Maulik Kotak, profile picture
Uploaded byMaulik Kotak
PPTX, PDF4,443 views

Social engineering

Social engineering is manipulating people into revealing confidential information through deception rather than technical hacking methods. It includes techniques like quid pro quo, phishing, baiting, pretexting, and diversion theft. Famous social engineer Kevin Mitnick emphasized that people inherently want to be helpful and trustworthy, making them vulnerable. Training and policies can help prevent social engineering by raising awareness of common tactics and restricting disclosure of private information. The human element remains the weakest link despite strong technical security defenses.

Embed presentation

Downloaded 118 times
./whoami 0 If You want to Hack some one First Hack Your self. 0 I am NOT a Hacker Just Learner as Security analyst.
“The Art of Social Hacking”
Introduction • What is Social Engineering? Manipulate people into doing something, rather than by breaking in using technical means • Types of Social Engineering o Quid Pro Quo o Phishing o Baiting o Pretexting o Diversion Theft • Ways to prevent Social Engineering o
What is Social Engineering? • Attacker uses human interaction to obtain or compromise information • Attacker my appear unassuming or respectable o o Pretend to be a new employee, repair man, ect May even offer credentials • By asking questions, the attacker may piece enough information together to infiltrate a companies network o May attempt to get information from many sources
Kevin Mitnick Famous Social Engineer Hacker • Went to prison for hacking • Became ethical hacker "People are generally helpful, especially to someone who is nice, knowledgeable or insistent."
Kevin Mitnick - Art of Deception • "People inherently want to be helpful and therefore are easily duped" • "They assume a level of trust in order to avoid conflict" • "It's all about gaining access to information that people think is innocuous when it isn't" • Here a nice voice on the phone, we want to be helpful • Social engineering cannot be blocked by technology alone
Examples of Social Engineering • Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge Pretend to work there, give manager name from another branch o Fakes a phone conversation when caught o o • Free food at McDonalds
Live Example • Convinced friend that I would help fix their computer • People inherently want to trust and will believe someone when they want to be helpful • Fixed minor problems on the computer and secretly installed remote control software • Now I have total access to their computer through ultravnc viewer
Types of Social Engineering • • • • • Quid Pro Quo o Something for something Phishing o Fraudulently obtaining private information Baiting o Real world trojan horse Pretexting o Invented Scenario Diversion Theft o A con
Quid Pro Quo • Something for Something o Call random numbers at a company, claiming to be from technical support. o Eventually, you will reach someone with a legitamite problem o Grateful you called them back, they will follow your instructions o The attacker will "help" the user, but will really have the victim type commands that will allow the attacker to install malware
Phishing • Fraudulently obtaining private information o Send an email that looks like it came from a legitimate business o Request verification of information and warn of some consequence if not provided o Usually contains link to a fraudulent web page that looks legitimate o User gives information to the social engineer  Ex: Ebay Scam
Phishing continued • Spear Fishing o Specific phishing  Ex: email that makes claims using your name • Vishing o o Phone phishing Rogue interactive voice system  Ex:call bank to verify information
Baiting • Real world Trojan horse o Uses physical media o Relies on greed/curiosity of victim o Attacker leaves a malware infected cd or usb drive in a location sure to be found o Attacker puts a legitimate or curious lable to gain interest o Ex: "Company Earnings 2009" left at company elevator  Curious employee/Good samaritan uses  User inserts media and unknowingly installs malware
Pretexting • Invented Scenario o o o Prior Research/Setup used to establish legitimacy  Give information that a user would normally not divulge This technique is used to impersonate  Authority ect  Using prepared answers to victims questions  Other gathered information Ex: Law Enforcement  Threat of alleged infraction to detain suspect and hold for questioning
Pretexting Real Example: • Signed up for Free Credit Report • Saw Unauthorized charge from another credit company o Called to dispute charged and was asked for Credit Card Number  They insisted it was useless without the security code o • Asked for Social Security number Talked to Fraud Department at my bank
Weakest Link? • No matter how strong your: o Firewalls o Intrusion Detection Systems o Cryptography o Anti-virus software • You are the weakest link in computer security! o People are more vulnerable than computers • "The weakest link in the security chain is the human element" -Kevin Mitnick
Ways to Prevent Social Engineering Training • User Awareness o User knows that giving out certain information is bad • Military requires Cyber Transportation to hold o Top Secret Security Clearance o Security Plus Certification • Policies o Employees are not allowed to divulge private information o Prevents employees from being socially pressured or tricked
Ways to Prevent Social Engineering Cont.. • 3rd Party test - Ethical Hacker o Have a third party come to your company and attempted to hack into your network o 3rd party will attempt to glean information from employees using social engineering o Helps detect problems people have with security • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information • Do not provide personal information, information about the company(such as internal network) unless authority of person is verified
General Safety • Before transmitting personal information over the internet, check the connection is secure and check the url is correct • If unsure if an email message is legitimate, contact the person or company by another means to verify • Be paranoid and aware when interacting with anything that needs protected o The smallest information could compromise what you're protecting
Conclusion • What is Social Engineering? Manipulate people into doing something, rather than by breaking in using technical means • Types of Social Engineering o Quid Pro Quo o Phishing o Baiting o Pretexting o Diversion Theft • Ways to prevent Social Engineering o
Questions?
!! For Regarding any question contact me !! http://www.maulikkotak.webnode.com http://www.facebook.com/maulikkotakstar http://www.twitter.com/maulikkotakstar

