SlideShare a Scribd company logo

Social engineering: A Human Hacking Framework

Download as PPTX, PDF
Jahangirnagar University
Jahangirnagar University

This slide gives a brief description of social engineering, its classcification, attack environment and various impersonation scenario which will give the audinece a sound knowledge on social engineering technique.

Engineering
1 of 26
Social Engineering: A Human Hacking Framework AUTHOR SHUDARSHON CHAKI
Summary  Social engineering is the specialty of persuading individuals to uncover secret data.  It includes gaining sensitive data or unseemly get to benefits by an outsider.  Intruders endeavor social designing assaults on office specialists to concentrate valuable information.  Human-based social designing alludes to individual to-individual association to recover the sought data.  PC based social designing refers to having PC programming that endeavors to retrieve the craved data.  Data fraud happens when somebody takes your name and other individual data for fake purposes.  An effective safeguard relies on upon having great strategies and their industrious usage.
Statistics  88% clicking links in the email are reported as phishing  77% of phishing are all socially based  90% of all emails are spam & virus  13.3 Million users reported phishing attacks in 2013  88% of the stolen data were personal information  2.4 M customers targeted for phone fraud all for 2012  2.3 M customers targeted for phone fraud for first half of 2013  Among them 26% lures the user for calling a number, 14% for replying to text & 60% for clicking on a link  Average victims lost $4,187 a year  Top place for this attack was work area of personal and corporate
Introduction  Passive penetration using social engineering depends on the fact that users are unaware of their valuable information and they are not sincere enough to protect it against fraud.  Victims include help desk personnel, technical support executive, system admins, VIP, business person, corporate, bankers etc.  Several behaviors are vulnerable to attacks: human nature of trust, ignorance about social engineering, tendency to promise something for nothing, greediness & lack of moral obligation.  There are several factors that make corporates to vulnerable to this attack are: insufficient security training, unregulated access to information, several organizational units and lack of security policies.  Social Engineering leads an organization to economic loss, privacy loss, temporary or permanent closure, damage of goodwill etc.
Why this method is effective ?  Difficult to detect social engineering attempts  No software or hardware based approach to prevent human stupidity  No method to ensure complete security from social engineering  As to err is human, so security policies are as somehow weakest to a link  Human does not continuously safeguard his/her activity and can not change their behavioral pattern frequently. This thing suspects to social engineering vulnerability.  Diversifying the human nature everywhere is not absolutely possible. But lack of this practice drives them to social engineering attack.
Phases in social engineering  Researching upon target company includes: websites, whoislookups, pipl.com, employees, dumpster diving etc.  Selecting victim includes finding out the frustrated employees of the target company  Developing relationship with targeted employees  Exploiting the relationship includes: collecting sensitive information, financial information and current technologies  Getting in touch with the sensitive data and retrieving personal information from the victim.
Classification of Social Engineering  Social engineering falls into three category. They are human based, computer based and mobile based.  Human based social engineering refers to pretending some one legitimate or as an authorized person.  Computer based social engineering refers to use pop up windows, hoax, chain letters, spam emails to lure users for trapping.  Mobile based social engineering refers to publishing malicious apps on app store, publishing fake security applications, using SMS etc.
Attack Environment  We will discuss several social engineering based attack here. These attacks fall in different categories which are mentioned in the previous slide.  Social engineering is carried out through impersonation. Such as attempting to extract sensitive information from the help desk. Help desks are mostly a weakest link since they are in the place to help explicitly.  Attacker also apply third party authorization to retrieve valuable information from organization. At first they obtain the name of authorized employee having an access to the information attacker wants. Next the attacker tries to call the target organization demanding that the particular employee is in need of the information.  If target organization provides the attacker access to the information they get trapped.
 Another technique the attackers use to apply this kind of attack is being tech support and repairman. Attacker pretends to be technical support staff of organizations software or hardware vendor. Then claims user ID and password for troubleshooting problem in the organization. Once these credentials are obtained then attacker looks for the information and retrieve it.  Again attacker may pose as cable/telephone technician to enter the target organization. After getting access in the organization they may plant snooping devices to gain hidden passwords of the employees.  Being a trusted authority figure attackers attempt to execute social engineering attack. Cont..
 Other popular classified social engineering attacks are eavesdropping and shoulder surfing. Eavesdropping refers to unauthorized listening of conversations or reading personal contents. Also covers interception audio, video or written medium of communication.  Shoulder surfing means to look over someone's shoulder to retrieve information like password, PIN or account numbers etc.  This strategy can also be implied with vision surfing devices such as binocular.  Another attempts of social engineering attack includes dumpster diving which means looking for valuable information in trash of target user.  Other attack strategies under social engineering includes piggybacking, tailgating & reverse social engineering. Cont..
