SlideShare a Scribd company logo

People. The Social Engineer's Dream - TechPulse 2017

Evan Francen
Evan Francen

Presentation given by Evan Francen at TechPulse 2017. The presentation was about social engineering, including common tactics and basic protections. Topics such as phishing, vishing, and physical access attacks were discussed. Evan also shared some of the real-life stories that he has experienced during his 20+ career.

Presentations & Public Speaking
1 of 20
People… the social engineer’s dream Presented by Evan Francen, CISSP CISM (and some other stuff) FRSecure President & CEO duh
Topics/Agenda • Introduction • Social Engineering Defined • Famous Social Engineers • Types of Social Engineering • Real Stories • WHAT TO DO?! • Questions
Introduction • Speaker – Evan Francen • 20+ years of information security experience • Information security evangelist • President & Co-founder of FRSecure • Social Engineer. 
FRSecure • Information Security Consulting and Management company. It’s all we do. • Our core services include: • HIPAA Risk Analysis – using FISA™ • Social Engineering Services • Penetration Testing Services • PCI QSA Services • Incident Management Services • HITRUST Services • SOC Preparation Services • Information Security Training & Awareness • vServices (vCISO, vISO, and vISA) • Methodology fanatics, mentoring champions, and product agnostic.
Social Engineering Defined… Social engineering is hacking human trust. It’s convincing someone that it’s in their best interests to give you something. That something could be credentials, access to a computer system, personal information, physical access, or any number of things. – Evan Francen, FRSecure
Social Engineering Defined… • The best way to protect yourself against a social engineer is to know their techniques and be aware. • This is exactly what we’re going to cover today…
Famous Social Engineers • Some of my favorites.
Types of Social Engineering • DON’T FORGET - The best way to protect yourself against a social engineer is to know their techniques and be aware. • There are four main types of social engineering attacks and a bunch of variations: • Electronic – Phishing is the #1 variation of electronic social engineering. • In-person – Physical attacks that typically focus on gaining physical access to something. • Physical drop – Most often flash drives loaded with something bad. • Telephone – Call and ask. Get somebody to give you something over the phone. All of these types of attacks give GREAT results. We have a saying… “It’s easier to go through your secretary than it is your firewall.”
Real Stories (people like stories) Electronic – Phishing What would you guess is the success rate for a phishing attack against a typical bank? Up to 50% of users give us credentials/100% of banks
Real Stories (people like stories) Electronic – Phishing
Real Stories (people like stories) In-person
Real Stories (people like stories) In-person
Real Stories (people like stories) In-person
Real Stories (people like stories) Telephone
Real Stories (people like stories) Telephone (almost had him)
Think it couldn’t happen to you? There are two things that a social engineer loves: 1. People who don’t think it can happen to them. 2. People who are too busy to notice.
WHAT TO DO?! The best way to protect yourself against a social engineer is to know their techniques and be aware. • Phishing – NEVER click on a link in an email that leads to a login page and login. • Phishing – NEVER clink on a link in an email and download a file. • Physical – ALWAYS question somebody that you don’t know who seems out of place. • Physical – ALWAYS ask for identification. • Physical – ALWAYS know where your access card and/or keys are. • Physical – NEVER allow someone to follow behind you through an access controlled door. • Phone – NEVER give out sensitive information on a phone call you didn’t initiate. • Phone – NEVER give someone access to anything on a phone call you didn’t initiate. NOTHING can guarantee that you won’t be tricked or taken advantage of, so be prepared for what you will do if when it happens?
Hopefully about security. Thank you! Evan Francen • FRSecure • evan@frsecure.com • 952-467-6384 Questions?
Complete a Survey for a Raffle Ticket In the App* • Select the session you are in • Tap the survey button • Take survey • Show the screen at the right to the breakout attendant as you leave the room Paper Survey • Fill out the paper survey at your seat • Hand your completed survey to the breakout attendant as you leave the room *You will also receive 4 points in the app that will contribute to your Leaderboard standings

Recommended

MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
Evan Francen
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social Engineering
Jack Kessler
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
primeteacher32
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
Aleksandr Yampolskiy
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignInfographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Pratum
 

Recommended

MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
Evan Francen
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social Engineering
Jack Kessler
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
primeteacher32
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
Aleksandr Yampolskiy
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignInfographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Pratum
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Online Privacy and Security
Online Privacy and SecurityOnline Privacy and Security
Online Privacy and Security
Prasanth P
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
Tzar Umang
 
