SlideShare a Scribd company logo

Social Engineering

Download as PPT, PDF
G
GiddingsComputerServices

This document discusses social engineering and phishing scams. It defines social engineering as manipulation to gain information through deception. Phishing involves using fake websites, emails or SMS to steal personal information. Various types of phishing are covered, including email, website, IM and those using URL shorteners. The document warns about how social engineers may try to get computer access through exploits or malicious Java apps embedded in phishing pages. It provides tips on verifying sender information and advises not sharing personal details unless the caller is known.

Technology
1 of 13
Harold Giddings Giddings Computer Services Social Engineering and Phishing Scams Avoiding Social Engineering Online
Overview • What is social engineering • What is phishing • What types of phishing are there • What do social engineers do • How do you protect yourself Feel free to ask questions Security II: Turn off the Message Bar and run code safely
What Is Social Engineering? •Manipulation •Method to gain information •The Art of Deception Security II: Turn off the Message Bar and run code safely
What Is Phishing? • A fake website, email, or sms used to obtain information • A method to obtain information • A form of deception • Used to commit ID theft (financial or social) Security II: Turn off the Message Bar and run code safely
What Do Social Engineers Do | Tools Used •Manipulation •Theft •Information •Corporate Spies •Social Engineer Toolkit •Caller ID Spoofing •SMS Spoofing •Modified Web Servers •TinyURL Services •Fake IDS Security II: Turn off the Message Bar and run code safely
Email Phishing An email from Wachovia, Wonder whats up with my account Be aware of emails like this, banks will never ask for your login details online. If concerned call your bank and NEVER respond to such emails Note: A good tip off (but not always accurate) is to see if it was marked as spam, usually these users use unverified smtp servers that will be marked as spam, use a more secure email service like Google’s Gmail service. Security II: Turn off the Message Bar and run code safely “Your account access will remain limited until the issue has been resolved please login to your account by clicking on the link below”
Website Phishing What is wrong with this picture? It appears to be the paypal login page…….right? Above you see the paypal login page, but look at the blown up image to right right and you’ll notice that the address bar does not read paypal.com This is a fake paypal spoof or clone (phish) that appears to be paypal in order to steal your money and account details Security II: Turn off the Message Bar and run code safely
IM Phishing Fake IM’s can link you to phished websites to gain your login info The user send the victim a fake IM, telling him he uploaded some photos online The victim, concerned checks out the site, thinking he needs to login to the (fake) site to see the images, gives the social engineer his login details Security II: Turn off the Message Bar and run code safely
TinyURL URL shorteners like Tinyurl.com can be useful to make long urls shorter for you to send in emails or im’s. But they can also be useful to Social Enginners and Phishers This site makes long urls short Ex: http://google.com/long_address_that_is_long is changed to http://tinyurl.com/shorter_url But that means the phisher can make a suspisous url look safe Ex: 489.45.145.156/facebook.php look like http://tinyurl.com/my_new_fb_pics Security II: Turn off the Message Bar and run code safely
Phishing For More Fake or Phished websites can include java or browser exploits that give the social engineer full access to your pc To the right is an attacker using an iPhone 4 to make a fake facebook login page, shown above. Instead of taking the users login info, he uses a java exploit to access the entire machine Security II: Turn off the Message Bar and run code safely
The Java Applet Some phished WebPages will use java applications to allow them FULL access to your computer Sometimes they are persistent, that’s a sign of an exploited java app Does the publisher match the site? Does the From address? Does the site have a good reason to run java? Ask yourself questions before doing something to save yourself trouble Security II: Turn off the Message Bar and run code safely
Call Spoofing Some social engineers will call you using fake information trying to verify your account information Using free software or cheap online services anyone can fake their caller id Never talk about personally identifiable information unless you are Ask yourself if you know sure you know who your talking to, preferably only if you called them. person, if they sound the right. If you have an iPhone use apps like unhide to show the true caller id of the user Security II: Turn off the Message Bar and run code safely
Resources http://www.secmaniac.com/ http://www.offensive-security.com/ http://www.backtrack-linux.org/ http://www.hak5.org http://www.remote-exploit.org http://www.metasploit.com http://www.exploit-db.com/ http://www.social-engineer.org/ http://www.darkreading.com/ http://www.spoofcard.com Security II: Turn off the Message Bar and run code safely

Recommended

Social engineering
Social engineeringSocial engineering
Social engineering
Harold Giddings
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
Shethwala Ridhvesh
 
Phishing
PhishingPhishing
Phishing
Jayaseelan Vejayon
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-Updated
Jayaseelan Vejayon
 
AI And Cyber-security Threats
AI And Cyber-security ThreatsAI And Cyber-security Threats
AI And Cyber-security Threats
Spotle.ai
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
anjuselina
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 

