Amidst the uncertainty and anxiety triggered by COVID-19, cyber attacks on the rise.
Here, Hiperdist presents a primer on social engineering - the different types of attacks and how you can stay safe in these times.
4. WHAT IS SOCIAL ENGINEERING?
It is the use of deception to manipulate
individuals into providing confidential or personal
information that may be used for fraudulent
purposes.
Social Engineering
5. SOCIAL ENGINEERING EXAMPLE - TARGET
ATTACK
Organization Target- 2013
Breach Dates November 27th – December
15th 2013
Date of Discovery 15th December 2013
Date of Disclosure 18th December 2013
Nature of the Breach Loss of customer
information including credit
card numbers
Scale of the Breach 40-70 million customer
records
Impact Estimated to cost Target
over $200 million plus
brand image
Social Engineering
7. Phishing is a type of Cybercrime, where the
criminal pretends to be a legitimate organization
in order to get credentials, personal details or other
sensitive information.
In Phishing, the targets are usually contacted via
email, telephone or text message.
WHAT IS PHISHING?
Phishing
8. HOW DOES PHISHING WORK?
Attacker sends out an email pretending to
be a real organization so that, the attacker can
gain details such as a username or a
password of a victim.
You can identify this type of fraud by
graphical errors, font differences or spelling
errors when compared to the original email.
Phishing
9. PHISHING- EXAMPLE
Organization Facebook & Google - 2013
Phishing Attack Date December 2015
Nature of the Breach Phishing scam
Scale of the Breach $98 Million taken from
Facebook
$23 Million taken from
Google
Impact Over $100 million paid to
the Phisher
Phishing
11. WHAT IS TAILGATING?
It is a form of Social Engineering, where an individual gains
access to a building or any other area where they are not
permitted.
This attack is a physical attack.
Tailgating
12. HOW DOES TAILGATING WORK?
A variety of tricks can be used to Tailgate.
One such trick is when you tag into a specific location,
the person behind you enters without tagging in.
Another common technique is that the perpetrator
carries several boxes ( such as donut boxes), and
pretends that he is unable to open the door due to
the boxes in his hand, thereby gaining access to a
given location.
Tailgating
13. TAILGATING- EXAMPLE
A person impersonates a delivery driver and waits
outside a building. When an employee gains
security’s approval and opens their door, the
attacker asks that the employee ‘hold the door’.
Thereby gains access to the company through an
authorized person.
Tailgating
15. WHAT IS DUMPSTER DIVING?
It is the act of going through personal or corporate
dumpsters in order to collect documents, physical
data or any other form of information that can be
used for personal advantage.
Dumpster Diving
16. HOW DOES DUMPSTER DIVING WORK?
Dumpster Diving is relatively simple. The attacker
rummages through dumpsters or garbage in order
to find important documents, devices etc.
In USA, the act of Dumpster Diving is not considered
illegal.
Dumpster Diving
17. DUMPSTER DIVING- EXAMPLE
Organization Oracle- 2000
Dumpster Diving Date June 2000
Nature of the Breach Dumpster Diving
Description of Attack Oracle hired private
investigators to dig through
corporate dumpsters at
Microsoft.
Dumpster Diving
20. HOW DOES IMPERSONATION WORK?
The Social Engineer “impersonates” or pretends to be
someone else in order to gain the information they are looking
to acquire or gain access to a particular area.
This type of Social Engineering involves manipulating an
individual to such an extent, that they don’t even realize that a
security breach is occurring.
Impersonation
21. IMPERSONATION- EXAMPLE
Affected Organization Xoom Corporation- 2014
Compromise Date 2014
Description Scammers emailed an employee
from the compromised CEO’s
account and convinced them to
send $30.8 million to overseas
bank accounts
Impact Spoofed emails sent resulted
in a transfer of $30.8 million
to fraudulent accounts.
Impersonation
23. WHAT IS A HOAX?
Hoaxes are also known as a false alarm. It is
a threat that doesn't actually exist, which is
meant to trick or deceive someone
Hoax
24. HOW DOES A HOAX WORK?
Most Hoaxes use the art of scaring someone. They
use the principle of fear in order to gain some
benefit out of the person to whom it was intended.
Usually, Hoaxes don’t cause a lot of damage besides
wasting the time of the individuals affected.
Hoax
25. HOAX- EXAMPLE
Organization Instagram
Description Was a Hoax that stated
Instagram’s privacy policy has
changed and can restore any
picture or message that has
been posted or deleted, and will
enable Instagram to make those
posts public, and will give
Instagram permission to use the
photos and data in court cases
in litigation against you.
Hoax
27. WHAT IS SHOULDER SURFING?
Shoulder Surfing is the act of overlooking onto
someone's screen/device in order to find out
information.
Shoulder Surfing
28. HOW DOES SHOULDER SURFING WORK?
This can be done by being in close vicinity to someone or by
using binoculars.
It can easily be done in crowded places.
A common way to avoid Shoulder Surfing, is by using
privacy filters.
Shoulder Surfing
29. SHOULDER SURFING- EXAMPLE
Criminal Ayanna Bastain
Crime Period 2014-2015
Location Walnut Creek California
Description of Attack Ayanna Bastain was caught
shoulder surfing at ATMs and
conducting theft
Shoulder Surfing
31. WHAT IS A LUNCH TIME ATTACK?
A Lunch Time Attack is an attack where the
perpetrator gains access to someone's
computer when they have left it unattended.
It is usually an insider threat/attack.
Lunch Time Attack
32. HOW DOES A LUNCH TIME ATTACK WORK?
The perpetrator gain access to a victims logged on
computer/ device when they have gone for lunch.
The perpetrator can then find out whatever
information he is looking for, from the logged on
device.
Lunch Time Attack
33. HOW CAN YOU PROTECT YOURSELF FROM A LUNCH TIME ATTACK?
Lock your laptop/devices at all times and secure your
personal belongings, to prevent an unauthorized
individual access your devices.
Lunch Time Attack
34. Thank you for watching!
For more information on Cybersecurity, please visit us at www.hiperdistuae.com or
email us at marketing@hiperdist.ae