More Related Content

PPSX
Social Engineering - Are You Protecting Your Data Enough?
byJamRivera1
 
PPTX
Social engineering presentation
bypooja_doshi
 
PDF
Social Engineering Basics
byLuke Rusten
 
PPTX
Social engineering
byAlexander Zhuravlev
 
PDF
Social engineering
byRobert Hood
 
PPTX
Social Engineering,social engeineering techniques,social engineering protecti...
byABHAY PATHAK
 
PPTX
Social engineering hacking attack
byPankaj Dubey
 
PPTX
Social engineering-Attack of the Human Behavior
byJames Krusic
 
Social Engineering - Are You Protecting Your Data Enough?
byJamRivera1
 
Social engineering presentation
bypooja_doshi
 
Social Engineering Basics
byLuke Rusten
 
Social engineering
byAlexander Zhuravlev
 
Social engineering
byRobert Hood
 
Social Engineering,social engeineering techniques,social engineering protecti...
byABHAY PATHAK
 
Social engineering hacking attack
byPankaj Dubey
 
Social engineering-Attack of the Human Behavior
byJames Krusic
 

What's hot

PPTX
Presentation of Social Engineering - The Art of Human Hacking
bymsaksida
 
PDF
Social engineering
byankushmohanty
 
PDF
What is Social Engineering? An illustrated presentation.
byPratum
 
PPTX
Social engineering
byAbdelhamid Limami
 
PDF
Social engineering attacks
byRamiro Cid
 
PPTX
Social engineering
byVishal Kumar
 
PPTX
Social engineering
byVishal Kumar
 
PPTX
Cybersecurity
byA. Shamel
 
PDF
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
PPTX
Social engineering
byVîñàý Pãtêl
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
PPTX
Social Engineering
bySpencerBurton8
 
PPT
Social Engineering | #ARMSec2015
byHovhannes Aghajanyan
 
PPTX
Phishing
bySagar Rai
 
PPTX
cyber security
byabithajayavel
 
PPTX
Cybersecurity 1. intro to cybersecurity
bysommerville-videos
 
PDF
Social Engineering
byWilliam Gregorian
 
PPTX
Cyber Security
byADGP, Public Grivences, Bangalore
 
PPTX
Password cracking and brute force
byvishalgohel12195
 
PPTX
Cyber security(2018 updated)
byPrabhatChoudhary11
 
Presentation of Social Engineering - The Art of Human Hacking
bymsaksida
 
Social engineering
byankushmohanty
 
What is Social Engineering? An illustrated presentation.
byPratum
 
Social engineering
byAbdelhamid Limami
 
Social engineering attacks
byRamiro Cid
 
Social engineering
byVishal Kumar
 
Social engineering
byVishal Kumar
 
Cybersecurity
byA. Shamel
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
byEdureka!
 
