SlideShare a Scribd company logo

Spam as social engineering presentation.

Download as PPT, PDF
F
fificoco

Spam and spam related statistics

Software
1 of 28
SPAM as social engineering Prof. Dr. Ing. Remus BRAD Lucian Blaga University of Sibiu Computer Science Dept.
Spam as social engineering What is Social Engineering ? Is the unauthorized acquisition of sensitive information or inappropriate access privileges by a potential threat source, based upon the building of an inappropriate trust relationship with a legitimate user of an information technology system. The goal of social engineering is to trick someone – providing valuable information – access to that information
Spam as social engineering What is Social Engineering ? Preys on qualities of human nature: • the desire to be helpful • the tendency to trust people • the fear of getting into trouble The sign of a truly successful social engineer is they receive information without raising any suspicion as to what they are doing.
Spam as social engineering What is Social Engineering ? People are usually the weakest link in the security chain Social engineering is still the most effective method getting around security obstacles A skilled social engineer will often try to exploit this weakness before spending time and effort on other methods to crack passwords
Spam as social engineering Social Engineering In attempting to persuade someone to do something, there are two methods a persuader can employ: • A direct request from the attacker uses systematic, logical arguments to stimulate a favorable response and prompting the recipient to action • An indirect request from the attacker uses mental shortcuts, misrepresent their objectives to trigger acceptance without thinking
Spam as social engineering Social Engineering Make prospective victims more susceptible to persuasion by making some statement at the outset that triggers a strong emotion such as: Excitement “The Dean is writing up an award nomination for you and needs some additional information!” “You’re a winner of our lottery” Fear “The Dean is waiting for this!”
Spam as social engineering Social Engineering Social engineering can be broken into: • Human based refers to person-to-person interactions to retrieve the desired information • Computer based refers to having computer software that attempts to retrieve the desired information
Spam as social engineering Human-based Social Engineering Impersonation - help desks are the most frequent targets of social engineering attacks – A Social Engineer calls the help desk – Help desk is helpful – Social engineer will often know names of employees Important User - to pretend to be a senior executive – Help desk is less likely to turn down a request coming from a high-level official – Social engineer may threaten to report the employee to their supervisor
Spam as social engineering Human-based Social Engineering Third-party Authorization - obtaining the name of someone in the organization who has the authority to grant access to information – Mr. John DOE says its OK – Before he went on vacation, Mr. John DOE said I should call you to get this information Tech Support - pretends to be someone from the infrastructure support – System is having a problem – Needs them to log on to test the connection
Spam as social engineering Human-based Social Engineering In Person - enter the building and pretend to be an employee, guest or service personnel – May be dressed in a uniform – Allowed to roam – Becomes part of the cleaning crew Shoulder Surfing - looking over a shoulder to see what someone is typing – Passwords – Card numbers – PIN
Human Based Social Engineering • Kevin Mitnick Spam as social engineering
Spam as social engineering Computer-based Social Engineering Popup Windows - appearing on the screen, telling the user they have lost their network connection and needs to reenter their user name and password A program will then e-mail the intruder the information. Mail attachments - programs can and are frequently hidden in e-mail attachments – Viruses – Worms – Trojans
Spam as social engineering Computer-based Social Engineering Spam, Phishing and Hoaxes – Rely on social engineering to be spread. – While they do not usually cause damage, they do cause a loss of productivity. – Frequently used by entrepreneurs in African countries (e.g., Nigerian scams) – They use valuable network resources. Websites – Offer something free or a chance to win on a Website – To register requires an e-mail address and password
Spam as social engineering What is SPAM ? Unsolicited Commercial Email (UCE), also known as "spam" or "junk email" Spam is advertising wonder products for cheap prices 55 billion spam messages are sent per day It may comprise 95% of a person or company’s incoming email load It represents an ongoing arms race as users seek to stop it and spammers find ways to bypass new filters It is a delivery vehicle for email based scams
The end goal of SPAM Spam as social engineering
