Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Art of Social Engineering*

783 views

Published on

Most organizations today consider themselves “security-conscious” and may spend significant budget dollars on technology to protect themselves and their networks from intrusion. However, technology alone cannot protect your systems from your biggest vulnerability – the people who work for you. “Social Engineering” is the practice of gaining information or access to protected systems by tricking insiders into providing it. Most people who fall victim to a social engineering attack are people who would never consciously reveal confidential data, but can provide a skilled hacker with the knowledge they need to destroy files or entire systems. In this presentation we will show you how to think like a hacker trying to infiltrate your organization so you can better protect yourself from social engineering attacks.
*This presentation is influenced by the book “The Art of Deception: Controlling the Human Element of Security” by Kevin Mitnick, William Simon, and Steve Wozniak

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

The Art of Social Engineering*

  1. 1. The Ultimate HeistTime Magazine: Monday November 20th, 1978 Stanley Mark Rifkin
  2. 2. Security: Fact or Fiction?
  3. 3. THE DIRECT ATTACK: Just Ask!
  4. 4. PHONY SITES AND DANGEROUS ATTACHMENTS www.paypai.com www.paypal.com www.paypa1.coma
  5. 5. SIX TENDENCIES SOCIAL ENGINEERS RELY ON•Authority•Liking•Reciprocation•Consistency•Social validation•Scarcity
  6. 6. SECURITY IS NOT A PRODUCT; IT IS A PROCESS
  7. 7. THE THREAT IS CONSTANTThe reminders must be as well
  8. 8. COMMON SOCIAL ENGINEERING METHODS• Posting as employee of vendor• Posing as someone in authority• Sending a virus in an email• False pop-up Windows
  9. 9. FACTORS THAT MAKE COMPANIES MOREVULNERABLE TO ATTACKS• Large number of employees• Multiple facilities• Information on employee whereabouts left in voice mail messages• Phone extension information made available• Lack of security training• Lack of data classification system• No incident reporting/response plan in place
  10. 10. WARNING SIGNS OF AN ATTACK

×