SlideShare a Scribd company logo

Social Engineering

Vinay Bhargav
Vinay Bhargav
1 of 2
Download to read offline
Author: VINAY BHARGAV Social Engineering – “A Game of Con” 90% of the people we ask will provide you not just the spelling of their names but their email addresses without confirming our identity 67% of the people we ask for birth dates will give out their place of birth and marital status. Today, social engineering is recognized as one of the greatest security threats facing organizations. Social engineering attacks can be non-technical and don’t necessarily involve the compromise or exploitation of software or systems. When successful, many social engineering attacks enable attackers to gain legitimate, authorized access to confidential information. SOCIAL ENGINEERING ATTACK CYCLE Attacker Target Common Social Engineering Attacks: Baiting – The old school way still works: “It’s Simple Yet Powerful”. Attackers leave malware infected USB, flash drive or a CD in a place that is easily viewed and fetched by anybody. The one who finds it and inserts to the system and unknowingly install the malware. Once installed, the malware allows attackers to gain access to the complete system. Scenario - Steve Stasiukonis, VP and founder of Secure Network Technologies, Inc., back in 2006 wanted to assess the security of a financial client, Steve and his team infected dozens of USBs with a Trojan virus and dispersed them around the organization’s parking lot. Curious, many of the client’s employees picked up the USBs and plugged them into their computers, which activated a keylogger and gave Steve access to a number of employees’ login credentials. Phishing –You’ve Got (bad) e-Mail: “That click changed my life”. Phishing attack is to trick the recipient into taking the attacker’s desired action, such as providing login credentials or other sensitive information. Phishing attempts most often take the form of an email that seemingly comes from a company the recipient knows or does business with. For Instance, recipient gets an email from his Bank requesting for immediate password change by clicking on the link; An email from a known name asking for Bank account credentials Information Gathering Developing Relationship Exploiting Relationship Execute the Attack
Author: VINAY BHARGAV Scenario: PayPal scammers might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. Actually, the link leads to a fake PayPal login page that collects a user’s login credentials and delivers them to the attackers. Pretexting – Should I trust You? “I am not ME”. Pretexting is a false motive. It involves a scam where the liar establishes trust with the targeted individual and ask a series of questions designed to gather key individual identifiers such as account number, DOB etc., Scenario: A Pretexter may call, claim he’s from a survey firm, and ask you a few questions. When the Pretexter has the information he wants, he uses it to call your financial institution. He pretends to be you or someone with authorized access to your account. He might claim that he’s forgotten his checkbook and needs information about his account. Preventing Social Engineering Attacks: No matter how strong your network security is, end-users will often be the weakest link in the security chain. Hackers exploit employees to execute hacking techniques and phishing scams via social engineering tactics. NEVER provide confidential information or, for that matter, even non-confidential data and credentials via email, chat messenger, phone or in person to unknown or suspicious sources. BEFORE clicking on links both in emails and on websites keep an eye out for misspellings, @ signs and suspicious sub-domains. BLOCK USB devices in order to reduce the risk of Baiting. Baiting is the digital equivalent of a real-world Trojan Horse, where the attacker tempts users with free or found physical media (USB drives) and relies on the curiosity or greed of the victim – if they plug it in, they are hacked! Follow the ATE – AWARENESS, TRAINING and EDUCATION security concept for all employees, no matter what level and what position they hold in the organization. While C-level employees are great targets, their admins can be even more powerful vectors for attack!

Recommended

Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Β. Hucking
Β. Hucking Β. Hucking
Β. Hucking Athina MINAIDI
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on PhishingCreative Technology
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Phishing demo
Phishing demoPhishing demo
Phishing demoJennifer Leone Thompson
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 

Recommended

Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Β. Hucking
Β. Hucking Β. Hucking
Β. Hucking Athina MINAIDI
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on PhishingCreative Technology
 
Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Phishing demo
Phishing demoPhishing demo
Phishing demoJennifer Leone Thompson
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanControlScan, Inc.
 