Recommended

Social engineering
Social engineeringSocial engineering
Social engineering
Harold Giddings
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
Shethwala Ridhvesh
 
Phishing
PhishingPhishing
Phishing
Jayaseelan Vejayon
 
Phishing attack
Phishing attackPhishing attack
Phishing attack
Raghav Chhabra
 
Phishing-Updated
Phishing-UpdatedPhishing-Updated
Phishing-Updated
Jayaseelan Vejayon
 
AI And Cyber-security Threats
AI And Cyber-security ThreatsAI And Cyber-security Threats
AI And Cyber-security Threats
Spotle.ai
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Security
anjuselina
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
Sachin Saini
 
Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
Avishek Datta
 
Phishing
PhishingPhishing
Phishing
Syahida
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internet
mohmd-kutbi
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
Sreejith.D. Menon
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Phishing
PhishingPhishing
Phishing
Kiran Patil
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
Mark Mair
 
What is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaWhat is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | Edureka
Edureka!
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
aleeya91
 
The Difference between Pharming and Phishing
The Difference between Pharming and PhishingThe Difference between Pharming and Phishing
The Difference between Pharming and Phishing
Mason Bird
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
MH BS
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Er. Rahul Jain
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
Creative Technology
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
Narendra Singh
 
Phishing
PhishingPhishing
Phishing
oitaoming
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
IJAEMSJORNAL
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
Krishma Sandesra
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
harpinderkaur123
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twins
Nilantha Piyasiri
 
Cross platform mobile development with C#
Cross platform mobile development with C#Cross platform mobile development with C#
Cross platform mobile development with C#
chriskoiak
 
Introduction to iOS with C# using Xamarin
Introduction to iOS with C# using XamarinIntroduction to iOS with C# using Xamarin
Introduction to iOS with C# using Xamarin
Craig Dunn
 

More Related Content

What's hot

Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
Avishek Datta
 
Phishing
PhishingPhishing
Phishing
Syahida
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internet
mohmd-kutbi
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
Sreejith.D. Menon
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Phishing
PhishingPhishing
Phishing
Kiran Patil
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
Mark Mair
 
What is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaWhat is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | Edureka
Edureka!
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
aleeya91
 
The Difference between Pharming and Phishing
The Difference between Pharming and PhishingThe Difference between Pharming and Phishing
The Difference between Pharming and Phishing
Mason Bird
 
Phishing
PhishingPhishing
Phishing
SouganthikaSankaresw
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
MH BS
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Er. Rahul Jain
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
Creative Technology
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
Narendra Singh
 
Phishing
PhishingPhishing
Phishing
oitaoming
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
IJAEMSJORNAL
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
Krishma Sandesra
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
harpinderkaur123
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twins
Nilantha Piyasiri
 

What's hot (20)

Phishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark WorldPhishing--The Entire Story of a Dark World
Phishing--The Entire Story of a Dark World
 
Phishing
PhishingPhishing
Phishing
 
Identity theft in the internet
Identity theft in the internetIdentity theft in the internet
Identity theft in the internet
 
Strategies to handle Phishing attacks
Strategies to handle Phishing attacksStrategies to handle Phishing attacks
Strategies to handle Phishing attacks
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
 
Phishing
PhishingPhishing
Phishing
 
Anatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing AttackAnatomy of a Spear Phishing Attack
Anatomy of a Spear Phishing Attack
 
What is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | EdurekaWhat is Phishing? Phishing Attack Explained | Edureka
What is Phishing? Phishing Attack Explained | Edureka
 
Ict Phishing (Present)
Ict Phishing (Present)Ict Phishing (Present)
Ict Phishing (Present)
 
The Difference between Pharming and Phishing
The Difference between Pharming and PhishingThe Difference between Pharming and Phishing
The Difference between Pharming and Phishing
 
Phishing
PhishingPhishing
Phishing
 
ICT-phishing
ICT-phishingICT-phishing
ICT-phishing
 
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
Phishing attacks, Types Of Phishing Attacks, How To Avoid Phishing Attacks
 
A presentation on Phishing
A presentation on PhishingA presentation on Phishing
A presentation on Phishing
 
Seminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII SemSeminaar Report of Phishing VIII Sem
Seminaar Report of Phishing VIII Sem
 
Phishing
PhishingPhishing
Phishing
 
A Review on Antiphishing Framework
A Review on Antiphishing FrameworkA Review on Antiphishing Framework
A Review on Antiphishing Framework
 
Phishing scams in banking ppt
Phishing scams in banking pptPhishing scams in banking ppt
Phishing scams in banking ppt
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
phishing and pharming - evil twins
phishing and pharming - evil twinsphishing and pharming - evil twins
phishing and pharming - evil twins
 

