SlideShare a Scribd company logo

Social engineering

Download as PPTX, PDF
Alexander Zhuravlev
Alexander Zhuravlev

Social engineering is the use of deception to manipulate people into divulging confidential information. It relies on human tendencies to trust others and takes advantage of "the weak link" in security - users. There are two categories of social engineering attacks: technology-based approaches that deceive users into thinking they are interacting with real systems, and non-technical approaches using deception alone. Common tactics include phishing emails, phone calls (vishing), pretending to be technical support, and observing users (shoulder surfing). Organizations can help prevent social engineering by having security policies, training employees, and monitoring compliance.

1 of 12
Social Engineering “Amateurs hack computers Professionals hack people” Alexander Zhuravlev MSLU 2010
Contenst Security issues today What is social engineering? Why social engineering? Categories of social engineering How to safeguard against social engineering? Conclusion
Security issues today Security has never been as important as it is today. The essential need for information security is not only apparent in every country and organization, but also for the individual. Consequently, victims of these crimes can be left with debt, bad credit, higher interest rates, and possibly criminal charges against them until they are able to prove themselves innocent.As a result, it could take years or even a lifetime, to recover from these wrongdoings. According to a survey released on May 15, 2008 by the United States Department of Justice “An estimated 3.6 million--or 3.1 percent-of American households became victims of identity theft in 2007
What is social engineering? Social Engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or a simple fraud, the term typically applies to trickery for information gathering or computer system access. In most of the cases the attacker never comes face-to-face with the victims and the latter seldom realize that they have been manipulated. They prey on human behavior, such as the desire to be helpful, the attitude to trust people and the fear of getting in trouble. The sign of truly successful social engineers is that they receive the information without any suspicion. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that “users are the weak link” in security and this principle is what makes social engineering possible.
Why social engineering? Social Engineering uses human error or weakness to gain access to any system despite the layers of defensive security controls that may have been implemented. A hacker may have to invest a lot of time & effort in breaking an access control system, but he or she will find it much easier in persuading a person to allow admittance to a secure area or even to disclose confidential information. Despite the automation of machines and networks today, there is no computer system in the world that is not dependent on human operators at one point in time or another.
Behaviors Vulnerable to Social Engineering Attacks Social Engineering has always been prevailing in some form or the other; primarily because of the some very natural facets of human behavior. A social engineer exploits these behavior patterns to drive the target towards becoming a victim in the attack. Common human behaviors that are exploited by social engineers are shown in the image provided. Exploitation of human behavior
Categories of Social Engineering There are two main categories under which all social engineering attempts could be classified : ,[object Object]
Attacks based on non-technical approach are perpetrated purely through deception; i.e. by taking advantage of the victim's human behavior weaknesses (as described earlier). For instance, the user gets a popup window, informing him that the computer application has a problem, and the user will need to re-authenticate in order to proceed. Once the user provides his ID and password on that pop up window, the damage is done. For instance, the attacker impersonates a person having a big authority; places a call to the help desk, and pretends to be a senior Manager, and says that he / she has forgotten his password and needs to get it reset right away.
[object Object],This term applies to an email appearing to have come from a legitimate business, a bank, or credit card company requesting "verification" of information and warning of some dire consequences if it is not done. ,[object Object],It is the practice of leveraging Voice over Internet Protocol (VoIP) technology to trick private personal and financial information from the public for the purpose of financial reward. This term is a combination of "voice" and phishing. Vishing exploits the public's trust in landline telephone services. ,[object Object],E-mails that offer friendships, diversion, gifts and various free pictures and information take advantage of the anonymity and camaraderie of the Internet to plant malicious code. ,[object Object],The attacker's rogue program generates a pop up window, saying that the application connectivity was dropped due to network problems, and now the user needs to reenter his id and password to continue with his session. ,[object Object],In this case the victim is convinced to download and install a very useful program or application which might be 'window dressed' .
Non – Technical Approach Pretexting / Impersonation This is the act of creating and using an invented scenario (the pretext) to persuade a target to release information. It's more than a simple lie as it most often involves some prior research or set up and makes use of pieces of known information (e.g. date of birth, mother's maiden name, billing address etc.) to establish legitimacy in the mind. Dumpster Diving If the junk mail contains personal identification information, a 'dumpster diver' can use it in carrying out an identity theft.A hacker can retrieve confidential Information from the hard disk of a computer as there are numerous ways to retrieve information from disks, even if the user thinks the data has been 'deleted' from the disk. Spying and Eavesdropping A clever spy can determine the id and password by observing a user typing it in (Shoulder Surfing). All that needs to be done is to be there behind the user and be able to see his fingers on the keyboard. Acting as a Technical Expert This is the case where an intruder pretends to be a support technician working on a network problem requests the user to let him access the workstation and 'fix' the problem. Support Staff Here a hacker may pose as a member of a facility support staff and do the trick. A man dressed like the cleaning crew, walks into the work area, carrying cleaning equipment. In the process of appearing to clean your desk area, he can snoop around and get valuable information - such as passwords, or a confidential file that you have forgotten to lock up.
How to safeguard from social engineering? Well Documented Security Policy - associated standards and guidelines form the foundation of a good security strategy. ,[object Object]
Information classification and handling - for identifying critical information assets