Cont..  Besides human based impersonation it is also popular to launch computer based social engineering attack which consists of instant chat messenger, pop- up windows, spam email, chain letters etc.  One of the most popular social engineering attack is phasing. It is an illegitimate email luring users to provide their personal information. These messages falsely claim themselves from legitimate web sites.  Another derivation from the phishing is spear phishing which is targeted at specific individual within an organization. Basically it results in a higher response rate than conventional phishing.  Specialized messages are furnished for specialized attack for target individuals.
 Alongside using computers, mobile are also a great medium for the attackers to execute social engineering attack. Since mobiles are highly available in comparing to other devices thus it is one of the key medium and top choices to the attackers.  Attackers publish apps with lucrative features, similar name to popular apps to attract users. Once users get these apps installed then they send user credential to the remote attackers. End user remain unware of these total facts.  Generally malicious developers download popular apps and repackage them with malwares. Then they re-upload them in the third party app store.  End users download these apps and get infected. Cont..
 Another widespread technique under social engineering is to temp the users to install fake security applications via pop-up, email etc.  Users suddenly feel unsecured without these applications and many of them without a second thought install these software. These software exploit all the user privileges, activities. They steal valuable information from the user computer and upload them to remote server.  Apart from apps based social engineering technique it is also popular to exploit user using text, phone call based approach.  Attacker send fake message to the target user’s phone and drive them to make a phone call to a specific number. When users dials to the number the he/she actually hears a recording asking the user for their credentials for any security issues.  If user get convinced then they reveal their sensitive information. Cont..
 Attackers also perform social engineering attack through social network websites like Facebook, twitter, LinkedIn, google plus etc. They create fake accounts in others name and gather confidential information about target users from the websites.  They create large network of friends and extract information from them via social engineering.  They try to join the employee group of large organizations where company share their various information.  They also use collected information to carry out other forms of social engineering attacks.  The information which attacker looks for are date of birth, educational qualification, spouse names etc. Cont..
 Another popular application of social engineering is identity theft. It happens when someone stelas ones identity for fraud purposes.  Personal information includes name, email, phone numbers, credit card number, social security number or driving licenses. After obtaining these information attacker commit several crimes.  They try to impersonate the employees of the organization and physically access into the corporation.  Sometimes they produce false proof of identity to request new identity which might often be threat for the information stolen person. Cont..
Demonstration of attack  In previous slides we have talked about various social engineering attack scenario. Now we have demonstrated them if the following slides. Each images are unique and drawn using Microsoft Visio 2016.  These figures consists of the following social engineering techniques. They are impersonation, mobile based & computer based social engineering, tampering frustrated employees etc.
Countermeasure  Social engineering can be countermeasure through good polices and procedures.  But these things are effective if and only if employees & individuals het well trained and get adapted with these things.  Some password policies include: parodic password change, avoiding guessable password, blocking accounts after fail , attempts, complexity in password, secrecy of password, high dimensionality in the password providing techniques etc.  Some physical policies include: identifying employees through uniform, ID, badges etc., using garbage shredder for unnecessary documents, access are restriction, escorting the visitors etc.
 Some countermeasure for social engineering includes:  Training: Employees are required a lot of training to become conscious and prevention techniques about this kind of attack in the organization. They should be aware of the security policies. Motivation for the employees are also needed to keep them away for organizational frustration.  Access Privileges: Administrator, guest, normal user accounts should be kept apart with proper authorization.  Operational Guidelines: Making sure that sensitive information get touched by only authorized users.  Classification of information: Information should be categorized as top secret, preparatory, internal use only, public etc.  There should be also good lessons on proper time incidence based response from the employees in case of social engineering. Cont..
 Along side humanoid approaches there should be also some software based approaches to counter social engineering. Multiple layers of antivirus defense and mail gateway levels should be protected with security soft wares to prevent social engineering.  Instead of password sometime biometric or two step authentication should be implied.  Document change management process should be applied rather than ad hoc processes.  Several toolbars can be used in the browser to prevent social engineering. Such as Netcraft, PhisTank etc, Cont..
 Apart from being safe internally into the organization it is also needed to put safeguard of the organization in the web.  Several techniques can be adopted to do so:  Protecting personal information from being exposed  Suspecting and verifying all personal data request  No need to display account number or contact number unless necessary  Denying to provide personal information on the phone  Checking mailboxes regularly and creating rules. Need to flag the legitimate contacts.  Never to do add unknown contacts in the social network website. Cont..
 To prevent social engineering attack, emails must be handled very carefully. Keeping the mailboxes empty as soon as possible makes it harder for the intruder.  Employees should be specially trained about good interpersonal skill, good communication skill, creativity and talkative and friendly nature of attackers.  Attackers often apply the mentioned behaviors to convince their target.
THANK YOU