Viewers also liked

Cross platform mobile development with C#
Cross platform mobile development with C#Cross platform mobile development with C#
Cross platform mobile development with C#
chriskoiak
 
Introduction to iOS with C# using Xamarin
Introduction to iOS with C# using XamarinIntroduction to iOS with C# using Xamarin
Introduction to iOS with C# using Xamarin
Craig Dunn
 
Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#
James Montemagno
 
PassKit on iOS6
PassKit on iOS6PassKit on iOS6
PassKit on iOS6
Craig Dunn
 
Mobile development strategies with MVVM
Mobile development strategies with MVVMMobile development strategies with MVVM
Mobile development strategies with MVVM
James Montemagno
 
Developing native iOS & Android apps in c# with xamarin
Developing native iOS & Android apps in c# with xamarinDeveloping native iOS & Android apps in c# with xamarin
Developing native iOS & Android apps in c# with xamarin
James Montemagno
 
Cross Platform, Native Mobile Application Development Using Xamarin and C#
Cross Platform, Native Mobile Application Development Using Xamarin and C#Cross Platform, Native Mobile Application Development Using Xamarin and C#
Cross Platform, Native Mobile Application Development Using Xamarin and C#
Shravan Kumar Kasagoni
 
Portable Class Library Deep Dive
Portable Class Library Deep DivePortable Class Library Deep Dive
Portable Class Library Deep Dive
James Montemagno
 
Native i os, android, and windows development in c# with xamarin 4
Native i os, android, and windows development in c# with xamarin 4Native i os, android, and windows development in c# with xamarin 4
Native i os, android, and windows development in c# with xamarin 4
Xamarin
 
TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...
TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...
TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...
Paulo Cesar Ortins Brito
 

Viewers also liked (10)

Cross platform mobile development with C#
Cross platform mobile development with C#Cross platform mobile development with C#
Cross platform mobile development with C#
 
Introduction to iOS with C# using Xamarin
Introduction to iOS with C# using XamarinIntroduction to iOS with C# using Xamarin
Introduction to iOS with C# using Xamarin
 
Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#Cross Platform Mobile Development in C#
Cross Platform Mobile Development in C#
 
PassKit on iOS6
PassKit on iOS6PassKit on iOS6
PassKit on iOS6
 
Mobile development strategies with MVVM
Mobile development strategies with MVVMMobile development strategies with MVVM
Mobile development strategies with MVVM
 
Developing native iOS & Android apps in c# with xamarin
Developing native iOS & Android apps in c# with xamarinDeveloping native iOS & Android apps in c# with xamarin
Developing native iOS & Android apps in c# with xamarin
 
Cross Platform, Native Mobile Application Development Using Xamarin and C#
Cross Platform, Native Mobile Application Development Using Xamarin and C#Cross Platform, Native Mobile Application Development Using Xamarin and C#
Cross Platform, Native Mobile Application Development Using Xamarin and C#
 
Portable Class Library Deep Dive
Portable Class Library Deep DivePortable Class Library Deep Dive
Portable Class Library Deep Dive
 
Native i os, android, and windows development in c# with xamarin 4
Native i os, android, and windows development in c# with xamarin 4Native i os, android, and windows development in c# with xamarin 4
Native i os, android, and windows development in c# with xamarin 4
 
TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...
TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...
TDC Porto Alegre 2014 - Quer desenvolver aplicações nativas e cross-plataform...
 

Similar to Social Engineering

Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishing
thecorrosiveone
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
Preeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
Preeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
Preeti Papneja
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
Sushil Kumar
 
Phishing
PhishingPhishing
Phishing
shivli0769
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
Quick Heal Technologies Ltd.
 
IB Fraud
IB FraudIB Fraud
IB Fraud
Md. Shazzad Hossain CISA, CISM, CRISC, MBA (Fin)
 
Phis
PhisPhis
Phis
Presentaionslive.blogspot.com
 
Guide to facebook security
Guide to facebook securityGuide to facebook security
Guide to facebook security
Ernest Staats
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
srishtig993
 
10.a guide-to-facebook-security
10.a guide-to-facebook-security10.a guide-to-facebook-security
10.a guide-to-facebook-security
robert mota
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
Muhammad Haroon CISM PCI QSA ISMS LA CPTS CEH
 
Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018
Ronak Jain
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
MaherHamza9
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacks
Namik Heydarov
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy Basics
Excellence Foundation for South Sudan
 
Phishing
PhishingPhishing
Phishing
Sagar Rai
 
CYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYCYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTY
FaMulan2
 
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjrpypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
SurajGurushetti
 

Similar to Social Engineering (20)

Social engineering and Phishing
Social engineering and PhishingSocial engineering and Phishing
Social engineering and Phishing
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Phishing
PhishingPhishing
Phishing
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
IB Fraud
IB FraudIB Fraud
IB Fraud
 
