Uploaded byLearningwithRayYT
1,595 views

Social Engineering Attacks & Principles

This document provides an overview of social engineering attacks. It defines social engineering as manipulating people into giving up confidential information through deception and manipulation. Various social engineering principles are described, including authority, social proof, urgency, and scarcity, which attackers use to carry out successful attacks. Different types of social engineering attacks are also outlined, such as phishing, spear phishing, baiting, DNS spoofing, honey traps, tailgating, shoulder surfing, and impersonation attacks.

Embed presentation

Downloaded 40 times
Friendly Tip: Please take notes to better remember concepts In the following slides we will learn what Social Engineering Attacks are & the Principles used to carry out such attacks Core Cyber Security Concepts
Social Engineering Attacks : " It's the Art of manipulating people, to give up confidential information/resources "
Such attacks are a very low tech form of a security attack. In fact, it doesn’t necessarily require tech expertise at all. It involves attacker or a group of attackers and the target organization/victim. The attackers try to manipulate the target & gain access to sensitive information or resources using social engineering techniques. Social Engineering Attacks :
Social engineering may involve one or more persons trying to gain access to sensitive information, In groups The attackers work together try to create a situation to manipulate the target into giving up info such as credentials or resources such as money. Social Engineering Attacks : They’re all coordinating their efforts and hoping that you’ll lower your guard and grant them access to anything that they might need. Social Engineering Attacks rely on Deceit & manipulation.
There are a number of principles associated with social engineering attacks. When these principles are combined and used effectively, the social engineering attacks have a higher chance of success. Social Engineering Principles:
Social Engineering Principles: We'll start with 'Authority'. Humans tend to cooperate and listen to authority figures and attackers who use social engineer often rely on this principle. -> Authority The attacker contacts the unsuspecting victim claim that they're from the tax department and states that the target owes taxes, the attacker continues to state that evading tax is a criminal offense and threatens the target with jail time.
By pretending to be an authority figure, the attacker tries to scare the victim, to put pressure on the victim and cause panic. Panicked individuals don't think straight & the attacker uses this to their advantage. When the victim is unable to think straight, The attacker presents a " Solution " Social Engineering Principles: -> Authority
Social Engineering Principles: -> Authority The attacker claims that the victim looks like they made a honest mistake and assures that they'll take care of the "issue" but only if the victim immediately clears the "dues" If the victim isn't compliant, they'll threaten with legal action & jail time to coerce the victim into paying the money.
Social Engineering Principles: If the victim believes the attacker, they will transfer the money. In the upcoming slides we'll be discussing how other social engineering principles compliment this attack, to make it more successful.
Social Engineering Principles: -> Social Proof It's also known as consensus. They try to use the names of people you know or private data to come up with a believable story to convince you to justify carrying out their request. Based on the previous example, the attacker might use leaked tax ID number as social proof to present themselves as a more legitimate entity.
Social Engineering Principles: -> Urgency If the person doing the social engineering can inject some type of urgency, then they can make things move even faster. This needs to happen quickly. Don’t even think about it. Just provide this information right now so that we can solve this problem.
Social Engineering Principles: -> Urgency They create the need to act urgently, to defuse a ticking time bomb by acting now. They force the panicked victim to comply immediately or face severe consequences for not complying. They use this to prevent the target from acting in a rational manner.
Social Engineering Principles: -> Scarcity Social engineers also like to have a clock that’s ticking. There needs to be scarcity. This particular situation is only going to be this way for a certain amount of time, we have to be able to resolve this issue before this timer expires.
Social Engineering Principles: -> Scarcity The attackers might call the unsuspecting victim & tell the victim that they're from a finance company and as part of their marketing campaign, they claim that the target won a lucky draw and that they're eligible for a 80% discount on a car of their choosing.
However attackers claim that offer wont last long & there are many eager customers on the line. As a solution to this problem, to confirm the purchase, the attacker asks to pay a 10 % token amount in advance & assures that they'll be sent a receipt. If the victim believes this is real, they will lose their money. Social Engineering Principles: -> Scarcity
Social Engineering Principles: -> Familiarity Another technique that they use is one of familiarity. They become your friend. They talk about things that you like, and by doing that, they make the target feel like the attacker can be trusted. They use this trust to make the victim do things for them. Honey Trap attacks work on this principle.
Types of Social Engineering Attacks Based on the principles we discussed, the attacker tries to incorporate them into their preferred type of social engineering attacks . We'll be what are the different types of social enginnering attacks in the upcoming slides.
Types of Social Engineering Attacks Phishing Phishing is one of the most popular Social Engineering Attacks. The attacker sends a fake email to steal from victims. Spear-phishing is a targeted attack where criminals disguise themselves as legitimate sources to convince specific victims to give up confidential info or steal money. Spear Phishing
The credential harvester attack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain usernames and passwords from the system. In this attack vector, a website will be cloned, and when the victim enters the user credentials, the usernames and passwords will be posted back to your machine and then the victim will be redirected back to the legitimate site.
Baiting Baiting is one the most common and simplest social engineering attacks. IT is similar to phishing attacks, baiting uses false promises to lure unsuspecting victims to give up sensitive info or download malicious files. Examples of this include : Free video game downloads redirecting victims to download malicious files
DNS Spoofing DNS spoofing, also known as DNS cache poisoning is an attack where the attacker uses a fake website and redirects to this fake website to steal data. The victim believes he's accessing the legitimate site and proceeds to reveal credentials, which'll be captured by the attacker.
Honey Trap It's a social engineering attack that uses sexual relationships to lure victim into divulging critical information.
Tailgating Tailgating is a physical security breach where an attacker follows an authorized person into a restricted area. Piggy Backing In this scenario attacker comes up with a convincing story to let the employee/victim gain access to restricted area. the attacker might claim he/she/they works there, and forgot ID at home and are late for meeting inorder to convince the employee to use keycard to let attacker into premises
Shoulder Surfing The attacker stays close to you & tries to observe you while typing a password or a PIN. Lunch time attacks Attacker phsycially gains access to an unsecured device when employee is on a break.
Pretexting/ Impersonation In Pretetexting, Cyber criminals impersonate someone else and come up with convincing scenarios to manipulate the victim into giving up sensitive information , transfer money or grant access to private networks.
Sources : https://www.professormesser.com/security-plus/sy0- 501/principles-of-social-engineering/ https://medium.com/@kaviru.mihisara/credential-harvester- attack-73335c4a5bb8