Recommended

Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 

Recommended

Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Phising a Threat to Network Security
Phising a Threat to Network SecurityPhising a Threat to Network Security
Phising a Threat to Network Securityanjuselina
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Phishing
PhishingPhishing
PhishingAlka Falwaria
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityAkash Dhiman
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on PhishingPankaj Yadav
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringn|u - The Open Security Community
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?Quick Heal Technologies Ltd.
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)Anshuman Tripathi
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 

More Related Content

What's hot

Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityAkash Dhiman
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gbensonoo
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeAtlantic Training, LLC.
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing AttacksSysCloud
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Nicholas Davis
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing AttacksJagan Mohan
 
Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)Anshuman Tripathi
 

What's hot (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineering Social engineering
Social engineering
 
Cyber security
Cyber securityCyber security
Cyber security
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?What is Phishing and How can you Avoid it?
What is Phishing and How can you Avoid it?
 
Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids Information Security Awareness: at Work, at Home, and For Your Kids
Information Security Awareness: at Work, at Home, and For Your Kids
 
Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniques
 
Phishing Attacks
Phishing AttacksPhishing Attacks
Phishing Attacks
 
Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)Cyber crime-140128140443-phpapp02 (1)
Cyber crime-140128140443-phpapp02 (1)
 

Viewers also liked

The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkRichard Common
 
Customer Human Engineering jmg
Customer Human Engineering jmgCustomer Human Engineering jmg
Customer Human Engineering jmgJose Garcia
 
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...Eternal Power Foundation
 
2010년 상반기 보안 위협 동향과 주요 보안 위협
2010년 상반기 보안 위협 동향과 주요 보안 위협2010년 상반기 보안 위협 동향과 주요 보안 위협
2010년 상반기 보안 위협 동향과 주요 보안 위협Youngjun Chang
 
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
IT보안과 사회공학(Social Engineering)
IT보안과 사회공학(Social Engineering)IT보안과 사회공학(Social Engineering)
IT보안과 사회공학(Social Engineering)Youngjun Chang
 
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen CatheySocial Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Catheynwrecruit
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking peopleTudor Damian
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 

Viewers also liked (15)

The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest Link
 
Social engineering
Social engineering Social engineering
Social engineering
 
Customer Human Engineering jmg
Customer Human Engineering jmgCustomer Human Engineering jmg
Customer Human Engineering jmg
 
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...
 
2010년 상반기 보안 위협 동향과 주요 보안 위협
2010년 상반기 보안 위협 동향과 주요 보안 위협2010년 상반기 보안 위협 동향과 주요 보안 위협
2010년 상반기 보안 위협 동향과 주요 보안 위협
 
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
IT보안과 사회공학(Social Engineering)
IT보안과 사회공학(Social Engineering)IT보안과 사회공학(Social Engineering)
IT보안과 사회공학(Social Engineering)
 
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen CatheySocial Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking people
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 

Similar to Social engineering: A Human Hacking Framework

Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT WorldAkshay Mittal
 
Stay safe online- understanding authentication methods
Stay safe online- understanding authentication methodsStay safe online- understanding authentication methods
Stay safe online- understanding authentication methodsdeorwine infotech
 
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionWhite Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionEMC
 
Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text graphhoc
 
What Are Social Engineering Attacks .pdf
What Are Social Engineering Attacks .pdfWhat Are Social Engineering Attacks .pdf
What Are Social Engineering Attacks .pdfSysvoot Antivirus
 