Reinvent Yourself - Preso for Walnut St Labs SUMY 19-Aug-2014
Reinvent Yourself - Preso for Walnut St Labs SUMY 19-Aug-2014Reinvent Yourself - Preso for Walnut St Labs SUMY 19-Aug-2014
Reinvent Yourself - Preso for Walnut St Labs SUMY 19-Aug-2014
Andrew Schwabe
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
n|u - The Open Security Community
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Nicholas Davis
 
social engineering
social engineering social engineering
social engineering
Ravi Patel
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Incautious Porn, SSN2014 Presentation in Barcelona
Incautious Porn, SSN2014 Presentation in BarcelonaIncautious Porn, SSN2014 Presentation in Barcelona
Incautious Porn, SSN2014 Presentation in Barcelona
Salvatore Iaconesi
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random StrangerSocial engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
Steven Hatfield
 
InfraGard Cyber Tips: October, 2015
InfraGard Cyber Tips: October, 2015InfraGard Cyber Tips: October, 2015
InfraGard Cyber Tips: October, 2015
Ryan Renicker CFA
 
Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015 Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015
Andrew Schwabe
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Tracking trollers
Tracking trollersTracking trollers
Tracking trollers
Liz Henry
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
Raghunath G
 
Toastmasters - Securing Your Smartphone
Toastmasters - Securing Your SmartphoneToastmasters - Securing Your Smartphone
Toastmasters - Securing Your Smartphone
Hasani Jaali
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
Marta Barrio Marcos
 

More Related Content

What's hot

Incautious Porn, SSN2014 Presentation in Barcelona
Incautious Porn, SSN2014 Presentation in BarcelonaIncautious Porn, SSN2014 Presentation in Barcelona
Incautious Porn, SSN2014 Presentation in Barcelona
Salvatore Iaconesi
 
Tracking trollers
Tracking trollersTracking trollers
Tracking trollers
Liz Henry
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
Raghunath G
 
Toastmasters - Securing Your Smartphone
Toastmasters - Securing Your SmartphoneToastmasters - Securing Your Smartphone
Toastmasters - Securing Your Smartphone
Hasani Jaali
 

What's hot (20)

Social engineering
Social engineering Social engineering
Social engineering
 
Online Privacy and Security
Online Privacy and SecurityOnline Privacy and Security
Online Privacy and Security
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Reinvent Yourself - Preso for Walnut St Labs SUMY 19-Aug-2014
Reinvent Yourself - Preso for Walnut St Labs SUMY 19-Aug-2014Reinvent Yourself - Preso for Walnut St Labs SUMY 19-Aug-2014
Reinvent Yourself - Preso for Walnut St Labs SUMY 19-Aug-2014
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
social engineering
social engineering social engineering
social engineering
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Incautious Porn, SSN2014 Presentation in Barcelona
Incautious Porn, SSN2014 Presentation in BarcelonaIncautious Porn, SSN2014 Presentation in Barcelona
Incautious Porn, SSN2014 Presentation in Barcelona
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random StrangerSocial engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
 
InfraGard Cyber Tips: October, 2015
InfraGard Cyber Tips: October, 2015InfraGard Cyber Tips: October, 2015
InfraGard Cyber Tips: October, 2015
 
Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015 Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining in the Data ITAG tech360 Penn State Great Valley 2015
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Tracking trollers
Tracking trollersTracking trollers
Tracking trollers
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
 
Toastmasters - Securing Your Smartphone
Toastmasters - Securing Your SmartphoneToastmasters - Securing Your Smartphone
Toastmasters - Securing Your Smartphone
 

Similar to People. The Social Engineer's Dream - TechPulse 2017

Counterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptxCounterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptx
ZakiAhmed70
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Steve Poole
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Infosecurity2010
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
Steve Poole
 

Similar to People. The Social Engineer's Dream - TechPulse 2017 (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
 
Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineering
 
ethical hacking in motion MODULE - II.ppt
ethical hacking in motion MODULE - II.pptethical hacking in motion MODULE - II.ppt
ethical hacking in motion MODULE - II.ppt
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
Counterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptxCounterintelligence & The Insider Threat January 2019 (1).pptx
Counterintelligence & The Insider Threat January 2019 (1).pptx
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
Cybersecurity for Emergency Managers
Cybersecurity for Emergency ManagersCybersecurity for Emergency Managers
Cybersecurity for Emergency Managers
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side... Cybercrime and the Developer: How to Start Defending Against the Darker Side...
Cybercrime and the Developer: How to Start Defending Against the Darker Side...
 