Social engineering
byVîñàý Pãtêl
 
Cybersecurity Attack Vectors: How to Protect Your Organization
byTriCorps Technologies
 
Social Engineering
bySpencerBurton8
 
Social Engineering | #ARMSec2015
byHovhannes Aghajanyan
 
Phishing
bySagar Rai
 
cyber security
byabithajayavel
 
Cybersecurity 1. intro to cybersecurity
bysommerville-videos
 
Social Engineering
byWilliam Gregorian
 
Cyber Security
byADGP, Public Grivences, Bangalore
 
Password cracking and brute force
byvishalgohel12195
 
Cyber security(2018 updated)
byPrabhatChoudhary11
 

Viewers also liked

PPTX
Social Engineering
byCyber Agency
 
PPTX
social engineering
byRavi Patel
 
PDF
Social Engineering - Strategy, Tactics, & Case Studies
byPraetorian
 
PPTX
Kevin Mitnick
byKaran Bansal
 
PPTX
Kevin mitnick
byrahulkumardevgan
 
PPTX
Social Engineering and What to do About it
byAleksandr Yampolskiy
 
PPTX
The Art of Human Hacking : Social Engineering
byOWASP Foundation
 
PPTX
Skimming: Review of Credit & Debit Card Fraud
byJason Sookram
 
PDF
Social engineering-Sandy Suhling
bysuhlingse
 
PPT
Social engineering
byNicholas Davis
 
PPTX
2016 Social Engineering Training
byRob Valdez
 
PDF
The 5 security awareness training generations [CARTOON]
byStu Sjouwerman
 
PDF
Social Engineering Techniques - The Dark Arts
byn|u - The Open Security Community
 
PPTX
Dark Arts Of Social Engineering
byNutan Kumar Panda
 
PPTX
Hacker tooltalk: Social Engineering Toolkit (SET)
byChris Hammond-Thrasher
 
PDF
Information Security Awareness Training
byRandy Bowman
 
PDF
Social Engineering: the Bad, Better, and Best Incident Response Plans
byRob Ragan
 
Social Engineering
byCyber Agency
 
social engineering
byRavi Patel
 
Social Engineering - Strategy, Tactics, & Case Studies
byPraetorian
 
Kevin Mitnick
byKaran Bansal
 
Kevin mitnick
byrahulkumardevgan
 
Social Engineering and What to do About it
byAleksandr Yampolskiy
 
The Art of Human Hacking : Social Engineering
byOWASP Foundation
 
Skimming: Review of Credit & Debit Card Fraud
byJason Sookram
 
Social engineering-Sandy Suhling
bysuhlingse
 
Social engineering
byNicholas Davis
 
2016 Social Engineering Training
byRob Valdez
 
The 5 security awareness training generations [CARTOON]
byStu Sjouwerman
 
Social Engineering Techniques - The Dark Arts
byn|u - The Open Security Community
 
Dark Arts Of Social Engineering
byNutan Kumar Panda
 
Hacker tooltalk: Social Engineering Toolkit (SET)
byChris Hammond-Thrasher
 
Information Security Awareness Training
byRandy Bowman
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
byRob Ragan
 

Similar to Social engineering

PPTX
Conference about Social Engineering (by Wh0s)
byMarta Barrio Marcos
 
PDF
Presentation_Social_Engineering.pdf
byinternetcomputer60
 
PPTX
Introduction to Social engineering | Techniques of Social engineering
byPrem Lamsal
 