More Related Content

PDF
02 Intro to Social Engg understanding society
by2961rabbit
 
PDF
- Social Engineering Unit- II Part- I.pdf
byRamya Nellutla
 
PPTX
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
byPace IT at Edmonds Community College
 
PPTX
Social Engineering Attacks How Hackers Exploit Human Psychology.pptx
byxploreitcorp
 
PPTX
Social engineering
byVîñàý Pãtêl
 
PDF
What is social engineering.pdf
byuzair
 
PPTX
Social Engineering,social engeineering techniques,social engineering protecti...
byABHAY PATHAK
 
PDF
Types-of-Social-Engineering-Attacks.pdf in
byrg3935
 
02 Intro to Social Engg understanding society
by2961rabbit
 
- Social Engineering Unit- II Part- I.pdf
byRamya Nellutla
 
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
byPace IT at Edmonds Community College
 
Social Engineering Attacks How Hackers Exploit Human Psychology.pptx
byxploreitcorp
 
Social engineering
byVîñàý Pãtêl
 
What is social engineering.pdf
byuzair
 
Social Engineering,social engeineering techniques,social engineering protecti...
byABHAY PATHAK
 
Types-of-Social-Engineering-Attacks.pdf in
byrg3935
 

Similar to Social Engineering Attacks & Principles

PPTX
Software Engineering Awareness by Barham.pptx
byImammalikiBarham
 
PPTX
Social Engineering
byMuhanned Alaqili
 
PPTX
Social engineering
byn|u - The Open Security Community
 
PPTX
Social Enginesssssssssssssssssssssssssss
byah2233015
 
PPSX
Social Engineering - Are You Protecting Your Data Enough?
byJamRivera1
 
PDF
What is Social Engineering
byStealth Security
 
PDF
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
byShah Sheikh
 
PDF
Social Engineering Techniques - The Dark Arts
byn|u - The Open Security Community
 