Recommended

Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
n|u - The Open Security Community
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 

Recommended

Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
n|u - The Open Security Community
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
Praetorian
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
LearningwithRayYT
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineering
Prem Lamsal
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
ADGP, Public Grivences, Bangalore
 
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen CatheySocial Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
nwrecruit
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
Chris Hammond-Thrasher
 

More Related Content

What's hot

Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
Praetorian
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
LearningwithRayYT
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineering
Prem Lamsal
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
Institute of Information Security (IIS)
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
OWASP Foundation
 

What's hot (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Social engineering
Social engineering Social engineering
Social engineering
 
Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Ethical hacking
Ethical hacking Ethical hacking
Ethical hacking
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 

Viewers also liked

Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen CatheySocial Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
nwrecruit
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
Chris Hammond-Thrasher
 
social engineering
social engineering social engineering
social engineering
Ravi Patel
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
Ahmed Musaad
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking people
Tudor Damian
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
Rob Ragan
 
Social Engineering
Social Engineering Social Engineering
Social Engineering
Mirna Hanna
 
Customer Human Engineering jmg
Customer Human Engineering jmgCustomer Human Engineering jmg
Customer Human Engineering jmg
Jose Garcia
 
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...Eternal Power Foundation
 

Viewers also liked (11)

Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen CatheySocial Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
social engineering
social engineering social engineering
social engineering
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking people
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
Social Engineering
Social Engineering Social Engineering
Social Engineering
 
Customer Human Engineering jmg
Customer Human Engineering jmgCustomer Human Engineering jmg
Customer Human Engineering jmg
 
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...
 
Cos 432 web_security
Cos 432 web_securityCos 432 web_security
Cos 432 web_security
 
Web security
Web securityWeb security
Web security
 

Similar to Social engineering

Mobile security
Mobile securityMobile security
Mobile security
Tapan Khilar
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
Tapan Khilar
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docx
GogoOmolloFrancis
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptx
Tapan Khilar
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT World
Akshay Mittal
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ncell
 
Amir bouker
Amir bouker Amir bouker
Amir bouker
Amir Bouker
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundo
hdbundo
 
Social engineering
Social engineeringSocial engineering
Social engineeringBola Oduyale
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
AbhishekDas794104
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdf
srtwgwfwwgw
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf Security
Aardwolf Security
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information Security
Simoun Ung
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
Accenture
 
cyber terrorism
cyber terrorism cyber terrorism
cyber terrorism
Accenture
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
CRO Cyber Rights Organization
 
Stay safe online- understanding authentication methods
Stay safe online- understanding authentication methodsStay safe online- understanding authentication methods
Stay safe online- understanding authentication methods
deorwine infotech
 

Similar to Social engineering (20)

Mobile security
Mobile securityMobile security
Mobile security
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docx
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptx
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT World
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Amir bouker
Amir bouker Amir bouker
Amir bouker
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
Cyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David BundoCyber Security Matters a book by Hama David Bundo
Cyber Security Matters a book by Hama David Bundo
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdf
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf Security
 
The Evolving Landscape on Information Security
The Evolving Landscape on Information SecurityThe Evolving Landscape on Information Security
The Evolving Landscape on Information Security
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
cyber terrorism
cyber terrorism cyber terrorism
cyber terrorism
 
Cybersecurity awareness.pdf
Cybersecurity awareness.pdfCybersecurity awareness.pdf
Cybersecurity awareness.pdf
 
Stay safe online- understanding authentication methods
Stay safe online- understanding authentication methodsStay safe online- understanding authentication methods
Stay safe online- understanding authentication methods
 

More from Alexander Zhuravlev

Technical means of data protection технические средства зашиты информации
Technical means of data protection технические средства зашиты информацииTechnical means of data protection технические средства зашиты информации
Technical means of data protection технические средства зашиты информацииAlexander Zhuravlev
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
Alexander Zhuravlev
 
The Medal Of Honor
The Medal Of HonorThe Medal Of Honor
The Medal Of Honor
Alexander Zhuravlev
 
US Constitution
US ConstitutionUS Constitution
US Constitution
Alexander Zhuravlev
 
Privacy and Electronic Communications (EC Directive) Regulations 2003
Privacy and Electronic Communications (EC Directive) Regulations 2003Privacy and Electronic Communications (EC Directive) Regulations 2003
Privacy and Electronic Communications (EC Directive) Regulations 2003
Alexander Zhuravlev
 

More from Alexander Zhuravlev (8)

Hessen
HessenHessen
Hessen
 
Intellectual property
Intellectual property Intellectual property
Intellectual property
 