PPT
Social Engineering
byNicholas Davis
 
PPTX
Social Engineering
byMuhanned Alaqili
 
PDF
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
byInfosecurity2010
 
PDF
02 Intro to Social Engg understanding society
by2961rabbit
 
PPTX
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
bySteven Hatfield
 
PPTX
Unmasking-Social-Engineering-Attacks.pptx
byeswaransk38
 
DOCX
ITE516 A3
byJon Newson
 
PDF
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
byEMC
 
PDF
Social Engineering.pdf
byMeshalALshammari12
 
PDF
socialengineering-100519023327-phpapp02.pdf
byPradmohanSinghTomar1
 
PDF
Pavlos_Isaris_final_report
byPavlos Isaris
 
PDF
What is social engineering.pdf
byuzair
 
PDF
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
byShah Sheikh
 
PDF
Airport IT&T 2013 John McCarthy
byRussell Publishing
 
PDF
Insiders Guide to Social Engineering - End-Users are the Weakest Link
byRichard Common
 
PDF
DebmallyaManda_18700122148_1_Project.pdf
byPiyushKaloya1
 
PPTX
What is social engineering & why it is important
byVikram Khanna
 
Conference about Social Engineering (by Wh0s)
byMarta Barrio Marcos
 
Presentation_Social_Engineering.pdf
byinternetcomputer60
 
Introduction to Social engineering | Techniques of Social engineering
byPrem Lamsal
 
Social Engineering
byNicholas Davis
 
Social Engineering
byMuhanned Alaqili
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
byInfosecurity2010
 
02 Intro to Social Engg understanding society
by2961rabbit
 
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
bySteven Hatfield
 
Unmasking-Social-Engineering-Attacks.pptx
byeswaransk38
 
ITE516 A3
byJon Newson
 
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
byEMC
 
Social Engineering.pdf
byMeshalALshammari12
 
socialengineering-100519023327-phpapp02.pdf
byPradmohanSinghTomar1
 
Pavlos_Isaris_final_report
byPavlos Isaris
 
What is social engineering.pdf
byuzair
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
byShah Sheikh
 
Airport IT&T 2013 John McCarthy
byRussell Publishing
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
byRichard Common
 
DebmallyaManda_18700122148_1_Project.pdf
byPiyushKaloya1
 
What is social engineering & why it is important
byVikram Khanna
 

Recently uploaded

PPTX
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
PDF
Information about the author Shashi Deshpande
bydarshanaparmar6522
 
PDF
West Hatch High School - GCSE Media Specification
byWestHatch
 
PPTX
The night at deoli - Ruskin bond's story of first love
byrajibhammar4
 
PPTX
Definition of communication skills and it's process.
bypurvrajsinhsarvaiya0
 
PPTX
COMMUNICATION ITS PROCESS ELEMENTS & BARRIER .pptx
byPoojaSen20
 
PDF
Bishan_Singh_Presentation - Toba tek Singh
bygopalsinhchauhan9313
 
PPTX
That long silence - Novel by Shashi Deshapande
bysanjanavaghela65
 
PPTX
How to Track Team Performance Analysis in Odoo 18 Recruitment
byCeline George
 
PPT
West Hatch High School - GCSE History Option
byWestHatch
 
PDF
Chapter 05 Drug Acting on CNS Sedatives & Hypnotics | Antipsychotics.pdf
bySandeshSul
 
PPTX
Mohan - "A man of silence and authority"
bynidhibachauhan46
 
PDF
Q4_LE_English 5_Lesson 1_Week 1.pdf learning instruction
byMichelleCajefe2
 
PPTX
Toba Tek Singh - Visualising Partition through Manto's Lens
bymiraljoshi48
 
PDF
APPSC APPSC AEE-AE GENERAL STUDIES QUESTION PAPER.pdf
byssuser9d8e4e
 
PDF
Radio Ceylon Finals (An Indian Subcontinent Quiz).pdf
byConquiztadors- the Quiz Society of Sri Venkateswara College
 