Spam as social engineering Social Engineering SPAM Dear Friend. As you read this, I don't want you to feel sorry for me, because, I believe everyone will die someday. My name is Peter Lawson,a merchant in Dubai, in the U.A.E.I have been diagnosed with Esophageal Cancer which was discovered very late,due to my laxity in carrying for my health. It has defiled all forms of medicine, and right now I have only about a few months to live, according to medical experts. I have not particularly lived my life so well, as I never really cared for anyone not even myself but my business. Though I am very rich, I was never generous, I was always hostile to people and only focus on my business as that was the only thing I cared for. But now I regret all this as I now know that there is more to life than just wanting to have or make all the money in the world. I believe when God gives me a second chance to come to this world I would live my life a different way from how I have lived it. Now that God ! has called me, I have willed and given most of my properties and assets to my immediate and extended family members and as well as a few close friends. I want God to be merciful to me and accept my soul and so, I have decided to give arms to charity organizations and give succour and confort to the less priviledged in our societies, as I want this to be one of the last good deeds I do on earth. The last of my money which no one knows of is the huge cash deposit of twenty four million dollars that I have with a Security Company in Europe for safe keeping. I will want you to help me collect this deposit and disburse it to some charity organizations and to the less priviledged. Please send me a mail to indicate if you will assist me in this disbursement. I have set aside 10% for you for your time and patience. You can e-mail me at:plawson@hknetmail.com While I await to hear from you, may God be with you and your entire family. Remain blessed. Mr.Peter Lawson
Spam as social engineering Social Engineering Email Example Return-Path: <remus.brad@ulbsibiu.ro> From: <remus.brad@ulbsibiu.ro> To: <remus.brad@ulbsibiu.ro> Subject: Read carefully! Date: Wed, 24 Apr 2019 08:17:20 +0300 Message-ID: <687038.762826@68703.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Hello! At first, look at the sender adress "(Mail From:)" Do you know what that means? I got full access to your email account and sent it from there! Few months ago I infected your computer with mine private malware ( RAT, Remote Administration Tool ), your browser wasn't patched. My tool gave me full control over your computer, even your microphone and webcam. I collected all the interested things I have found on your computer, your pictures, your whole privacy you dirty pervert! I even recorded some video of you, over your webcam, you know what I mean!!! I give you the chance to pay me, exactly: 700$ in bitcoin ( BTC ), or I will publish all I got from you, on social network, messenger, and I will everyone else know about everything I got from you!!! Compared to the damage and hell it will bring into your life, I think its a very good price! You can register your bitcoin wallet here: login.blockchain.com/en/#/signup To get bitcoin, search on google "Where to buy bitcoins?". My bitcoin adress is: 15w8KYwC76vDRiSZD2LK6dEbHvs7N38mh6 I give you 3 days time to pay and don't forget, I got access to your email, and I will know if it was already read, so the time is running. Don't share this email with anyone, this is our little secret! MsgID: 7628263412
Spam as social engineering What is Phishing? “Fishing for personal information” Use “spoofed” e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc.
Phishing Examples • Credit Card Phishing Spam as social engineering
Spam as social engineering Phishing Email Example Delivered-To: rbrad@ulbsibiu.ro Received: by 2002:ac2:5586:0:0:0:0:0 with SMTP id v6csp1939062lfg; Fri, 10 May 2019 02:04:10 -0700 (PDT) ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender) smtp.mailfrom=msvp_cnmch@wbhealth.gov.in Received: from mail.wbhealth.gov.in (mail.wbhealth.gov.in. [125.22.76.8]) by mx.google.com with ESMTP id 16si6460882pfh.244.2019.05.10.02.04.09 for <rbrad@ulbsibiu.ro>; Fri, 10 May 2019 02:04:10 -0700 (PDT) Received-SPF: pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender) client-ip=125.22.76.8; Authentication-Results: mx.google.com; spf=pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender) smtp.mailfrom=msvp_cnmch@wbhealth.gov.in Received: from localhost (localhost [127.0.0.1]) by mail.wbhealth.gov.in (Postfix) with ESMTP id E0D03704D1AD; Fri, 10 May 2019 14:33:55 +0530 (IST) Received: from mail.wbhealth.gov.in ([127.0.0.1]) by localhost (mail.wbhealth.gov.in [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id DzNVdHTdibzY; Fri, 10 May 2019 14:33:54 +0530 (IST) Date: Fri, 10 May 2019 14:32:03 +0530 (IST) From: SUPORT <msvp_cnmch@wbhealth.gov.in> X-Originating-IP: [207.189.24.165] X-Mailer: Zimbra 8.0.5_GA_5839 (ZimbraWebClient - GC74 (Mac)/8.0.5_GA_5839) Înștiințare!!! , Contul contului dvs. de e-mail este datorat pentru validare și e-mailurile dvs. sunt în așteptare. Veți fi dezactivat din mesajele de expediere / primire până când veți revalida căsuța poștală a contului. :MAILBOX VALIDAT: <https://www.formpl.us/form/281946001> SUPORT SISTEM. 001.77 ##
SPAM in numbers Spam as social engineering Lucian Blaga University of Sibiu E-Mail Server - Study Case
Statistics of our mail service (Spam Assassin): Range: April - May Increase of received Spam / 15 minutes: ~ 290% Increase of received Ham / 15 minutes: ~ 50% Spam as social engineering SPAM in numbers
Statistics of our mail service: Range: April - May Increase of rejected mail / 15 minutes: ~ 230% Increase of accepted mail / 15 minutes: ~ 150% Spam as social engineering SPAM in numbers
Statistics of our mail service: Range: April - May Spam as social engineering Viruses vs. SPAM +4% +290%
Statistics of our mail service: Range: April - May Spam as social engineering Server Loads
Spam as social engineering SPAM in numbers Statistics of our mail service: Range: April
Spam as social engineering Legitimate e-mail in % 4,01%
Spam as social engineering The End Thank you