PDF
Social engineering by-rakesh-nagekar
byRaghunath G
 
PPTX
Social Engineering By Rakesh Nagekar
bynforceit
 
PPTX
Social Engineering
byManish Chauhan
 
PDF
Social Engineering, or hacking people
byTudor Damian
 
PPTX
Social engineering: A Human Hacking Framework
byJahangirnagar University
 
PPT
Social engineering
byNicholas Davis
 
PPT
Social Engineering
byNicholas Davis
 
DOCX
ITE516 A3
byJon Newson
 
PDF
Airport IT&T 2013 John McCarthy
byRussell Publishing
 
PPTX
Social Engineering
byprimeteacher32
 
PPTX
Social engineering
byHHSome
 
PPTX
btNOG 9 Keynote Speech on Evolution of Social Engineering
byAPNIC
 
Software Engineering Awareness by Barham.pptx
byImammalikiBarham
 
Social Engineering
byMuhanned Alaqili
 
Social engineering
byn|u - The Open Security Community
 
Social Enginesssssssssssssssssssssssssss
byah2233015
 
Social Engineering - Are You Protecting Your Data Enough?
byJamRivera1
 
What is Social Engineering
byStealth Security
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
byShah Sheikh
 
Social Engineering Techniques - The Dark Arts
byn|u - The Open Security Community
 
Social engineering by-rakesh-nagekar
byRaghunath G
 
Social Engineering By Rakesh Nagekar
bynforceit
 
Social Engineering
byManish Chauhan
 
Social Engineering, or hacking people
byTudor Damian
 
Social engineering: A Human Hacking Framework
byJahangirnagar University
 
Social engineering
byNicholas Davis
 
Social Engineering
byNicholas Davis
 
ITE516 A3
byJon Newson
 
Airport IT&T 2013 John McCarthy
byRussell Publishing
 
Social Engineering
byprimeteacher32
 
Social engineering
byHHSome
 
btNOG 9 Keynote Speech on Evolution of Social Engineering
byAPNIC
 

More from LearningwithRayYT

PDF
Types of Threat Actors and Attack Vectors
byLearningwithRayYT
 
PDF
Contrast & Compare & Contrast Information Security Roles
byLearningwithRayYT
 
PDF
Compare and Contrast Security Controls and Framework Types
byLearningwithRayYT
 
PDF
Identity Management Controls.pdf
byLearningwithRayYT
 
PDF
Security concerns regarding Vulnerabilities
byLearningwithRayYT
 
PDF
Commands used in Assessing Network layout & Security
byLearningwithRayYT
 
PDF
Implementing Account Policies & Authorization Solutions
byLearningwithRayYT
 
PDF
Vulnerability Scanning Techniques and Vulnerability scores & exposures
byLearningwithRayYT
 
PDF
Threat Intelligence & Threat research Sources
byLearningwithRayYT
 
PDF
Application Attacks & Application Layer Attacks
byLearningwithRayYT
 
PDF
Malware and Types of malwares.pdf
byLearningwithRayYT
 
Types of Threat Actors and Attack Vectors
byLearningwithRayYT
 
Contrast & Compare & Contrast Information Security Roles
byLearningwithRayYT
 
Compare and Contrast Security Controls and Framework Types
byLearningwithRayYT
 
Identity Management Controls.pdf
byLearningwithRayYT
 
Security concerns regarding Vulnerabilities
byLearningwithRayYT
 
Commands used in Assessing Network layout & Security
byLearningwithRayYT
 
Implementing Account Policies & Authorization Solutions
byLearningwithRayYT
 
Vulnerability Scanning Techniques and Vulnerability scores & exposures
byLearningwithRayYT
 
Threat Intelligence & Threat research Sources
byLearningwithRayYT
 
Application Attacks & Application Layer Attacks
byLearningwithRayYT
 
Malware and Types of malwares.pdf
byLearningwithRayYT
 

Recently uploaded

PPTX
Introduction to Software Development and Modern Practices
byM Munim
 
PDF
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 
PDF
Princeton 2026: Tools That Help You
 Write Better Code
byHenry Schreiner
 
PDF
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
PDF
Problem Solving_20241203_220045_0000.pdf
bythakurayush00991
 
PDF
Princeton RSE: Python Histograms as objects
byHenry Schreiner
 
PDF
Salesforce Data Migration Services.pdf
byRobert Mark
 
PPTX
Performance Engineering: New and Conflicting Trends
byAlexander Podelko
 
PDF
Enterprise Software’s Role in Data-Driven Decisions
byShiv Technolabs Pvt. Ltd.
 
PDF
Shaping Your 2026 Testing Strategy | Applitools Product Pulse - January 2026
byApplitools
 
PPTX
Feasibility Analysis in System Development Using Data Flow Diagrams
byM Munim
 
PPTX
Orion Context Broker introduction 20260114
byFermin Galan
 
PDF
How Fireworks AI Achieves 1TB_s+ Throughput for Model Deployment Across Multi...
byAlluxio, Inc.
 