PPTX
TLEQ4-Building Plans and Types of Building Plans Week 1.pptx
bykristinedulay2
 
PDF
Schrodinger's Capital Finals (SciBiz Quiz).pdf
byConquiztadors- the Quiz Society of Sri Venkateswara College
 
PDF
Fast Followers Project, Embedding Net Zero into Wakefield Metropolitan Distri...
byAssociation for Project Management
 
PDF
Information about Presentation strategies
bymansivaja18126
 
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
Information about the author Shashi Deshpande
bydarshanaparmar6522
 
West Hatch High School - GCSE Media Specification
byWestHatch
 
The night at deoli - Ruskin bond's story of first love
byrajibhammar4
 
Definition of communication skills and it's process.
bypurvrajsinhsarvaiya0
 
COMMUNICATION ITS PROCESS ELEMENTS & BARRIER .pptx
byPoojaSen20
 
Bishan_Singh_Presentation - Toba tek Singh
bygopalsinhchauhan9313
 
That long silence - Novel by Shashi Deshapande
bysanjanavaghela65
 
How to Track Team Performance Analysis in Odoo 18 Recruitment
byCeline George
 
West Hatch High School - GCSE History Option
byWestHatch
 
Chapter 05 Drug Acting on CNS Sedatives & Hypnotics | Antipsychotics.pdf
bySandeshSul
 
Mohan - "A man of silence and authority"
bynidhibachauhan46
 
Q4_LE_English 5_Lesson 1_Week 1.pdf learning instruction
byMichelleCajefe2
 
Toba Tek Singh - Visualising Partition through Manto's Lens
bymiraljoshi48
 
APPSC APPSC AEE-AE GENERAL STUDIES QUESTION PAPER.pdf
byssuser9d8e4e
 
Radio Ceylon Finals (An Indian Subcontinent Quiz).pdf
byConquiztadors- the Quiz Society of Sri Venkateswara College
 
TLEQ4-Building Plans and Types of Building Plans Week 1.pptx
bykristinedulay2
 
Schrodinger's Capital Finals (SciBiz Quiz).pdf
byConquiztadors- the Quiz Society of Sri Venkateswara College
 
Fast Followers Project, Embedding Net Zero into Wakefield Metropolitan Distri...
byAssociation for Project Management
 