Recommended

Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Digital Citizenship
Digital CitizenshipDigital Citizenship
Digital Citizenshipjleverett
 
Social groups for awareness
Social groups for awarenessSocial groups for awareness
Social groups for awarenessKaran Veer Singh
 
protecting your digital personal life
protecting your digital personal lifeprotecting your digital personal life
protecting your digital personal lifeNathan Lesser
 
Why Do Some People Fall for Phishing Scams and What Do I Do About it?
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Why Do Some People Fall for Phishing Scams and What Do I Do About it?
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Beth Sallay
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About itAleksandr Yampolskiy
 
Cybersecurity additional activities
Cybersecurity additional activitiesCybersecurity additional activities
Cybersecurity additional activitiesYumonomics
 
11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe online11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe onlineScott Schober
 

Recommended

Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Digital Citizenship
Digital CitizenshipDigital Citizenship
Digital Citizenshipjleverett
 
Social groups for awareness
Social groups for awarenessSocial groups for awareness
Social groups for awarenessKaran Veer Singh
 
protecting your digital personal life
protecting your digital personal lifeprotecting your digital personal life
protecting your digital personal lifeNathan Lesser
 
Why Do Some People Fall for Phishing Scams and What Do I Do About it?
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Why Do Some People Fall for Phishing Scams and What Do I Do About it?
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Beth Sallay
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About itAleksandr Yampolskiy
 
Cybersecurity additional activities
Cybersecurity additional activitiesCybersecurity additional activities
Cybersecurity additional activitiesYumonomics
 
11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe online11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe onlineScott Schober
 
Lecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxLecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxDominicCaling
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineeringVi Tính Hoàng Nam
 
How Do Social Media Accounts Get Hacked ?
How Do Social Media Accounts Get Hacked ?How Do Social Media Accounts Get Hacked ?
How Do Social Media Accounts Get Hacked ?HusseinMuhaisen
 
Cyber safety.pptx
Cyber safety.pptxCyber safety.pptx
Cyber safety.pptxAchu69
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringVinay Bhargav
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Cyber Crime and Social Media Security
Cyber Crime and Social Media SecurityCyber Crime and Social Media Security
Cyber Crime and Social Media SecurityHem Pokhrel
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerSteve Poole
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxKevinRiley83
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker SideCybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker SideSteve Poole
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Cyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicCyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicKate Barney
 
Internet safety
Internet safetyInternet safety
Internet safetyjonathancallcott-efc
 
Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringPrem Lamsal
 
Issues with computers
Issues with computersIssues with computers
Issues with computersayerssaa
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Digital literacy 2
Digital literacy 2Digital literacy 2
Digital literacy 2mj_jamal
 
Dangers Of Internet - Parents Beware
Dangers Of Internet - Parents BewareDangers Of Internet - Parents Beware
Dangers Of Internet - Parents BewareNurizcka
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 

More Related Content

Similar to Spam as social engineering presentation.

Lecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxLecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxDominicCaling
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineeringVi Tính Hoàng Nam
 
How Do Social Media Accounts Get Hacked ?
How Do Social Media Accounts Get Hacked ?How Do Social Media Accounts Get Hacked ?
How Do Social Media Accounts Get Hacked ?HusseinMuhaisen
 
Cyber safety.pptx
Cyber safety.pptxCyber safety.pptx
Cyber safety.pptxAchu69
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Cyber Crime and Social Media Security
Cyber Crime and Social Media SecurityCyber Crime and Social Media Security
Cyber Crime and Social Media SecurityHem Pokhrel
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerSteve Poole
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxKevinRiley83
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker SideCybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker SideSteve Poole
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Cyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicCyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicKate Barney
 
Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringPrem Lamsal
 
Issues with computers
Issues with computersIssues with computers
Issues with computersayerssaa
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Digital literacy 2
Digital literacy 2Digital literacy 2
Digital literacy 2mj_jamal
 
Dangers Of Internet - Parents Beware
Dangers Of Internet - Parents BewareDangers Of Internet - Parents Beware
Dangers Of Internet - Parents BewareNurizcka
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 

Similar to Spam as social engineering presentation. (20)

Lecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxLecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptx
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
How Do Social Media Accounts Get Hacked ?
How Do Social Media Accounts Get Hacked ?How Do Social Media Accounts Get Hacked ?
How Do Social Media Accounts Get Hacked ?
 
Cyber safety.pptx
Cyber safety.pptxCyber safety.pptx
Cyber safety.pptx
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cyber Crime and Social Media Security
Cyber Crime and Social Media SecurityCyber Crime and Social Media Security
Cyber Crime and Social Media Security
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker SideCybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker Side
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
 
Cyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicCyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemic
 
Internet safety
Internet safetyInternet safety
Internet safety
 
Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineering
 
Issues with computers
Issues with computersIssues with computers
Issues with computers
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Digital literacy 2
Digital literacy 2Digital literacy 2
Digital literacy 2
 
Dangers Of Internet - Parents Beware
Dangers Of Internet - Parents BewareDangers Of Internet - Parents Beware
Dangers Of Internet - Parents Beware
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 

Recently uploaded

Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 

Recently uploaded (20)

Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 

Spam as social engineering presentation.