Phishing
PhishingPhishing
PhishingSaurabhKantSahu1
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hackingMd. Mehadi Hassan Bappy
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishingZeno Idzerda
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
Phishing
PhishingPhishing
PhishingNorth Carolina State University
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptSanjay Kumar
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Anti phishing
Anti phishingAnti phishing
Anti phishingShethwala Ridhvesh
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing- Mark - Fullbright
 
Social engineering
Social engineeringSocial engineering
Social engineeringn|u - The Open Security Community
 
Cyber safety 101
Cyber safety 101Cyber safety 101
Cyber safety 101Manjula Sridhar
 
Phishing
PhishingPhishing
PhishingSagar Rai
 
The Emotional Lure of Social Engineering
The Emotional Lure of Social EngineeringThe Emotional Lure of Social Engineering
The Emotional Lure of Social EngineeringThe TNS Group
 
What is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaWhat is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaEdureka!
 
Social engineering
Social engineeringSocial engineering
Social engineeringlokenra
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityAardwolf Security
 

More Related Content

What's hot

Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishingZeno Idzerda
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking pptKrishma Sandesra
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101Sendio
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaRaghunath G
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation AniketPandit18
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
The Emotional Lure of Social Engineering
The Emotional Lure of Social EngineeringThe Emotional Lure of Social Engineering
The Emotional Lure of Social EngineeringThe TNS Group
 
What is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaWhat is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaEdureka!
 

What's hot (20)

Phishing
PhishingPhishing
Phishing
 
Phishing and hacking
Phishing and hackingPhishing and hacking
Phishing and hacking
 
Fire eye spearphishing
Fire eye spearphishingFire eye spearphishing
Fire eye spearphishing
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
 
Spear Phishing 101
Spear Phishing 101Spear Phishing 101
Spear Phishing 101
 
Phishing
PhishingPhishing
Phishing
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Spear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishnaSpear phishing attacks-by-hari_krishna
Spear phishing attacks-by-hari_krishna
 
Phishing attack seminar presentation
Phishing attack seminar presentation Phishing attack seminar presentation
Phishing attack seminar presentation
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Spear Phishing
Spear PhishingSpear Phishing
Spear Phishing
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Cyber safety 101
Cyber safety 101Cyber safety 101
Cyber safety 101
 
Phishing
PhishingPhishing
Phishing
 
The Emotional Lure of Social Engineering
The Emotional Lure of Social EngineeringThe Emotional Lure of Social Engineering
The Emotional Lure of Social Engineering
 
What is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaWhat is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | Edureka
 

Similar to Social Engineering

Social engineering
Social engineeringSocial engineering
Social engineeringlokenra
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityAardwolf Security
 
social engineering attacks.docx
social engineering attacks.docxsocial engineering attacks.docx
social engineering attacks.docxMehwishAnsari11
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Protecting Your Business, Cybersecurity, and working remotely during COVID-19
Protecting Your Business, Cybersecurity, and working remotely during COVID-19Protecting Your Business, Cybersecurity, and working remotely during COVID-19
Protecting Your Business, Cybersecurity, and working remotely during COVID-19ArielMcCurdy
 
Stay safe online- understanding authentication methods
Stay safe online- understanding authentication methodsStay safe online- understanding authentication methods
Stay safe online- understanding authentication methodsdeorwine infotech
 
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best PracticesCyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best PracticesOluwatobi Olowu
 
ESC Information Booklet EN
ESC Information Booklet ENESC Information Booklet EN
ESC Information Booklet ENPavel26766
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02ITNet
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Students, the internet and COVID-19 by Ayush Chopra | MAY 2020 | Issue 1
Students, the internet and COVID-19 by Ayush Chopra | MAY 2020 | Issue 1Students, the internet and COVID-19 by Ayush Chopra | MAY 2020 | Issue 1
Students, the internet and COVID-19 by Ayush Chopra | MAY 2020 | Issue 1Ayush Chopra
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness trainingAbdalrhmanTHassan
 
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionWhite Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionEMC
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docxsaivarun91
 

Similar to Social Engineering (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf Security
 
Security Primer
Security PrimerSecurity Primer
Security Primer
 
social engineering attacks.docx
social engineering attacks.docxsocial engineering attacks.docx
social engineering attacks.docx
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Amir bouker
Amir bouker Amir bouker
Amir bouker
 
Cyber Attacks
Cyber AttacksCyber Attacks
Cyber Attacks
 
Protecting Your Business, Cybersecurity, and working remotely during COVID-19
Protecting Your Business, Cybersecurity, and working remotely during COVID-19Protecting Your Business, Cybersecurity, and working remotely during COVID-19
Protecting Your Business, Cybersecurity, and working remotely during COVID-19
 