Information about Presentation strategies
bymansivaja18126
 

Social engineering

  • 2.
    ./whoami 0 If Youwant to Hack some one First Hack Your self. 0 I am NOT a Hacker Just Learner as Security analyst.
  • 3.
    “The Art ofSocial Hacking”
  • 4.
    Introduction • What isSocial Engineering? Manipulate people into doing something, rather than by breaking in using technical means • Types of Social Engineering o Quid Pro Quo o Phishing o Baiting o Pretexting o Diversion Theft • Ways to prevent Social Engineering o
  • 6.
    What is SocialEngineering? • Attacker uses human interaction to obtain or compromise information • Attacker my appear unassuming or respectable o o Pretend to be a new employee, repair man, ect May even offer credentials • By asking questions, the attacker may piece enough information together to infiltrate a companies network o May attempt to get information from many sources
  • 7.
    Kevin Mitnick Famous SocialEngineer Hacker • Went to prison for hacking • Became ethical hacker "People are generally helpful, especially to someone who is nice, knowledgeable or insistent."
  • 8.
    Kevin Mitnick -Art of Deception • "People inherently want to be helpful and therefore are easily duped" • "They assume a level of trust in order to avoid conflict" • "It's all about gaining access to information that people think is innocuous when it isn't" • Here a nice voice on the phone, we want to be helpful • Social engineering cannot be blocked by technology alone
  • 9.
    Examples of SocialEngineering • Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge Pretend to work there, give manager name from another branch o Fakes a phone conversation when caught o o • Free food at McDonalds
  • 10.
    Live Example • Convinced friendthat I would help fix their computer • People inherently want to trust and will believe someone when they want to be helpful • Fixed minor problems on the computer and secretly installed remote control software • Now I have total access to their computer through ultravnc viewer
  • 11.
    Types of SocialEngineering • • • • • Quid Pro Quo o Something for something Phishing o Fraudulently obtaining private information Baiting o Real world trojan horse Pretexting o Invented Scenario Diversion Theft o A con
  • 12.
    Quid Pro Quo •Something for Something o Call random numbers at a company, claiming to be from technical support. o Eventually, you will reach someone with a legitamite problem o Grateful you called them back, they will follow your instructions o The attacker will "help" the user, but will really have the victim type commands that will allow the attacker to install malware
  • 13.
    Phishing • Fraudulently obtainingprivate information o Send an email that looks like it came from a legitimate business o Request verification of information and warn of some consequence if not provided o Usually contains link to a fraudulent web page that looks legitimate o User gives information to the social engineer  Ex: Ebay Scam
  • 14.
    Phishing continued • SpearFishing o Specific phishing  Ex: email that makes claims using your name • Vishing o o Phone phishing Rogue interactive voice system  Ex:call bank to verify information
  • 15.
    Baiting • Real world Trojanhorse o Uses physical media o Relies on greed/curiosity of victim o Attacker leaves a malware infected cd or usb drive in a location sure to be found o Attacker puts a legitimate or curious lable to gain interest o Ex: "Company Earnings 2009" left at company elevator  Curious employee/Good samaritan uses  User inserts media and unknowingly installs malware
  • 16.
    Pretexting • Invented Scenario o o o PriorResearch/Setup used to establish legitimacy  Give information that a user would normally not divulge This technique is used to impersonate  Authority ect  Using prepared answers to victims questions  Other gathered information Ex: Law Enforcement  Threat of alleged infraction to detain suspect and hold for questioning
  • 17.
    Pretexting Real Example: • Signedup for Free Credit Report • Saw Unauthorized charge from another credit company o Called to dispute charged and was asked for Credit Card Number  They insisted it was useless without the security code o • Asked for Social Security number Talked to Fraud Department at my bank
  • 18.
    Weakest Link? • No matterhow strong your: o Firewalls o Intrusion Detection Systems o Cryptography o Anti-virus software • You are the weakest link in computer security! o People are more vulnerable than computers • "The weakest link in the security chain is the human element" -Kevin Mitnick
  • 19.
    Ways to PreventSocial Engineering Training • User Awareness o User knows that giving out certain information is bad • Military requires Cyber Transportation to hold o Top Secret Security Clearance o Security Plus Certification • Policies o Employees are not allowed to divulge private information o Prevents employees from being socially pressured or tricked
  • 20.
    Ways to PreventSocial Engineering Cont.. • 3rd Party test - Ethical Hacker o Have a third party come to your company and attempted to hack into your network o 3rd party will attempt to glean information from employees using social engineering o Helps detect problems people have with security • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information • Do not provide personal information, information about the company(such as internal network) unless authority of person is verified
  • 21.
    General Safety • Beforetransmitting personal information over the internet, check the connection is secure and check the url is correct • If unsure if an email message is legitimate, contact the person or company by another means to verify • Be paranoid and aware when interacting with anything that needs protected o The smallest information could compromise what you're protecting
  • 22.
    Conclusion • What isSocial Engineering? Manipulate people into doing something, rather than by breaking in using technical means • Types of Social Engineering o Quid Pro Quo o Phishing o Baiting o Pretexting o Diversion Theft • Ways to prevent Social Engineering o
  • 23.
  • 24.
    !! For Regardingany question contact me !! http://www.maulikkotak.webnode.com http://www.facebook.com/maulikkotakstar http://www.twitter.com/maulikkotakstar