The Insider Threat January.pptx
The Insider Threat January.pptxThe Insider Threat January.pptx
The Insider Threat January.pptx
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
 
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
Panel discussion social engineering - manasdeep - nullmeetblr 21st June 2015
 
Active Shooter Situations in the Workplace
Active Shooter Situations in the WorkplaceActive Shooter Situations in the Workplace
Active Shooter Situations in the Workplace
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
 

More from Evan Francen

People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
Evan Francen
 

More from Evan Francen (20)

WANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language ProblemWANTED - People Committed to Solving Our Information Security Language Problem
WANTED - People Committed to Solving Our Information Security Language Problem
 
Keynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware DallasKeynote @ ISC2 Cyber Aware Dallas
Keynote @ ISC2 Cyber Aware Dallas
 
WANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language ProblemWANTED – People Committed to Solving our Information Security Language Problem
WANTED – People Committed to Solving our Information Security Language Problem
 
Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219Harrisburg BSides Presentation - 100219
Harrisburg BSides Presentation - 100219
 
Managing Third-Party Risk Effectively
Managing Third-Party Risk EffectivelyManaging Third-Party Risk Effectively
Managing Third-Party Risk Effectively
 
Step Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party RisksStep Up Your Data Security Against Third-Party Risks
Step Up Your Data Security Against Third-Party Risks
 
Information Security & Manufacturing
Information Security & ManufacturingInformation Security & Manufacturing
Information Security & Manufacturing
 
Simple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment FraudSimple Training for Information Security and Payment Fraud
Simple Training for Information Security and Payment Fraud
 
AFCOM - Information Security State of the Union
AFCOM - Information Security State of the UnionAFCOM - Information Security State of the Union
AFCOM - Information Security State of the Union
 
Managing Risk or Reacting to Compliance
Managing Risk or Reacting to ComplianceManaging Risk or Reacting to Compliance
Managing Risk or Reacting to Compliance
 
TIES 2013 Education Technology Conference
TIES 2013 Education Technology ConferenceTIES 2013 Education Technology Conference
TIES 2013 Education Technology Conference
 
Mobile Information Security
Mobile Information SecurityMobile Information Security
Mobile Information Security
 
Information security challenges in today’s banking environment
Information security challenges in today’s banking environmentInformation security challenges in today’s banking environment
Information security challenges in today’s banking environment
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Information Security For Leaders, By a Leader
Information Security For Leaders, By a LeaderInformation Security For Leaders, By a Leader
Information Security For Leaders, By a Leader
 
Information Security is NOT an IT Issue
Information Security is NOT an IT IssueInformation Security is NOT an IT Issue
Information Security is NOT an IT Issue
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) By
 
Meaningful Use and Security Risk Analysis
Meaningful Use and Security Risk AnalysisMeaningful Use and Security Risk Analysis
Meaningful Use and Security Risk Analysis
 
An Introduction to Information Security
An Introduction to Information SecurityAn Introduction to Information Security
An Introduction to Information Security
 

Recently uploaded

Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Rahsaan L. Browne
 
527598851-ppc-due-to-various-govt-policies.pdf
527598851-ppc-due-to-various-govt-policies.pdf527598851-ppc-due-to-various-govt-policies.pdf
527598851-ppc-due-to-various-govt-policies.pdf
rajpreetkaur75080
 

Recently uploaded (14)

Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
 
Pollinator Ambassador Earth Steward Day Presentation 2024-05-22
Pollinator Ambassador Earth Steward Day Presentation 2024-05-22Pollinator Ambassador Earth Steward Day Presentation 2024-05-22
Pollinator Ambassador Earth Steward Day Presentation 2024-05-22
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
 
Hi-Tech Industry 2024-25 Prospective.pptx
Hi-Tech Industry 2024-25 Prospective.pptxHi-Tech Industry 2024-25 Prospective.pptx
Hi-Tech Industry 2024-25 Prospective.pptx
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
 
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
Writing Sample 2 -Bridging the Divide: Enhancing Public Engagement in Urban D...
 