Stay safe online- understanding authentication methods
Stay safe online- understanding authentication methodsStay safe online- understanding authentication methods
Stay safe online- understanding authentication methods
 
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best PracticesCyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
Cyber security ATTACK on Retired Personnel, MITIGATION and Best Practices
 
ESC Information Booklet EN
ESC Information Booklet ENESC Information Booklet EN
ESC Information Booklet EN
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02Ia 124 1621324160 ia_124_lecture_02
Ia 124 1621324160 ia_124_lecture_02
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Students, the internet and COVID-19 by Ayush Chopra | MAY 2020 | Issue 1
Students, the internet and COVID-19 by Ayush Chopra | MAY 2020 | Issue 1Students, the internet and COVID-19 by Ayush Chopra | MAY 2020 | Issue 1
Students, the internet and COVID-19 by Ayush Chopra | MAY 2020 | Issue 1
 
Customer information security awareness training
Customer information security awareness trainingCustomer information security awareness training
Customer information security awareness training
 
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionWhite Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber security.docx
Cyber security.docxCyber security.docx
Cyber security.docx
 

Social Engineering

  • 1. Author: VINAY BHARGAV Social Engineering – “A Game of Con” 90% of the people we ask will provide you not just the spelling of their names but their email addresses without confirming our identity 67% of the people we ask for birth dates will give out their place of birth and marital status. Today, social engineering is recognized as one of the greatest security threats facing organizations. Social engineering attacks can be non-technical and don’t necessarily involve the compromise or exploitation of software or systems. When successful, many social engineering attacks enable attackers to gain legitimate, authorized access to confidential information. SOCIAL ENGINEERING ATTACK CYCLE Attacker Target Common Social Engineering Attacks: Baiting – The old school way still works: “It’s Simple Yet Powerful”. Attackers leave malware infected USB, flash drive or a CD in a place that is easily viewed and fetched by anybody. The one who finds it and inserts to the system and unknowingly install the malware. Once installed, the malware allows attackers to gain access to the complete system. Scenario - Steve Stasiukonis, VP and founder of Secure Network Technologies, Inc., back in 2006 wanted to assess the security of a financial client, Steve and his team infected dozens of USBs with a Trojan virus and dispersed them around the organization’s parking lot. Curious, many of the client’s employees picked up the USBs and plugged them into their computers, which activated a keylogger and gave Steve access to a number of employees’ login credentials. Phishing –You’ve Got (bad) e-Mail: “That click changed my life”. Phishing attack is to trick the recipient into taking the attacker’s desired action, such as providing login credentials or other sensitive information. Phishing attempts most often take the form of an email that seemingly comes from a company the recipient knows or does business with. For Instance, recipient gets an email from his Bank requesting for immediate password change by clicking on the link; An email from a known name asking for Bank account credentials Information Gathering Developing Relationship Exploiting Relationship Execute the Attack
  • 2. Author: VINAY BHARGAV Scenario: PayPal scammers might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. Actually, the link leads to a fake PayPal login page that collects a user’s login credentials and delivers them to the attackers. Pretexting – Should I trust You? “I am not ME”. Pretexting is a false motive. It involves a scam where the liar establishes trust with the targeted individual and ask a series of questions designed to gather key individual identifiers such as account number, DOB etc., Scenario: A Pretexter may call, claim he’s from a survey firm, and ask you a few questions. When the Pretexter has the information he wants, he uses it to call your financial institution. He pretends to be you or someone with authorized access to your account. He might claim that he’s forgotten his checkbook and needs information about his account. Preventing Social Engineering Attacks: No matter how strong your network security is, end-users will often be the weakest link in the security chain. Hackers exploit employees to execute hacking techniques and phishing scams via social engineering tactics. NEVER provide confidential information or, for that matter, even non-confidential data and credentials via email, chat messenger, phone or in person to unknown or suspicious sources. BEFORE clicking on links both in emails and on websites keep an eye out for misspellings, @ signs and suspicious sub-domains. BLOCK USB devices in order to reduce the risk of Baiting. Baiting is the digital equivalent of a real-world Trojan Horse, where the attacker tempts users with free or found physical media (USB drives) and relies on the curiosity or greed of the victim – if they plug it in, they are hacked! Follow the ATE – AWARENESS, TRAINING and EDUCATION security concept for all employees, no matter what level and what position they hold in the organization. While C-level employees are great targets, their admins can be even more powerful vectors for attack!