Social media privacy threats that you need to keep an eye on in 2021
Social media privacy threats that you need to keep an eye on in 2021Social media privacy threats that you need to keep an eye on in 2021
Social media privacy threats that you need to keep an eye on in 2021Impulse Digital
 
Data security concepts chapter 2
Data security concepts chapter 2Data security concepts chapter 2
Data security concepts chapter 2Nickkisha Farrell
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityAardwolf Security
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile securityKavita Rastogi
 
Thouhgts on the future of information technology (IT) software secur.pdf
Thouhgts on the future of information technology (IT) software secur.pdfThouhgts on the future of information technology (IT) software secur.pdf
Thouhgts on the future of information technology (IT) software secur.pdfaminbijal86
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing AttacksRapid7
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenCMR WORLD TECH
 
social engineering attacks.docx
social engineering attacks.docxsocial engineering attacks.docx
social engineering attacks.docxMehwishAnsari11
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...CSCJournals
 
Safeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdf
Safeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdfSafeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdf
Safeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdfCIOWomenMagazine
 

Similar to Social engineering: A Human Hacking Framework (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT World
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Information security threats
Information security threatsInformation security threats
Information security threats
 
Stay safe online- understanding authentication methods
Stay safe online- understanding authentication methodsStay safe online- understanding authentication methods
Stay safe online- understanding authentication methods
 
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of DeceptionWhite Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
 
Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text
 
What Are Social Engineering Attacks .pdf
What Are Social Engineering Attacks .pdfWhat Are Social Engineering Attacks .pdf
What Are Social Engineering Attacks .pdf
 
Social media privacy threats that you need to keep an eye on in 2021
Social media privacy threats that you need to keep an eye on in 2021Social media privacy threats that you need to keep an eye on in 2021
Social media privacy threats that you need to keep an eye on in 2021
 
Data security concepts chapter 2
Data security concepts chapter 2Data security concepts chapter 2
Data security concepts chapter 2
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf Security
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
 
Thouhgts on the future of information technology (IT) software secur.pdf
Thouhgts on the future of information technology (IT) software secur.pdfThouhgts on the future of information technology (IT) software secur.pdf
Thouhgts on the future of information technology (IT) software secur.pdf
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scams
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usenProtecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
Protecting Corporete Credentials Against Threats 4 48159 wgw03071_usen
 
social engineering attacks.docx
social engineering attacks.docxsocial engineering attacks.docx
social engineering attacks.docx
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
 
Safeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdf
Safeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdfSafeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdf
Safeguarding Your Online Presence_ Social Media Cybersecurity Tips.pdf
 

Recently uploaded

Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile servicerehmti665
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Effects of rheological properties on mixing
Effects of rheological properties on mixingEffects of rheological properties on mixing
Effects of rheological properties on mixingviprabot1
 
pipeline in computer architecture design
pipeline in computer architecture designpipeline in computer architecture design
pipeline in computer architecture designssuser87fa0c1
 

Recently uploaded (20)

Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
Call Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile serviceCall Girls Delhi {Jodhpur} 9711199012 high profile service
Call Girls Delhi {Jodhpur} 9711199012 high profile service
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Effects of rheological properties on mixing
Effects of rheological properties on mixingEffects of rheological properties on mixing
Effects of rheological properties on mixing
 
pipeline in computer architecture design
pipeline in computer architecture designpipeline in computer architecture design
pipeline in computer architecture design
 

