Recommended
More Related Content
What's hot
What's hot (20)
Similar to Social engineering final
Similar to Social engineering final (20)
Recently uploaded
Recently uploaded (20)
Social engineering final
- 2. WHAT IS SOCIAL ENGINEERING?
- 5. SOCIAL ENGINEERING FLOW Attacker sends weaponized e-mail Spam Filter failed Inbox Download invoice Web Filter failed Web browser Webpage shows password Password protected ZIP Open ZIP archive Web Filter failed Enter password Run binary Negotiate encryption (C&C) Binary jumps into trusted process Web Filter failed Encryption of files Sender IP, reputation, content not blocked Web address not blocked User clicks on malicious link Automatically downloaded User opens malicious archive User enters password Web address not blocked User runs malicious binary in archive Communication is not blocked Anti-Virus failed Binary is unknown and obfuscated Explorer.exe Anti-Virus failed Archive is new and password protected
- 6. Comparison: Spam vs Exploit Kits Why email?
- 7. The Precautions that can be made are as follows: ○ Be aware of offers that seem "Too good to be true". ○ Use multifactor authentication. ○ Avoid clicking on attachments from unknown sources. ○ Not giving out personal information to anyone via email, phone, or text messages. ○ Use of spam filter software. ○ Avoid befriending people that you do not know in real life. ○ Teach kids to contact a trusted adult in case they are being bullied over the internet (cyberbullying) or feel threatened by anything online.
- 8. THANK YOU
Editor's Notes
- What is social engineering? It’s where someone will hack the human. Where we will get you, through interacting with you, grant us access or information or do what we ask you to do. Social engineering is the art of convincing people to reveal confidential information. Social engineers depend on the fact that people are unaware of the valuable information and are careless about protecting it. On-site social engineering, people always assume that someone else is taking care of security, walking around knowing where you are, if you look like your meant to be there people generally tend to not question you. Factors that make companies vulnerable attacks – people often think its just up to IT to enforce security and so lack appropriate security training and often have easy access of information. It’s where someone will hack the human. Where we will get you, through interacting with you, grant us access or information or do what we ask you to do.
- When trying to understand the reasons for this divergence, we must try to understand the relative merits of each main infection vector. SPAM Social Engineering Malicious e-mail attachment: Executable in archive (e.g. invoice.zip) Executable in password protected archive Executable with double extension (e.g. invoice.pdf.exe in invoice.zip) Microsoft Office document with malicious VBA macro (.doc, .docm, .xls, .pub) dropping .EXE Windows Script in archive (e.g. invoice.JS) dropping .EXE, .DLL Malicious link to download, or imitated (fake copy) of trusted website