  • 1. SPAM as social engineering Prof. Dr. Ing. Remus BRAD Lucian Blaga University of Sibiu Computer Science Dept.
  • 2. Spam as social engineering What is Social Engineering ? Is the unauthorized acquisition of sensitive information or inappropriate access privileges by a potential threat source, based upon the building of an inappropriate trust relationship with a legitimate user of an information technology system. The goal of social engineering is to trick someone – providing valuable information – access to that information
  • 3. Spam as social engineering What is Social Engineering ? Preys on qualities of human nature: • the desire to be helpful • the tendency to trust people • the fear of getting into trouble The sign of a truly successful social engineer is they receive information without raising any suspicion as to what they are doing.
  • 4. Spam as social engineering What is Social Engineering ? People are usually the weakest link in the security chain Social engineering is still the most effective method getting around security obstacles A skilled social engineer will often try to exploit this weakness before spending time and effort on other methods to crack passwords
  • 5. Spam as social engineering Social Engineering In attempting to persuade someone to do something, there are two methods a persuader can employ: • A direct request from the attacker uses systematic, logical arguments to stimulate a favorable response and prompting the recipient to action • An indirect request from the attacker uses mental shortcuts, misrepresent their objectives to trigger acceptance without thinking
  • 6. Spam as social engineering Social Engineering Make prospective victims more susceptible to persuasion by making some statement at the outset that triggers a strong emotion such as: Excitement “The Dean is writing up an award nomination for you and needs some additional information!” “You’re a winner of our lottery” Fear “The Dean is waiting for this!”
  • 7. Spam as social engineering Social Engineering Social engineering can be broken into: • Human based refers to person-to-person interactions to retrieve the desired information • Computer based refers to having computer software that attempts to retrieve the desired information
  • 8. Spam as social engineering Human-based Social Engineering Impersonation - help desks are the most frequent targets of social engineering attacks – A Social Engineer calls the help desk – Help desk is helpful – Social engineer will often know names of employees Important User - to pretend to be a senior executive – Help desk is less likely to turn down a request coming from a high-level official – Social engineer may threaten to report the employee to their supervisor
  • 9. Spam as social engineering Human-based Social Engineering Third-party Authorization - obtaining the name of someone in the organization who has the authority to grant access to information – Mr. John DOE says its OK – Before he went on vacation, Mr. John DOE said I should call you to get this information Tech Support - pretends to be someone from the infrastructure support – System is having a problem – Needs them to log on to test the connection
  • 10. Spam as social engineering Human-based Social Engineering In Person - enter the building and pretend to be an employee, guest or service personnel – May be dressed in a uniform – Allowed to roam – Becomes part of the cleaning crew Shoulder Surfing - looking over a shoulder to see what someone is typing – Passwords – Card numbers – PIN
  • 11. Human Based Social Engineering • Kevin Mitnick Spam as social engineering
  • 12. Spam as social engineering Computer-based Social Engineering Popup Windows - appearing on the screen, telling the user they have lost their network connection and needs to reenter their user name and password A program will then e-mail the intruder the information. Mail attachments - programs can and are frequently hidden in e-mail attachments – Viruses – Worms – Trojans
  • 13. Spam as social engineering Computer-based Social Engineering Spam, Phishing and Hoaxes – Rely on social engineering to be spread. – While they do not usually cause damage, they do cause a loss of productivity. – Frequently used by entrepreneurs in African countries (e.g., Nigerian scams) – They use valuable network resources. Websites – Offer something free or a chance to win on a Website – To register requires an e-mail address and password
  • 14. Spam as social engineering What is SPAM ? Unsolicited Commercial Email (UCE), also known as "spam" or "junk email" Spam is advertising wonder products for cheap prices 55 billion spam messages are sent per day It may comprise 95% of a person or company’s incoming email load It represents an ongoing arms race as users seek to stop it and spammers find ways to bypass new filters It is a delivery vehicle for email based scams
  • 15. The end goal of SPAM Spam as social engineering