Social engineering: A Human Hacking Framework

  • 1. Social Engineering: A Human Hacking Framework AUTHOR SHUDARSHON CHAKI
  • 2. Summary  Social engineering is the specialty of persuading individuals to uncover secret data.  It includes gaining sensitive data or unseemly get to benefits by an outsider.  Intruders endeavor social designing assaults on office specialists to concentrate valuable information.  Human-based social designing alludes to individual to-individual association to recover the sought data.  PC based social designing refers to having PC programming that endeavors to retrieve the craved data.  Data fraud happens when somebody takes your name and other individual data for fake purposes.  An effective safeguard relies on upon having great strategies and their industrious usage.
  • 3. Statistics  88% clicking links in the email are reported as phishing  77% of phishing are all socially based  90% of all emails are spam & virus  13.3 Million users reported phishing attacks in 2013  88% of the stolen data were personal information  2.4 M customers targeted for phone fraud all for 2012  2.3 M customers targeted for phone fraud for first half of 2013  Among them 26% lures the user for calling a number, 14% for replying to text & 60% for clicking on a link  Average victims lost $4,187 a year  Top place for this attack was work area of personal and corporate
  • 4. Introduction  Passive penetration using social engineering depends on the fact that users are unaware of their valuable information and they are not sincere enough to protect it against fraud.  Victims include help desk personnel, technical support executive, system admins, VIP, business person, corporate, bankers etc.  Several behaviors are vulnerable to attacks: human nature of trust, ignorance about social engineering, tendency to promise something for nothing, greediness & lack of moral obligation.  There are several factors that make corporates to vulnerable to this attack are: insufficient security training, unregulated access to information, several organizational units and lack of security policies.  Social Engineering leads an organization to economic loss, privacy loss, temporary or permanent closure, damage of goodwill etc.
  • 5. Why this method is effective ?  Difficult to detect social engineering attempts  No software or hardware based approach to prevent human stupidity  No method to ensure complete security from social engineering  As to err is human, so security policies are as somehow weakest to a link  Human does not continuously safeguard his/her activity and can not change their behavioral pattern frequently. This thing suspects to social engineering vulnerability.  Diversifying the human nature everywhere is not absolutely possible. But lack of this practice drives them to social engineering attack.
  • 6. Phases in social engineering  Researching upon target company includes: websites, whoislookups, pipl.com, employees, dumpster diving etc.  Selecting victim includes finding out the frustrated employees of the target company  Developing relationship with targeted employees  Exploiting the relationship includes: collecting sensitive information, financial information and current technologies  Getting in touch with the sensitive data and retrieving personal information from the victim.
  • 7. Classification of Social Engineering  Social engineering falls into three category. They are human based, computer based and mobile based.  Human based social engineering refers to pretending some one legitimate or as an authorized person.  Computer based social engineering refers to use pop up windows, hoax, chain letters, spam emails to lure users for trapping.  Mobile based social engineering refers to publishing malicious apps on app store, publishing fake security applications, using SMS etc.
  • 8. Attack Environment  We will discuss several social engineering based attack here. These attacks fall in different categories which are mentioned in the previous slide.  Social engineering is carried out through impersonation. Such as attempting to extract sensitive information from the help desk. Help desks are mostly a weakest link since they are in the place to help explicitly.  Attacker also apply third party authorization to retrieve valuable information from organization. At first they obtain the name of authorized employee having an access to the information attacker wants. Next the attacker tries to call the target organization demanding that the particular employee is in need of the information.  If target organization provides the attacker access to the information they get trapped.
  • 9.  Another technique the attackers use to apply this kind of attack is being tech support and repairman. Attacker pretends to be technical support staff of organizations software or hardware vendor. Then claims user ID and password for troubleshooting problem in the organization. Once these credentials are obtained then attacker looks for the information and retrieve it.  Again attacker may pose as cable/telephone technician to enter the target organization. After getting access in the organization they may plant snooping devices to gain hidden passwords of the employees.  Being a trusted authority figure attackers attempt to execute social engineering attack. Cont..
  • 10.  Other popular classified social engineering attacks are eavesdropping and shoulder surfing. Eavesdropping refers to unauthorized listening of conversations or reading personal contents. Also covers interception audio, video or written medium of communication.  Shoulder surfing means to look over someone's shoulder to retrieve information like password, PIN or account numbers etc.  This strategy can also be implied with vision surfing devices such as binocular.  Another attempts of social engineering attack includes dumpster diving which means looking for valuable information in trash of target user.  Other attack strategies under social engineering includes piggybacking, tailgating & reverse social engineering. Cont..
  • 11. Cont..  Besides human based impersonation it is also popular to launch computer based social engineering attack which consists of instant chat messenger, pop- up windows, spam email, chain letters etc.  One of the most popular social engineering attack is phasing. It is an illegitimate email luring users to provide their personal information. These messages falsely claim themselves from legitimate web sites.  Another derivation from the phishing is spear phishing which is targeted at specific individual within an organization. Basically it results in a higher response rate than conventional phishing.  Specialized messages are furnished for specialized attack for target individuals.
