This document discusses social engineering and identity theft. It begins with an introduction to Gaurav Singh and his interests in social engineering attacks and network penetration testing. It then defines social engineering as the art of stealing information from humans through deception rather than technical attacks. The document outlines common social engineering techniques including impersonation, phishing, and using social media to gather information about targets. It also discusses vulnerabilities that enable social engineering like trust, ignorance, and greed. The document explains the risks of social networking in corporate networks and the process of identity theft. It concludes with recommendations for social engineering countermeasures like strong passwords, access control, and monitoring social media activities.

1. This Is Gaurav Singh
 An Independent researcher in social engineering attack.
 Getting into network penetration testing.
 Diploma final year student.
 A Self made Hacker.

2. SOCIAL ENGINEERING
 The Art of human hacking

3.  Introduction to social engineering
 Social Engineering is an act of stealing information from humans.
As it does not have any interaction with target system or network,
it is considered as a non-technical attack.
 Social Engineering is considered as the art of convincing the target
to reveal information. It may be physically one-to-one interaction
with the target or convincing the target on any platform such as
social media is a popular platform for social engineering.
 This is the fact that people are careless, or unaware of the valuable
information they possess.

4.  Vulnerability to social engineering attacks
 One of the major vulnerability which leads to this of
attack is Trust. The user trust another user and does not
secure their credentials from them. This may lead to an
attack by the user, to the second person may reveal the
information to the third one.
 Ignorance.
 Greed.
 Fear.
 Moral obligation.

5.  What puts companies on risk of social engineering ?
 Insufficient training to employees.
 Lack of control.
 Technical control.
 Administrative control.
 Physical control.
 Huge in size (many number of Employees).
 Lack of policy.

6.  Phases of social engineering
 Four basic phases in social engineering.
 Research Target Company (Dumpsters, websites, employees of
target company).
 Choose victim (Identify frustrated employees of target
company).
 Build Relationship (Develop relationship with target employees).
 Exploit relationship (collect sensitive information & current
technologies).

7.  Social Engineering Techniques
 Types of Social Engineering
 Human-based social engineering
 Impersonation
 Eavesdropping and Shoulder Surfing
 Dumpster Diving
 Reverse Social Engineering
 Piggybacking and Tailgating

8.  Computer-based Social Engineering
 Phishing
 Spear Phishing
 Mobile-based Social Engineering
 Publishing Malicious Apps
 Repacking Legitimate Apps
 Fake Security Apps

9.  Impersonation on social networking site
 Impersonation on social networking site is very popular , easy, and
interesting. The malicious user gathers personal information of
target from different source mostly from social networking sites.
 Gathered information includes full name, recent profile picture,
date of birth, residential address, email address, contact details,
professional details, education details as much as he/she can.
 After gathering the information about target, the target, the
attacker creates an account that is exactly the same with the
account on the social networking site. This fake account is then
introduced to friends and groups joined by the target.

10.  Usually, people do not investigate too much when they get a friend
request, and when they find accurate information, they will
definitely accept the request.
 Once the attacker joined the social media group where a user
shares his personal and organization information, he will get
updates from group. An attacker can also communicate with the
friends of the target user to convince them to reveal information.

11.  Social Engineering Life Cycle

12.  Risk of Social Networking in a Corporate
Networks
 A Social networking site is not secured enough as a corporate
network secures the authenticate, identification, and authorization
of an employee accessing the resource.
 The major risk of social networking is its vulnerability in the
authentication. An attacker may easily manipulate the security
authentication and create a fake account to access the information.
 Any employee may accidentally, and intentionally reveal the
information which may be helpful for the one he is communication
with, or the third person monitoring his conversation. It requires a
need for a strong policy against data leakage.

13.  Identity Theft
Identity theft Overview
 Identity theft is stealing the identification information of
someone. Identity theft is popularly used for frauds.
 Anyone with malicious intent may steal your identification
by gathering document such as utility bills, personal
information and other relevant information and create a
new ID card to impersonate someone.
 It is not all about and ID card. He may use this information
to prove the fake identity and take advantage.

14.  The Process of Identity Theft

15.  Social engineering countermeasures
 Configuring strong password.
 Securing passwords.
 Keep them secret.
 Keep monitoring social networking platform.
 Separation of duties.
 CIA.
 Control Access.
 Least privilege.
 Logging and Auditing.
 Policies.
 Archive & Backup

16.  Mind Map

17. THANK YOU……
 NULL AHMEDABAD/__i_am_root__
/gaurav-singh-a48048162
/_i_am_root_