Phis
PhisPhis
Phis
 
Guide to facebook security
Guide to facebook securityGuide to facebook security
Guide to facebook security
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
10.a guide-to-facebook-security
10.a guide-to-facebook-security10.a guide-to-facebook-security
10.a guide-to-facebook-security
 
Exploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In PhishingExploring And Investigating New Dimensions In Phishing
Exploring And Investigating New Dimensions In Phishing
 
Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018Five cyber threats to be careful in 2018
Five cyber threats to be careful in 2018
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacks
 
Masterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy BasicsMasterclass_ Cybersecurity and Data Privacy Basics
Masterclass_ Cybersecurity and Data Privacy Basics
 
Phishing
PhishingPhishing
Phishing
 
CYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTYCYBER ETHICS, CRIMES AND SAFTY
CYBER ETHICS, CRIMES AND SAFTY
 
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjrpypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
 

Recently uploaded

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 

Recently uploaded (20)

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 

Social Engineering

  • 1. Harold Giddings Giddings Computer Services Social Engineering and Phishing Scams Avoiding Social Engineering Online
  • 2. Overview • What is social engineering • What is phishing • What types of phishing are there • What do social engineers do • How do you protect yourself Feel free to ask questions Security II: Turn off the Message Bar and run code safely
  • 3. What Is Social Engineering? •Manipulation •Method to gain information •The Art of Deception Security II: Turn off the Message Bar and run code safely
  • 4. What Is Phishing? • A fake website, email, or sms used to obtain information • A method to obtain information • A form of deception • Used to commit ID theft (financial or social) Security II: Turn off the Message Bar and run code safely
  • 5. What Do Social Engineers Do | Tools Used •Manipulation •Theft •Information •Corporate Spies •Social Engineer Toolkit •Caller ID Spoofing •SMS Spoofing •Modified Web Servers •TinyURL Services •Fake IDS Security II: Turn off the Message Bar and run code safely
  • 6. Email Phishing An email from Wachovia, Wonder whats up with my account Be aware of emails like this, banks will never ask for your login details online. If concerned call your bank and NEVER respond to such emails Note: A good tip off (but not always accurate) is to see if it was marked as spam, usually these users use unverified smtp servers that will be marked as spam, use a more secure email service like Google’s Gmail service. Security II: Turn off the Message Bar and run code safely “Your account access will remain limited until the issue has been resolved please login to your account by clicking on the link below”
  • 7. Website Phishing What is wrong with this picture? It appears to be the paypal login page…….right? Above you see the paypal login page, but look at the blown up image to right right and you’ll notice that the address bar does not read paypal.com This is a fake paypal spoof or clone (phish) that appears to be paypal in order to steal your money and account details Security II: Turn off the Message Bar and run code safely
  • 8. IM Phishing Fake IM’s can link you to phished websites to gain your login info The user send the victim a fake IM, telling him he uploaded some photos online The victim, concerned checks out the site, thinking he needs to login to the (fake) site to see the images, gives the social engineer his login details Security II: Turn off the Message Bar and run code safely
  • 9. TinyURL URL shorteners like Tinyurl.com can be useful to make long urls shorter for you to send in emails or im’s. But they can also be useful to Social Enginners and Phishers This site makes long urls short Ex: http://google.com/long_address_that_is_long is changed to http://tinyurl.com/shorter_url But that means the phisher can make a suspisous url look safe Ex: 489.45.145.156/facebook.php look like http://tinyurl.com/my_new_fb_pics Security II: Turn off the Message Bar and run code safely
  • 10. Phishing For More Fake or Phished websites can include java or browser exploits that give the social engineer full access to your pc To the right is an attacker using an iPhone 4 to make a fake facebook login page, shown above. Instead of taking the users login info, he uses a java exploit to access the entire machine Security II: Turn off the Message Bar and run code safely
  • 11. The Java Applet Some phished WebPages will use java applications to allow them FULL access to your computer Sometimes they are persistent, that’s a sign of an exploited java app Does the publisher match the site? Does the From address? Does the site have a good reason to run java? Ask yourself questions before doing something to save yourself trouble Security II: Turn off the Message Bar and run code safely
  • 12. Call Spoofing Some social engineers will call you using fake information trying to verify your account information Using free software or cheap online services anyone can fake their caller id Never talk about personally identifiable information unless you are Ask yourself if you know sure you know who your talking to, preferably only if you called them. person, if they sound the right. If you have an iPhone use apps like unhide to show the true caller id of the user Security II: Turn off the Message Bar and run code safely

Editor's Notes

  1. And remember, if a file contains unsigned code, never open it unless you’re sure you can trust its creator.
  2. Note: This process is slightly different in Microsoft Office Outlook® and Microsoft Office Publisher.