PDF
Cloud Automotive Software: Cost, Speed & Scalability
byShiv Technolabs Pvt. Ltd.
 
PDF
our environment ppt made by many people name rarang yadav
byrarang180
 
PDF
Software Development Life Cycle (SDLC).pdf
byflutterlyuser
 
PDF
Princeton RSE: What's new in Python π (3.14)
byHenry Schreiner
 
PDF
Healthcare Mobile App Development: Features & Benefits
byjoealwyn38
 
PPTX
NetworkMediaWireless (1).pptxunsnsndjdjdjjdnd
byre7022
 
PDF
Incident Management Roles & Responsibilities.pdf
byTaskCall
 
Introduction to Software Development and Modern Practices
byM Munim
 
Cybernetic Global Intelligence Securing Businesses in a Digital-First World.pdf
byCybernetic Global Intelligence
 
Princeton 2026: Tools That Help You
 Write Better Code
byHenry Schreiner
 
Hack&Verse Kick-off and infor session Event ppt
bysanidhyasahu1120
 
Problem Solving_20241203_220045_0000.pdf
bythakurayush00991
 
Princeton RSE: Python Histograms as objects
byHenry Schreiner
 
Salesforce Data Migration Services.pdf
byRobert Mark
 
Performance Engineering: New and Conflicting Trends
byAlexander Podelko
 
Enterprise Software’s Role in Data-Driven Decisions
byShiv Technolabs Pvt. Ltd.
 
Shaping Your 2026 Testing Strategy | Applitools Product Pulse - January 2026
byApplitools
 
Feasibility Analysis in System Development Using Data Flow Diagrams
byM Munim
 
Orion Context Broker introduction 20260114
byFermin Galan
 
How Fireworks AI Achieves 1TB_s+ Throughput for Model Deployment Across Multi...
byAlluxio, Inc.
 
Cloud Automotive Software: Cost, Speed & Scalability
byShiv Technolabs Pvt. Ltd.
 
