Toyota Boshoku Corporation, an auto parts supplier, was the victim of a social engineering and BEC (Business Email Compromise) attack in 2019. The money lost amounts to USD 37 million due to fraudulent bank transfer instructions that someone in the company took as legitimate. Attackers successfully persuaded a finance executive to change the recipient's bank account information before a wire transfer.
What impact does social engineering have towards: a. The public b. The businesses c. The government d. The economies
The Aftermath of a Social Engineering Attack
People are more likely to respond to the effects of a cyberattack rather than the attack itself. One example of this is a cyber-attack where malware infects a national power station causing the hundreds of thousands of citizens to be without power. The general public can be affected socially and psychologically by the incident. The social impact of a cyber-attack refers to aspects such as the social disruption caused to people’s daily lives, and widespread issues such as anxiety or loss of confidence in cyber or technology. Psychological impact can be informed by social impact, and can include more personal aspects such as an individual’s anxiety, worry, anger, outrage, depression and so on. Jam Rivera
Businesses are affected by social engineering in a different scope.
Government Systems Jam Rivera
The cybercrime industry generated at least $1.5 trillion in revenue in 2018, which massively affects economies all over the world. The U.S. President’s proposed FY 2020 budget requests more than $17 billion for cybersecurity and cyber operations On May 28, 2020––in a single day, there were 49,127,689 cyber attacks worldwide which equates to 568 cyber attacks occurring every second! Social media contributes to the sale of stolen personal data in an underground economy that’s now worth about $630 million per year. In average, 300,000 cybercrime-related complaints are received each year by the FBI -that’s an average of more than 800 complaints per day. Jam Rivera
Being affected by social engineering is costly and inconvenient. Knowing how to protect information and how to escalate concerns go a long way. Jam Rivera Photos are from pixabay.com and unsplash.com. Icons from flaticons.com.

Recommended

Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 

Recommended

Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social engineering
Social engineeringSocial engineering
Social engineering
Alexander Zhuravlev
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
LearningwithRayYT
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain Attacks
Lionel Faleiro
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
2017 Security Report Presentation
2017 Security Report Presentation2017 Security Report Presentation
2017 Security Report Presentation
ixiademandgen
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Spear Phishing Attacks
Spear Phishing AttacksSpear Phishing Attacks
Spear Phishing Attacks
n|u - The Open Security Community
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
Arpan Raval
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
Edureka!
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation tools
Bangladesh Network Operators Group
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
n|u - The Open Security Community
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptxInternet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2Conf
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
Arnav Chowdhury
 

More Related Content

What's hot

Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
Aryan Ragu
 

What's hot (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Supply Chain Attacks
Supply Chain AttacksSupply Chain Attacks
Supply Chain Attacks
 
Cyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in DepthCyber Security Layers - Defense in Depth
Cyber Security Layers - Defense in Depth
 
2017 Security Report Presentation
2017 Security Report Presentation2017 Security Report Presentation
2017 Security Report Presentation
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Phishing attacks ppt
Phishing attacks pptPhishing attacks ppt
Phishing attacks ppt
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 
Spear Phishing Attacks
Spear Phishing AttacksSpear Phishing Attacks
Spear Phishing Attacks
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Social engineering
Social engineering Social engineering
Social engineering
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation tools
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 

Similar to Social Engineering - Are You Protecting Your Data Enough?

Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
BbAOC
 
Blue and White Minimal Professional Business Project Presentation .pptx
Blue and White Minimal Professional Business Project Presentation .pptxBlue and White Minimal Professional Business Project Presentation .pptx
Blue and White Minimal Professional Business Project Presentation .pptx
jennblair0830
 
Digital Citizenship
Digital CitizenshipDigital Citizenship
Digital Citizenship
jleverett
 

Similar to Social Engineering - Are You Protecting Your Data Enough? (20)

Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptxInternet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
Internet 2.0 Conference Reviews On Social Engineering Scams & Frauds.pptx
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
International-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxInternational-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptx
 
Typology of Cyber Crime
Typology of Cyber CrimeTypology of Cyber Crime
Typology of Cyber Crime
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
 
Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
 
Ethical Dilemmas/Issues in CyberWorld
Ethical Dilemmas/Issues in CyberWorldEthical Dilemmas/Issues in CyberWorld
Ethical Dilemmas/Issues in CyberWorld
 
cyber_crim.pptx
cyber_crim.pptxcyber_crim.pptx
cyber_crim.pptx
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Amir bouker
Amir bouker Amir bouker
Amir bouker
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
computer law.pptx
computer law.pptxcomputer law.pptx
computer law.pptx
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber safety.pptx
Cyber safety.pptxCyber safety.pptx
Cyber safety.pptx
 
Cyber crime in pakistan by zubair
Cyber crime in pakistan by zubairCyber crime in pakistan by zubair
Cyber crime in pakistan by zubair
 
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptxInternet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
Internet 2.0 Conference Reviews Legit Ways To Spot Phishing Scam Offenses.pptx
 
Blue and White Minimal Professional Business Project Presentation .pptx
Blue and White Minimal Professional Business Project Presentation .pptxBlue and White Minimal Professional Business Project Presentation .pptx
Blue and White Minimal Professional Business Project Presentation .pptx
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Digital Citizenship
Digital CitizenshipDigital Citizenship
Digital Citizenship
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Social Engineering - Are You Protecting Your Data Enough?

