More Related Content
Similar to Hacking3e ppt ch13
Similar to Hacking3e ppt ch13 (20)
More from Skillspire LLC (20)
Hacking3e ppt ch13
- 1. © 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Hacker Techniques, Tools, and
Incident Handling
Chapter 13
Social Engineering
- 2. Page 2
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Learning Objective
Analyze vulnerabilities exploited by hackers.
- 3. Page 3
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Key Concepts
Types of social engineering attacks
Technology and social engineering
Best practices for passwords
Social networking risks
- 4. Page 4
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
What Is Social Engineering?
Tricking or coercing people into revealing
information or violating security practices
Viruses, Trojan horses, scareware, and phishing
all rely on trickery to be effective
Relies on a person’s ignorance of how valuable
their personal information or authority may be to
someone looking to steal, use, or sell it
Is dangerous because, when successful, results
in an authorized individual carrying out actions on
behalf of an unauthorized party
- 5. Page 5
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Types of Social Engineering Attacks
Physical
• People being
physically
present and
making
personal
contact
Physical
Object
• May steal a
physical object
such as a
smartphone,
USB drive, or
file folder
Psychological
• Some attacks
may be
psychological
in nature or
use elements
of both
- 6. Page 6
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Types of Social Engineering Attacks
(Cont.)
Phone-based attacks
Dumpster diving
Shoulder surfing
Social media (Facebook, Twitter, LinkedIn)
Persuasion/coercion
Reverse social engineering
- 7. Page 7
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Browser Defenses Against Social
Engineering
Pop-up blocker
Unsafe site warnings
Integration with antivirus/anti-malware software
Automatic updates
Private browsing capability
- 8. Page 8
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Other Good Practices for Safe
Computing
Beware the potentially high price of “free” Wi-Fi
Take care when accessing secure websites in public
Be wary of public computers
Make sure your home network is secure, too
Be cautious about saving personal information on
shopping websites
Keep your personal computer personal
Do not install software you do not want
Don’t overlook the malware risks to Apple and Linux
computers and mobile devices
- 9. Page 9
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Know What the Web Knows About
You
Spokeo Facebook Intellius
Zabasearch People Search
- 10. Page 10
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Creating and Managing Your
Passwords
Use separate passwords for different types of accounts
Not easy to guess (include numbers and special
characters)
Use variations on a single base password
Make a list of accounts to which you apply the new
passwords
Change the passwords
Invest in a password manager
- 11. Page 11
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Investing in a Password Manager
A password manager
• A software that helps you organize and track your
usernames and passwords
Popular password managers
• Zoho Vault
• Dashlane
• Sticky Password
• Password Boss
• LastPass
- 12. Page 12
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Social Engineering and Social
Networking
Questions to ask yourself before you post:
• What do you really want to share on this site?
• How sensitive could this information be?
• Is it information you would share with people you
were meeting face to face?
• How would you feel if this information were spread
around the world?
• What if your children or parents read this
information?
- 13. Page 13
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
An Overview of the Risks in Social
Networking
How common are scams?
What are the risks?
What scams should people be alert to?
How are businesses responding to risks of social
networks?
- 14. Page 14
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
How Common are the Risks on
Social Networks?
Facebook
2 billion
users
Instagram
700 million
users
Twitter
328 million
users
Given this kind of volume and reach, it’s easy to see why
criminals look to social media sites for to locate and
identify victims
- 15. Page 15
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Risks in Social Media
Mistakes you don’t want to make
• Don’t use one password for all your accounts
• Don’t share “too much information”
• Don’t engage in “tweet rage”
• Remember to protect your own “brand”
• Be ready to protect your corporate brand
- 16. Page 16
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Common Social Engineering Scams
in Social Media
Avoid “secret” celebrity gossip
I’m trapped in Paris! Please send money
Did you see this picture of yourself?
Test your IQ
Join State University’s Class of 2013 Facebook group
Tweet for cash!
Ur Cute. Mgs me on FB
Protect a family from H1N1 flu
Mike Smith commented on a post!
Amber alert issued!
- 17. Page 17
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Social Networking in a Corporate
Setting
Most companies don’t have policies yet
Many companies are unaware of the risk
About 50 percent of company have implemented a
social networking policy
- 18. Page 18
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Concerns in a Corporate Setting
Oversharing company activities
Mixing personal with professional
Tweet rage
Collecting too many connections
Password sloth
• Same password for many accounts
Trigger finger
• Clicking on links impulsively without investigating
first
- 19. Page 19
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Avoid Endangering Yourself and
Others
Be wary of publishing identifying information about yourself.
Pick a username that doesn’t include personal information.
Set up a separate email account that doesn’t use your real
name, and use that account to register and receive mail from
sites where you have to register.
Use a strong password.
Keep your profile closed and allow only friends to view it.
Don’t say anything or publish pictures that might cause you
embarrassment later.
Use the privacy features on the sites you use to restrict
strangers’ access to your profile. Be guarded about whom you
invite into your network.
Be particularly on guard against phishing scams.
- 20. Page 20
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Facebook Security
Read the Facebook guide to privacy
Think carefully about whom you allow to become
a friend
Show “limited friends” a cutdown version of your
profile
Disable options and then open them one by one
- 21. Page 21
Hacker Techniques, Tools, and Incident Handling
© 2020 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Summary
Types of social engineering attacks
Technology and social engineering
Best practices for passwords
Social networking risks