our environment ppt made by many people name rarang yadav
byrarang180
 
Software Development Life Cycle (SDLC).pdf
byflutterlyuser
 
Princeton RSE: What's new in Python π (3.14)
byHenry Schreiner
 
Healthcare Mobile App Development: Features & Benefits
byjoealwyn38
 
NetworkMediaWireless (1).pptxunsnsndjdjdjjdnd
byre7022
 
Incident Management Roles & Responsibilities.pdf
byTaskCall
 

Social Engineering Attacks & Principles

  • 1.
    Friendly Tip: Pleasetake notes to better remember concepts In the following slides we will learn what Social Engineering Attacks are & the Principles used to carry out such attacks Core Cyber Security Concepts
  • 2.
    Social Engineering Attacks: " It's the Art of manipulating people, to give up confidential information/resources "
  • 3.
    Such attacks area very low tech form of a security attack. In fact, it doesn’t necessarily require tech expertise at all. It involves attacker or a group of attackers and the target organization/victim. The attackers try to manipulate the target & gain access to sensitive information or resources using social engineering techniques. Social Engineering Attacks :
  • 4.
    Social engineering mayinvolve one or more persons trying to gain access to sensitive information, In groups The attackers work together try to create a situation to manipulate the target into giving up info such as credentials or resources such as money. Social Engineering Attacks : They’re all coordinating their efforts and hoping that you’ll lower your guard and grant them access to anything that they might need. Social Engineering Attacks rely on Deceit & manipulation.
  • 5.
    There are anumber of principles associated with social engineering attacks. When these principles are combined and used effectively, the social engineering attacks have a higher chance of success. Social Engineering Principles:
  • 6.
    Social Engineering Principles: We'llstart with 'Authority'. Humans tend to cooperate and listen to authority figures and attackers who use social engineer often rely on this principle. -> Authority The attacker contacts the unsuspecting victim claim that they're from the tax department and states that the target owes taxes, the attacker continues to state that evading tax is a criminal offense and threatens the target with jail time.
  • 7.
    By pretending tobe an authority figure, the attacker tries to scare the victim, to put pressure on the victim and cause panic. Panicked individuals don't think straight & the attacker uses this to their advantage. When the victim is unable to think straight, The attacker presents a " Solution " Social Engineering Principles: -> Authority
  • 8.
    Social Engineering Principles: ->Authority The attacker claims that the victim looks like they made a honest mistake and assures that they'll take care of the "issue" but only if the victim immediately clears the "dues" If the victim isn't compliant, they'll threaten with legal action & jail time to coerce the victim into paying the money.
  • 9.
    Social Engineering Principles: Ifthe victim believes the attacker, they will transfer the money. In the upcoming slides we'll be discussing how other social engineering principles compliment this attack, to make it more successful.
  • 10.
    Social Engineering Principles: ->Social Proof It's also known as consensus. They try to use the names of people you know or private data to come up with a believable story to convince you to justify carrying out their request. Based on the previous example, the attacker might use leaked tax ID number as social proof to present themselves as a more legitimate entity.
  • 11.
    Social Engineering Principles: ->Urgency If the person doing the social engineering can inject some type of urgency, then they can make things move even faster. This needs to happen quickly. Don’t even think about it. Just provide this information right now so that we can solve this problem.
  • 12.
    Social Engineering Principles: ->Urgency They create the need to act urgently, to defuse a ticking time bomb by acting now. They force the panicked victim to comply immediately or face severe consequences for not complying. They use this to prevent the target from acting in a rational manner.
  • 13.
    Social Engineering Principles: ->Scarcity Social engineers also like to have a clock that’s ticking. There needs to be scarcity. This particular situation is only going to be this way for a certain amount of time, we have to be able to resolve this issue before this timer expires.
  • 14.
    Social Engineering Principles: ->Scarcity The attackers might call the unsuspecting victim & tell the victim that they're from a finance company and as part of their marketing campaign, they claim that the target won a lucky draw and that they're eligible for a 80% discount on a car of their choosing.
  • 15.
    However attackers claimthat offer wont last long & there are many eager customers on the line. As a solution to this problem, to confirm the purchase, the attacker asks to pay a 10 % token amount in advance & assures that they'll be sent a receipt. If the victim believes this is real, they will lose their money. Social Engineering Principles: -> Scarcity
  • 16.
    Social Engineering Principles: ->Familiarity Another technique that they use is one of familiarity. They become your friend. They talk about things that you like, and by doing that, they make the target feel like the attacker can be trusted. They use this trust to make the victim do things for them. Honey Trap attacks work on this principle.
  • 17.
    Types of SocialEngineering Attacks Based on the principles we discussed, the attacker tries to incorporate them into their preferred type of social engineering attacks . We'll be what are the different types of social enginnering attacks in the upcoming slides.
  • 18.
    Types of SocialEngineering Attacks Phishing Phishing is one of the most popular Social Engineering Attacks. The attacker sends a fake email to steal from victims. Spear-phishing is a targeted attack where criminals disguise themselves as legitimate sources to convince specific victims to give up confidential info or steal money. Spear Phishing
  • 19.
    The credential harvesterattack method is used when you don’t want to specifically get a shell but perform phishing attacks in order to obtain usernames and passwords from the system. In this attack vector, a website will be cloned, and when the victim enters the user credentials, the usernames and passwords will be posted back to your machine and then the victim will be redirected back to the legitimate site.
  • 20.
    Baiting Baiting is onethe most common and simplest social engineering attacks. IT is similar to phishing attacks, baiting uses false promises to lure unsuspecting victims to give up sensitive info or download malicious files. Examples of this include : Free video game downloads redirecting victims to download malicious files
  • 21.
    DNS Spoofing DNS spoofing,also known as DNS cache poisoning is an attack where the attacker uses a fake website and redirects to this fake website to steal data. The victim believes he's accessing the legitimate site and proceeds to reveal credentials, which'll be captured by the attacker.
  • 22.
    Honey Trap It's asocial engineering attack that uses sexual relationships to lure victim into divulging critical information.
  • 23.
    Tailgating Tailgating is aphysical security breach where an attacker follows an authorized person into a restricted area. Piggy Backing In this scenario attacker comes up with a convincing story to let the employee/victim gain access to restricted area. the attacker might claim he/she/they works there, and forgot ID at home and are late for meeting inorder to convince the employee to use keycard to let attacker into premises
  • 24.
    Shoulder Surfing The attackerstays close to you & tries to observe you while typing a password or a PIN. Lunch time attacks Attacker phsycially gains access to an unsecured device when employee is on a break.
  • 25.
    Pretexting/ Impersonation In Pretetexting,Cyber criminals impersonate someone else and come up with convincing scenarios to manipulate the victim into giving up sensitive information , transfer money or grant access to private networks.
  • 26.