Technical means of data protection технические средства зашиты информации
Technical means of data protection технические средства зашиты информацииTechnical means of data protection технические средства зашиты информации
Technical means of data protection технические средства зашиты информации
 
Mistral мистраль
Mistral мистральMistral мистраль
Mistral мистраль
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer Crime
 
The Medal Of Honor
The Medal Of HonorThe Medal Of Honor
The Medal Of Honor
 
US Constitution
US ConstitutionUS Constitution
US Constitution
 
Privacy and Electronic Communications (EC Directive) Regulations 2003
Privacy and Electronic Communications (EC Directive) Regulations 2003Privacy and Electronic Communications (EC Directive) Regulations 2003
Privacy and Electronic Communications (EC Directive) Regulations 2003
 

Social engineering

  • 1. Social Engineering “Amateurs hack computers Professionals hack people” Alexander Zhuravlev MSLU 2010
  • 2. Contenst Security issues today What is social engineering? Why social engineering? Categories of social engineering How to safeguard against social engineering? Conclusion
  • 3. Security issues today Security has never been as important as it is today. The essential need for information security is not only apparent in every country and organization, but also for the individual. Consequently, victims of these crimes can be left with debt, bad credit, higher interest rates, and possibly criminal charges against them until they are able to prove themselves innocent.As a result, it could take years or even a lifetime, to recover from these wrongdoings. According to a survey released on May 15, 2008 by the United States Department of Justice “An estimated 3.6 million--or 3.1 percent-of American households became victims of identity theft in 2007
  • 4. What is social engineering? Social Engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or a simple fraud, the term typically applies to trickery for information gathering or computer system access. In most of the cases the attacker never comes face-to-face with the victims and the latter seldom realize that they have been manipulated. They prey on human behavior, such as the desire to be helpful, the attitude to trust people and the fear of getting in trouble. The sign of truly successful social engineers is that they receive the information without any suspicion. By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes. It is generally agreed upon that “users are the weak link” in security and this principle is what makes social engineering possible.
  • 5. Why social engineering? Social Engineering uses human error or weakness to gain access to any system despite the layers of defensive security controls that may have been implemented. A hacker may have to invest a lot of time & effort in breaking an access control system, but he or she will find it much easier in persuading a person to allow admittance to a secure area or even to disclose confidential information. Despite the automation of machines and networks today, there is no computer system in the world that is not dependent on human operators at one point in time or another.
  • 6. Behaviors Vulnerable to Social Engineering Attacks Social Engineering has always been prevailing in some form or the other; primarily because of the some very natural facets of human behavior. A social engineer exploits these behavior patterns to drive the target towards becoming a victim in the attack. Common human behaviors that are exploited by social engineers are shown in the image provided. Exploitation of human behavior
  • 7.
  • 8. Attacks based on non-technical approach are perpetrated purely through deception; i.e. by taking advantage of the victim's human behavior weaknesses (as described earlier). For instance, the user gets a popup window, informing him that the computer application has a problem, and the user will need to re-authenticate in order to proceed. Once the user provides his ID and password on that pop up window, the damage is done. For instance, the attacker impersonates a person having a big authority; places a call to the help desk, and pretends to be a senior Manager, and says that he / she has forgotten his password and needs to get it reset right away.
  • 9.
  • 10. Non – Technical Approach Pretexting / Impersonation This is the act of creating and using an invented scenario (the pretext) to persuade a target to release information. It's more than a simple lie as it most often involves some prior research or set up and makes use of pieces of known information (e.g. date of birth, mother's maiden name, billing address etc.) to establish legitimacy in the mind. Dumpster Diving If the junk mail contains personal identification information, a 'dumpster diver' can use it in carrying out an identity theft.A hacker can retrieve confidential Information from the hard disk of a computer as there are numerous ways to retrieve information from disks, even if the user thinks the data has been 'deleted' from the disk. Spying and Eavesdropping A clever spy can determine the id and password by observing a user typing it in (Shoulder Surfing). All that needs to be done is to be there behind the user and be able to see his fingers on the keyboard. Acting as a Technical Expert This is the case where an intruder pretends to be a support technician working on a network problem requests the user to let him access the workstation and 'fix' the problem. Support Staff Here a hacker may pose as a member of a facility support staff and do the trick. A man dressed like the cleaning crew, walks into the work area, carrying cleaning equipment. In the process of appearing to clean your desk area, he can snoop around and get valuable information - such as passwords, or a confidential file that you have forgotten to lock up.
  • 11.
  • 12. Information classification and handling - for identifying critical information assets
  • 13. Personnel security - screening prospective employees, contractors to ensure that they do not pose a security threat to the organization, if employed
  • 14. Physical security - to secure the facility from unauthorized physical access with the help of sign in procedures
  • 15. Information access control - password usage and guidelines for generating secure passwords
  • 16. Protection from viruses - to secure the systems and information from viruses and similar threats
  • 17. Information security awareness training - to ensure that employees are kept informed of threats
  • 18.
  • 19. Thank you for attention Alexander Zhuravlev MSLU 2010