  • 12.  Alongside using computers, mobile are also a great medium for the attackers to execute social engineering attack. Since mobiles are highly available in comparing to other devices thus it is one of the key medium and top choices to the attackers.  Attackers publish apps with lucrative features, similar name to popular apps to attract users. Once users get these apps installed then they send user credential to the remote attackers. End user remain unware of these total facts.  Generally malicious developers download popular apps and repackage them with malwares. Then they re-upload them in the third party app store.  End users download these apps and get infected. Cont..
  • 13.  Another widespread technique under social engineering is to temp the users to install fake security applications via pop-up, email etc.  Users suddenly feel unsecured without these applications and many of them without a second thought install these software. These software exploit all the user privileges, activities. They steal valuable information from the user computer and upload them to remote server.  Apart from apps based social engineering technique it is also popular to exploit user using text, phone call based approach.  Attacker send fake message to the target user’s phone and drive them to make a phone call to a specific number. When users dials to the number the he/she actually hears a recording asking the user for their credentials for any security issues.  If user get convinced then they reveal their sensitive information. Cont..
  • 14.  Attackers also perform social engineering attack through social network websites like Facebook, twitter, LinkedIn, google plus etc. They create fake accounts in others name and gather confidential information about target users from the websites.  They create large network of friends and extract information from them via social engineering.  They try to join the employee group of large organizations where company share their various information.  They also use collected information to carry out other forms of social engineering attacks.  The information which attacker looks for are date of birth, educational qualification, spouse names etc. Cont..
  • 15.  Another popular application of social engineering is identity theft. It happens when someone stelas ones identity for fraud purposes.  Personal information includes name, email, phone numbers, credit card number, social security number or driving licenses. After obtaining these information attacker commit several crimes.  They try to impersonate the employees of the organization and physically access into the corporation.  Sometimes they produce false proof of identity to request new identity which might often be threat for the information stolen person. Cont..
  • 16. Demonstration of attack  In previous slides we have talked about various social engineering attack scenario. Now we have demonstrated them if the following slides. Each images are unique and drawn using Microsoft Visio 2016.  These figures consists of the following social engineering techniques. They are impersonation, mobile based & computer based social engineering, tampering frustrated employees etc.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21. Countermeasure  Social engineering can be countermeasure through good polices and procedures.  But these things are effective if and only if employees & individuals het well trained and get adapted with these things.  Some password policies include: parodic password change, avoiding guessable password, blocking accounts after fail , attempts, complexity in password, secrecy of password, high dimensionality in the password providing techniques etc.  Some physical policies include: identifying employees through uniform, ID, badges etc., using garbage shredder for unnecessary documents, access are restriction, escorting the visitors etc.
  • 22.  Some countermeasure for social engineering includes:  Training: Employees are required a lot of training to become conscious and prevention techniques about this kind of attack in the organization. They should be aware of the security policies. Motivation for the employees are also needed to keep them away for organizational frustration.  Access Privileges: Administrator, guest, normal user accounts should be kept apart with proper authorization.  Operational Guidelines: Making sure that sensitive information get touched by only authorized users.  Classification of information: Information should be categorized as top secret, preparatory, internal use only, public etc.  There should be also good lessons on proper time incidence based response from the employees in case of social engineering. Cont..
  • 23.  Along side humanoid approaches there should be also some software based approaches to counter social engineering. Multiple layers of antivirus defense and mail gateway levels should be protected with security soft wares to prevent social engineering.  Instead of password sometime biometric or two step authentication should be implied.  Document change management process should be applied rather than ad hoc processes.  Several toolbars can be used in the browser to prevent social engineering. Such as Netcraft, PhisTank etc, Cont..
  • 24.  Apart from being safe internally into the organization it is also needed to put safeguard of the organization in the web.  Several techniques can be adopted to do so:  Protecting personal information from being exposed  Suspecting and verifying all personal data request  No need to display account number or contact number unless necessary  Denying to provide personal information on the phone  Checking mailboxes regularly and creating rules. Need to flag the legitimate contacts.  Never to do add unknown contacts in the social network website. Cont..
  • 25.  To prevent social engineering attack, emails must be handled very carefully. Keeping the mailboxes empty as soon as possible makes it harder for the intruder.  Employees should be specially trained about good interpersonal skill, good communication skill, creativity and talkative and friendly nature of attackers.  Attackers often apply the mentioned behaviors to convince their target.