  • 2. Social engineering is the process of deceiving people into giving confidential, private and or privileged information to unauthorized people. Apart from breaching confidentiality, social engineering compromises data integrity and its availability.
  • 3. What are the common types of SOCIAL ENGINEERING attacks?
  • 4. D E C E P T I V E P H I S H I N G Fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want. S P E A R P H I S H I N G Fraudsters customize their attack emails with the target’s name, position, company, work phone number and other information in an attempt to trick the recipient into believing that they have a connection with the sender. The goal is the same as deceptive phishing, even so: trick the victim into clicking on a malicious URL or email attachment so that they will hand over their personal data. S H O U L D E R S U R F I N G The practice of spying on the user of an ATM, computer, or other electronic device in order to obtain their personal access information. D U M P S T E R D I V I N G This is the process of searching trash to obtain useful information about a person/business. Dumpster divers will be looking for the following: • Email address/address • Phone numbers to carry out Vishing • Passwords and other social security numbers that might have been written on sticky notes for convenience • Bank statements/financial statements • Medical records • Important documents • Account login credentials • Business secrets and marketing secrets • Information of the employees • Information about the software, tools, or technologies that is being used at the company V I S H I N G This type of phishing attack dispenses with sending out an email and instead goes for placing a phone call. THE DI FFERENT FORMS OF PHI SHING
  • 5. W A T E R H O L I N G Watering hole attacks are used to distribute malware onto victims’ computers in a similar way phishing activities are conducted. Cybercriminals infect popular websites with malware, and anyone who has had the misfortune to visit have their computers automatically loaded with malware. The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. In extreme cases, the hacker will actively take control of the infected computer. C E O F R A U D In these scams, fraudsters try to harpoon an executive and steal their login details. P H A R M I N G This method of phishing uses a cache poisoning attack which allows attackers to redirect users from a valid website to a malicious website. Under this kind of attack, a pharmer targets a DNS server and changes the IP address associated with an alphabetical website name. That means an attacker can redirect users to a malicious website of their choice. That’s the case even if the victim enters the correct site name. R E V E R S E S O C I A L E N G I N E E R I N G In a reverse social engineering attack, the attacker does not initiate contact with the victim. Rather, the victim is tricked into contacting the attacker herself. As a result, a high degree of trust is established between the victim and the attacker as the victim is the entity that established the relationship.
  • 6. Apart from phishing, social engineering attacks occur in the following ways:
  • 7. Ta i l g a t i n g involves an attacker seeking entry to a restricted area that lacks the proper authentication. Example: An attacker who does not have an ID or badge can simply walk in behind a person who is authorized to access the area. B a i t i n g occurs when attackers use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware. Example: Malware-infected flash drives that look authentic, labelled as the company's payroll list A d v a n c e d P e r s i s t e n t T h r e a t is an advanced persistent threat is an attack in which an unauthorized user gains access to a system or network and remains there for an extended period of time without being detected. The goal of APT is to spy, obtain financial gain, perpetrate hacktivism, and to destruct.
  • 8. Why and how is social engineering effective? People value authority, social proof, similarities, and reciprocity. Also, social engineers are skilled in using scarcity and deception to malign others.
  • 9. SOCIAL ENGINEERING is effective because of: Authority Society trains people not to question authority and majority of the public has the tendency to follow blindly. Social Poof People let their guard and suspicion down when everyone else appears to share the same behaviors and risks. In this way, they will not be held solely responsible for their actions. Liking, Similarity & Deception People prefer to abide to whom (they think) they know or like, or to whom they are similar to or familiar with, as well as attracted to. Jam Rivera
  • 10. Commitment, Reciprocation & Consistency People feel more confident in their decision once they commit (publicly) to a specific action. They have the tendency to want to follow it through until the end. The majority is also inclined to believe what others say, especially when it comes to needing something from them. When people are given kindness to, there is also a natural response to want to return the favor. Distraction People tend to focus their attention on what they can gain, what they need, what they can lose. what they might miss out on. These distractions can heighten people’s emotional state and make them forget other logical facts to consider when making decisions. Scarcity Perceived scarcity will generate demand. Jam Rivera
  • 11. How do social engineers attack?
  • 12. Social engineers usually go through a 4-STEP ATTACK CYCLE: Information gathering In this step, the attacker gathers as much data about the target victim. Social media is a frequent source of information. Engaging with victim After gathering enough information, the attacker will begin to start conversations with the target. The goal of this step is to gain trust to obtain any missing data required to fulfill the goal. Jam Rivera
  • 13. Closing the interaction During this step, the attacker will spend more time masquerading the attack and the proceeds of it. Less to nil time will be spent engaging with the victim. If the attacker leaves the communication open, the only purpose is for the attack to reoccur. Sometimes the entire social engineering cycle has been completed without the victim knowing. Attacking By the time the attacker has enough data through research and conversations with the target, the attack will commence.
  • 14. How do you protect your data against social engineering attacks?
  • 15. BEST PRACTICES AGAINST SOCIAL ENGINEERING Phishing Recognize the refusal to give contact information, rushing, namedropping, intimidation, small mistakes (misspellings, misnomers, odd questions), and requesting forbidden information. “Look for things that don’t quite add up.” Escalate any suspicions around phishing. Common ways to detect phishing emails: • A mismatched URL • URLs with a misleading domain name • Poor spellings and grammatical error • Asking for sensitive information • Too good to be true message • Surprise lottery! • Asking to send money to cover for medical expenses • Unrealistic threats • From a government agency Jam Rivera
  • 16. Shoulder Surfing • Angle your computer or cell phone screen so that other people cannot see what you are typing • Use a privacy screen to make your screen less visible to others • If possible, sit or stand with your back to a wall when entering a password on a device in public • Stand in a quiet spot away from a crowd of people • Try to avoid opening personal accounts in public • Shield forms from viewing when filling out paperwork in public • Use strong passwords to make it more difficult for someone to try and guess what you typed • As always, remember to lock your computer or device when you leave your desk Jam Rivera
  • 17. Dumpster Diving o Limit social sharing o Safely dispose and put away any documents containing the following information: • Pre-approved credit card offers • Street address • Social Security number • Telephone number • Email address • Bank account information • Employment history • Other personal information Jam Rivera
  • 18. Waterholing • Remove or disable software vulnerable to watering hole attacks. • Have a malware- protection system Baiting Only rely on flash drives you know and trust. Jam Rivera
  • 19. Tailgating • Lock your system and other devices while leaving the work station • Do not let unknown people enter restricted premises of office unless they have appropriate credentials or authority of access • Never help strangers access a secured location when they ask to open the door or are from delivery services • Always keep your access identity card with you while you are on the premises; keep it secure from being misused by unauthorized employees Jam Rivera
  • 20. Here’s some of the most prominent social engineering attacks recently:
  • 21. Sony Pictures On Monday, November 24, 2014, many of Sony Picture’s employees began to see skulls appearing on their computer screens with software rendering their machines inoperable. This social engineering attack lead to the leaking of unreleased films to social media with theaters opting not to screen these movies anymore. The effect of this hacking also revealed that many female actors were paid less than their male counterparts. In addition, personal information about employees were leaked, including information about their families, inter-office e-mails, salary, and more.
  • 22. Toyota Toyota Boshoku Corporation, an auto parts supplier, was the victim of a social engineering and BEC (Business Email Compromise) attack in 2019. The money lost amounts to USD 37 million due to fraudulent bank transfer instructions that someone in the company took as legitimate. Attackers successfully persuaded a finance executive to change the recipient's bank account information before a wire transfer.
  • 23. What impact does social engineering have towards: a. The public b. The businesses c. The government d. The economies
  • 24. The Aftermath of a Social Engineering Attack
  • 25. People are more likely to respond to the effects of a cyberattack rather than the attack itself. One example of this is a cyber-attack where malware infects a national power station causing the hundreds of thousands of citizens to be without power. The general public can be affected socially and psychologically by the incident. The social impact of a cyber-attack refers to aspects such as the social disruption caused to people’s daily lives, and widespread issues such as anxiety or loss of confidence in cyber or technology. Psychological impact can be informed by social impact, and can include more personal aspects such as an individual’s anxiety, worry, anger, outrage, depression and so on. Jam Rivera
  • 26. Businesses are affected by social engineering in a different scope.
  • 28. The cybercrime industry generated at least $1.5 trillion in revenue in 2018, which massively affects economies all over the world. The U.S. President’s proposed FY 2020 budget requests more than $17 billion for cybersecurity and cyber operations On May 28, 2020––in a single day, there were 49,127,689 cyber attacks worldwide which equates to 568 cyber attacks occurring every second! Social media contributes to the sale of stolen personal data in an underground economy that’s now worth about $630 million per year. In average, 300,000 cybercrime-related complaints are received each year by the FBI -that’s an average of more than 800 complaints per day. Jam Rivera
  • 29. Being affected by social engineering is costly and inconvenient. Knowing how to protect information and how to escalate concerns go a long way. Jam Rivera Photos are from pixabay.com and unsplash.com. Icons from flaticons.com.