  • 16. Spam as social engineering Social Engineering SPAM Dear Friend. As you read this, I don't want you to feel sorry for me, because, I believe everyone will die someday. My name is Peter Lawson,a merchant in Dubai, in the U.A.E.I have been diagnosed with Esophageal Cancer which was discovered very late,due to my laxity in carrying for my health. It has defiled all forms of medicine, and right now I have only about a few months to live, according to medical experts. I have not particularly lived my life so well, as I never really cared for anyone not even myself but my business. Though I am very rich, I was never generous, I was always hostile to people and only focus on my business as that was the only thing I cared for. But now I regret all this as I now know that there is more to life than just wanting to have or make all the money in the world. I believe when God gives me a second chance to come to this world I would live my life a different way from how I have lived it. Now that God ! has called me, I have willed and given most of my properties and assets to my immediate and extended family members and as well as a few close friends. I want God to be merciful to me and accept my soul and so, I have decided to give arms to charity organizations and give succour and confort to the less priviledged in our societies, as I want this to be one of the last good deeds I do on earth. The last of my money which no one knows of is the huge cash deposit of twenty four million dollars that I have with a Security Company in Europe for safe keeping. I will want you to help me collect this deposit and disburse it to some charity organizations and to the less priviledged. Please send me a mail to indicate if you will assist me in this disbursement. I have set aside 10% for you for your time and patience. You can e-mail me at:plawson@hknetmail.com While I await to hear from you, may God be with you and your entire family. Remain blessed. Mr.Peter Lawson
  • 17. Spam as social engineering Social Engineering Email Example Return-Path: <remus.brad@ulbsibiu.ro> From: <remus.brad@ulbsibiu.ro> To: <remus.brad@ulbsibiu.ro> Subject: Read carefully! Date: Wed, 24 Apr 2019 08:17:20 +0300 Message-ID: <687038.762826@68703.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Hello! At first, look at the sender adress "(Mail From:)" Do you know what that means? I got full access to your email account and sent it from there! Few months ago I infected your computer with mine private malware ( RAT, Remote Administration Tool ), your browser wasn't patched. My tool gave me full control over your computer, even your microphone and webcam. I collected all the interested things I have found on your computer, your pictures, your whole privacy you dirty pervert! I even recorded some video of you, over your webcam, you know what I mean!!! I give you the chance to pay me, exactly: 700$ in bitcoin ( BTC ), or I will publish all I got from you, on social network, messenger, and I will everyone else know about everything I got from you!!! Compared to the damage and hell it will bring into your life, I think its a very good price! You can register your bitcoin wallet here: login.blockchain.com/en/#/signup To get bitcoin, search on google "Where to buy bitcoins?". My bitcoin adress is: 15w8KYwC76vDRiSZD2LK6dEbHvs7N38mh6 I give you 3 days time to pay and don't forget, I got access to your email, and I will know if it was already read, so the time is running. Don't share this email with anyone, this is our little secret! MsgID: 7628263412
  • 18. Spam as social engineering What is Phishing? “Fishing for personal information” Use “spoofed” e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc.
  • 19. Phishing Examples • Credit Card Phishing Spam as social engineering
  • 20. Spam as social engineering Phishing Email Example Delivered-To: rbrad@ulbsibiu.ro Received: by 2002:ac2:5586:0:0:0:0:0 with SMTP id v6csp1939062lfg; Fri, 10 May 2019 02:04:10 -0700 (PDT) ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender) smtp.mailfrom=msvp_cnmch@wbhealth.gov.in Received: from mail.wbhealth.gov.in (mail.wbhealth.gov.in. [125.22.76.8]) by mx.google.com with ESMTP id 16si6460882pfh.244.2019.05.10.02.04.09 for <rbrad@ulbsibiu.ro>; Fri, 10 May 2019 02:04:10 -0700 (PDT) Received-SPF: pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender) client-ip=125.22.76.8; Authentication-Results: mx.google.com; spf=pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender) smtp.mailfrom=msvp_cnmch@wbhealth.gov.in Received: from localhost (localhost [127.0.0.1]) by mail.wbhealth.gov.in (Postfix) with ESMTP id E0D03704D1AD; Fri, 10 May 2019 14:33:55 +0530 (IST) Received: from mail.wbhealth.gov.in ([127.0.0.1]) by localhost (mail.wbhealth.gov.in [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id DzNVdHTdibzY; Fri, 10 May 2019 14:33:54 +0530 (IST) Date: Fri, 10 May 2019 14:32:03 +0530 (IST) From: SUPORT <msvp_cnmch@wbhealth.gov.in> X-Originating-IP: [207.189.24.165] X-Mailer: Zimbra 8.0.5_GA_5839 (ZimbraWebClient - GC74 (Mac)/8.0.5_GA_5839) Înștiințare!!! , Contul contului dvs. de e-mail este datorat pentru validare și e-mailurile dvs. sunt în așteptare. Veți fi dezactivat din mesajele de expediere / primire până când veți revalida căsuța poștală a contului. :MAILBOX VALIDAT: <https://www.formpl.us/form/281946001> SUPORT SISTEM. 001.77 ##
  • 21. SPAM in numbers Spam as social engineering Lucian Blaga University of Sibiu E-Mail Server - Study Case
  • 22. Statistics of our mail service (Spam Assassin): Range: April - May Increase of received Spam / 15 minutes: ~ 290% Increase of received Ham / 15 minutes: ~ 50% Spam as social engineering SPAM in numbers
  • 23. Statistics of our mail service: Range: April - May Increase of rejected mail / 15 minutes: ~ 230% Increase of accepted mail / 15 minutes: ~ 150% Spam as social engineering SPAM in numbers
  • 24. Statistics of our mail service: Range: April - May Spam as social engineering Viruses vs. SPAM +4% +290%
  • 25. Statistics of our mail service: Range: April - May Spam as social engineering Server Loads
  • 26. Spam as social engineering SPAM in numbers Statistics of our mail service: Range: April
  • 27. Spam as social engineering Legitimate e-mail in % 4,01%
  • 28. Spam as social engineering The End Thank you