527598851-ppc-due-to-various-govt-policies.pdf
527598851-ppc-due-to-various-govt-policies.pdf527598851-ppc-due-to-various-govt-policies.pdf
527598851-ppc-due-to-various-govt-policies.pdf
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
 
123445566544333222333444dxcvbcvcvharsh.pptx
123445566544333222333444dxcvbcvcvharsh.pptx123445566544333222333444dxcvbcvcvharsh.pptx
123445566544333222333444dxcvbcvcvharsh.pptx
 
The Canoga Gardens Development Project. PDF
The Canoga Gardens Development Project. PDFThe Canoga Gardens Development Project. PDF
The Canoga Gardens Development Project. PDF
 
05232024 Joint Meeting - Community Networking
05232024 Joint Meeting - Community Networking05232024 Joint Meeting - Community Networking
05232024 Joint Meeting - Community Networking
 

People. The Social Engineer's Dream - TechPulse 2017

  • 1. People… the social engineer’s dream Presented by Evan Francen, CISSP CISM (and some other stuff) FRSecure President & CEO duh
  • 2. Topics/Agenda • Introduction • Social Engineering Defined • Famous Social Engineers • Types of Social Engineering • Real Stories • WHAT TO DO?! • Questions
  • 3. Introduction • Speaker – Evan Francen • 20+ years of information security experience • Information security evangelist • President & Co-founder of FRSecure • Social Engineer. 
  • 4. FRSecure • Information Security Consulting and Management company. It’s all we do. • Our core services include: • HIPAA Risk Analysis – using FISA™ • Social Engineering Services • Penetration Testing Services • PCI QSA Services • Incident Management Services • HITRUST Services • SOC Preparation Services • Information Security Training & Awareness • vServices (vCISO, vISO, and vISA) • Methodology fanatics, mentoring champions, and product agnostic.
  • 5. Social Engineering Defined… Social engineering is hacking human trust. It’s convincing someone that it’s in their best interests to give you something. That something could be credentials, access to a computer system, personal information, physical access, or any number of things. – Evan Francen, FRSecure
  • 6. Social Engineering Defined… • The best way to protect yourself against a social engineer is to know their techniques and be aware. • This is exactly what we’re going to cover today…
  • 7. Famous Social Engineers • Some of my favorites.
  • 8. Types of Social Engineering • DON’T FORGET - The best way to protect yourself against a social engineer is to know their techniques and be aware. • There are four main types of social engineering attacks and a bunch of variations: • Electronic – Phishing is the #1 variation of electronic social engineering. • In-person – Physical attacks that typically focus on gaining physical access to something. • Physical drop – Most often flash drives loaded with something bad. • Telephone – Call and ask. Get somebody to give you something over the phone. All of these types of attacks give GREAT results. We have a saying… “It’s easier to go through your secretary than it is your firewall.”
  • 9. Real Stories (people like stories) Electronic – Phishing What would you guess is the success rate for a phishing attack against a typical bank? Up to 50% of users give us credentials/100% of banks
  • 10. Real Stories (people like stories) Electronic – Phishing
  • 11. Real Stories (people like stories) In-person
  • 12. Real Stories (people like stories) In-person
  • 13. Real Stories (people like stories) In-person
  • 14. Real Stories (people like stories) Telephone
  • 15. Real Stories (people like stories) Telephone (almost had him)
  • 16. Think it couldn’t happen to you? There are two things that a social engineer loves: 1. People who don’t think it can happen to them. 2. People who are too busy to notice.
  • 17.
  • 18. WHAT TO DO?! The best way to protect yourself against a social engineer is to know their techniques and be aware. • Phishing – NEVER click on a link in an email that leads to a login page and login. • Phishing – NEVER clink on a link in an email and download a file. • Physical – ALWAYS question somebody that you don’t know who seems out of place. • Physical – ALWAYS ask for identification. • Physical – ALWAYS know where your access card and/or keys are. • Physical – NEVER allow someone to follow behind you through an access controlled door. • Phone – NEVER give out sensitive information on a phone call you didn’t initiate. • Phone – NEVER give someone access to anything on a phone call you didn’t initiate. NOTHING can guarantee that you won’t be tricked or taken advantage of, so be prepared for what you will do if when it happens?
  • 19. Hopefully about security. Thank you! Evan Francen • FRSecure • evan@frsecure.com • 952-467-6384 Questions?
  • 20. Complete a Survey for a Raffle Ticket In the App* • Select the session you are in • Tap the survey button • Take survey • Show the screen at the right to the breakout attendant as you leave the room Paper Survey • Fill out the paper survey at your seat • Hand your completed survey to the breakout attendant as you leave the room *You will also receive 4 points in the app that will contribute to your Leaderboard standings