Editor's Notes

  1. http://taupe.free.fr/book/psycho/social%20engineering/Social%20Engineering%20-%20Sans%20Institute%20-%20Multi%20Level%20Defense%20Against%20Social%20Engineering.pdf
  2. Cyber-Crime-and-Cyber-Terrorism-Ch12.pdf
  3. Principles of Persuasion in Social Engineering Stajano, F., Wilson, P.: Understanding scam victims: seven principles for systems security. Commun. ACM 54(3), 70–75 (2011)
  4. Principles of Persuasion in Social Engineering Stajano, F., Wilson, P.: Understanding scam victims: seven principles for systems security. Commun. ACM 54(3), 70–75 (2011)
  5. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/400106/Common_Cyber_Attacks-Reducing_The_Impact.pdf
  6. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/400106/Common_Cyber_Attacks-Reducing_The_Impact.pdf
  7. https://phoenixnap.com/blog/famous-social-engineering-attacks
  8. https://www.kaspersky.com/blog/bec-toyota/28715/
  9. https://www2.deloitte.com/us/en/pages/risk/articles/hidden-business-impact-of-cyberattack.html
  10. Photos are from pixabay.com and unsplash.com. Icons from flaticons.com. Icons made by <a href="https://www.flaticon.com/authors/freepik" title="Freepik">Freepik</a> from <a href="https://www.flaticon.com/" title="Flaticon"> www.flaticon.com</a> Icons made by <a href="https://www.flaticon.com/authors/itim2101" title="itim2101">itim2101</a> from <a href="https://www.flaticon.com/" title="Flaticon"> www.flaticon.com</a> Icons made by <a href="https://www.flaticon.com/authors/freepik" title="Freepik">Freepik</a> from <a href="https://www.flaticon.com/" title="Flaticon"> www.flaticon.com</a> Icons made by <a href="https://www.flaticon.com/authors/freepik" title="Freepik">Freepik</a> from <a href="https://www.flaticon.com/" title="Flaticon"> www.flaticon.com</a> Icons made by <a href="https://www.flaticon.com/authors/freepik" title="Freepik">Freepik</a> from <a href="https://www.flaticon.com/" title="Flaticon"> www.flaticon.com</a>