This document discusses social engineering and how to protect against it. Social engineering involves manipulating people to gain access to sensitive information. It is a common way for criminals to steal data from organizations. The document outlines various social engineering tactics like pretexting and phishing used to fool victims into providing passwords, financial details, or other personal information. It emphasizes that security is everyone's responsibility and provides tips for protecting yourself such as using strong passwords, multi-factor authentication, recognizing inappropriate requests, and reporting any security concerns.
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Scott Wright
This keynote was presented by Scott Wright on June 19, 2009 to the Ottawa Centre for Research and Innovation. It provides a quick view of some of the major risks from using Social Networking Tools, and some tips for how to reduce those risks through security awareness.
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Scott Wright
This keynote was presented by Scott Wright on June 19, 2009 to the Ottawa Centre for Research and Innovation. It provides a quick view of some of the major risks from using Social Networking Tools, and some tips for how to reduce those risks through security awareness.
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
This presentation for discuss the various laws related to computer crime. That is important information that
technical people probably know little about, and of which even law-enforcement
officers may need more in-depth knowledge, but in which most attorneys would
already be well versed. If any aspect of your work brings you into contact with
computer crime, then this book is for you. It is also appropriate for college
courses on computer crime.
What is social engineering & why it is importantVikram Khanna
Social engineering is a popular technique amongst hackers because it is often easier to exploit users' weaknesses than it is to find a network or software vulnerability. View the presentation and happy learning!
I’ve Been Hacked The Essential Steps to Take NextBrian Pichman
Description: It happens. A place you shop at frequently gets its data stolen. Someone was able to get access to one of your accounts. Or a system you manage gets compromised. Either way, it is important to be prepared ahead of time before the worst happens. Join Brian Pichman as he helps you put a proactive plan in place and what to do after you or your organization has been hacked.
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
We live in the cyberspace but nobody talked us about cybersecurity. The web , deep web and the dark web. The different vectors of cyberattacks. Recommendations to stay protected.
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
This presentation for discuss the various laws related to computer crime. That is important information that
technical people probably know little about, and of which even law-enforcement
officers may need more in-depth knowledge, but in which most attorneys would
already be well versed. If any aspect of your work brings you into contact with
computer crime, then this book is for you. It is also appropriate for college
courses on computer crime.
What is social engineering & why it is importantVikram Khanna
Social engineering is a popular technique amongst hackers because it is often easier to exploit users' weaknesses than it is to find a network or software vulnerability. View the presentation and happy learning!
I’ve Been Hacked The Essential Steps to Take NextBrian Pichman
Description: It happens. A place you shop at frequently gets its data stolen. Someone was able to get access to one of your accounts. Or a system you manage gets compromised. Either way, it is important to be prepared ahead of time before the worst happens. Join Brian Pichman as he helps you put a proactive plan in place and what to do after you or your organization has been hacked.
Unveiling the dark web. The importance of your cybersecurity postureLourdes Paloma Gimenez
We live in the cyberspace but nobody talked us about cybersecurity. The web , deep web and the dark web. The different vectors of cyberattacks. Recommendations to stay protected.
1. SECURITY AND SOCIAL
ENGINEERING
US Department of Commerce
Office of Security
Updated 09/26/11
Security is Everyone's Responsibility – See Something, Say Something! 1
2. Objectives
Understand the principles of social
engineering
Define the goals of social engineering
Recognize the signs of social engineering
Identify ways to protect yourself from
social engineering
Security is Everyone's Responsibility – See Something, Say Something! 2
3. What is Social Engineering
1. At its core it is manipulating a person into
knowingly or unknowingly giving up
information; essentially 'hacking' into a
person to steal valuable information.
• Psychological manipulation
• Trickery or Deception for the purpose of information
gathering
Security is Everyone's Responsibility – See Something, Say Something! 3
4. What is Social Engineering
2. It is a way for criminals to gain access to
information systems. The purpose of social
engineering is usually to secretly install
spyware, other malicious software or to trick
persons into handing over passwords
and/or other sensitive financial or personal
information
Security is Everyone's Responsibility – See Something, Say Something! 4
5. What is Social Engineering
3. Social engineering is one of the most
effective routes to stealing confidential data
from organizations, according to Siemens
Enterprise Communications, based in
Germany. In a recent Siemens test, 85
percent of office workers were duped by
engineering.
“Most employees are utterly unaware that they are being
manipulated,” says Colin Greenlees, security and
counter-fraud consultant at Siemens.
Security is Everyone's Responsibility – See Something, Say Something! 5
6. What are they looking for
• Obtaining simple information such as your pet's name,
where you're from, the places you've visited;
information that you'd give out freely to your friends.
– Think of yourself as a walking computer, full of valuable
information about yourself. You've got a name, address, and
valuables. Now categorize those items like a business does.
Personally identifiable data, financial information, cardholder
data, health insurance data, credit reporting data, and so on…
Security is Everyone's Responsibility – See Something, Say Something! 6
7. What are they looking for
• Take a close look at some of the 'secure' sites you
log into. Some have a 'secret question' you have to
answer, if you cannot remember your username or
password. The questions seem pretty tough for an
outsider looking into trying to hack into your
account.
What's the name of your first pet?
What is your maiden name?
When was your mother/father born?
Where were you born?
Do these sound familiar?
Security is Everyone's Responsibility – See Something, Say Something! 7
8. Tactics
1. Pretexting – Creating a fake scenario
2. Phishing – Send out bait to fool victims into giving
away their information
3. Fake Websites – Molded to look like the real thing.
Log in with real credentials that are now compromised
4. Fake Pop-up – Pops up in front of real web site to
obtain user credentials
Security is Everyone's Responsibility – See Something, Say Something! 8
9. Protecting Yourself
A security aware culture can help employees identify and repel social engineering
attacks
Recognize inappropriate requests for information
Take ownership for corporate security
Understand risk and impact of security breeches
Social engineering attacks are personal
Password management
Two factor authentication
Physical security
Understand what information you are putting on the Web for targeting at
social network sites
Google Twitter
MySpace Facebook
Personal Blogs LinkedIn
Security is Everyone's Responsibility – See Something, Say Something! 9
10. Protecting Yourself
1. Network defenses to repel virus
• Virus protection (McAfee, Norton, Symantec, etc…)
• Email attachment scanning
• Firewalls, etc…
2. Organizations must decide what information is sensitive
3. Security must be periodically tested
4. Contact your security office immediately if you have any concerns
at work
Security is Everyone's Responsibility – See Something, Say Something! 10