SlideShare a Scribd company logo

Social Engineering,social engeineering techniques,social engineering protection techniques,

Download as PPTX, PDF
A
ABHAY PATHAK

Social Engineering,social engineering techniques,social engineering protection techniques,stages of social engineering ,effect on organizations

Engineering
1 of 27
SOCIAL ENGINEERING A HACKING OF HUMEN’S MIND ABHAY PATHAK • The term “Social Engineering” is an act of the psychological manipulation of human’s mind.this is also connected with thw Social Science. But the Social Engineering techniques has caugh-on among computers and information security professional
The major attack vector :-Social Engineering ABHAY PATHAK
SOCIAL ENGINEERING A HACKING OF HUMEN’S MIND ABHAY PATHAK There is no security mechanism that can stop attackers from performing social engineering, Other than educating Victims about social engineering tricks and warning about its threats.
SOCIAL ENGINEERING A HACKING OF HUMEN’S MIND ABHAY PATHAK Social Engineering is the art of manipulate people to reveal confidential information including Username and password. Victim are unaware of their Valuable information and careless to protect it. Social engineering depends on trust. Attacker can easily breach the security of an organization using social engineering tricks.
WHAT IS SOCIAL ENGINEERING? ABHAY PATHAK Social Engineering is the art of manipulate people to reveal confidential information including Username and password. Victim are unaware of their Valuable information and careless to protect it. Social engineering depends on trust. Attacker can easily breach the security of an organization using social engineering tricks.
CAUSE OF SOCIAL ENGINEERING? ABHAY PATHAK Human nature of trust itself becomes the main basis for theses social engineering attacks. Sometimes social engineering performed by threatening targets. Ignorance of social engineering makes the organization an easy target. Sometimes Attacker are promising victims various kinds of things like cash or other benefits.
MAIN FACTORS FOR SOCIAL ENGINEERING? ABHAY PATHAK INSUFFICIENT SECURITY TRAINING EASY ACCESS OF INFORMATION SEVERAL ORGANIZATIONAL UNITS LACK OF SECURITY POLICIES
WHY IS SOCIAL ENGINEERING? ABHAY PATHAK Security policies are as strong as their weakest link, and human are the most susceptible factor. It is difficult to detect social engineering attempts. There is no methods to ensure complete security. There is no specific software or hardware for defending.
STEPS ARE USED BY ATTACKER TO PERFORM SOCIAL ENGINEERING ABHAY PATHAK Research on Target Company: Dumpster diving, websites, employees, tour company etc. Select Victim: Identify the frustrated employees of the target company. Develop Relationship: Develop relationship with the selected employees. Exploit the Relationship: Collect sensitive account infomation, financial information, and current technologies
TYPES OF SOCIAL ENGINEERING? ABHAY PATHAK Human-based Social Engineering • Gather sensitive information by interaction • Attacks of this category exploit trust, fear, and helping nature of humans Computer-based Social Engineering Social engineering is carried out with the help of computer Phishing, Fake emails, Pop-Up Windows attacks Mobile-based Social Engineering It is carried out with the help of mobile applications Publishing malicious apps, Repackaging legitimate apps, Fake Security apps, SMS
HUMAN-BASED SOCIAL ENGINEERING? ABHAY PATHAK Posing as a legitimate end user "Hi! This is Alice, from department X, I have forgotten my password. Can I get it?” Posing as an important user "Hi, This is john, CEO Secretary. I am working on an urgent project and lost my system password. Can you help me out?" Posing as a technical support "Sir, This is Jessica, Technical support, X company. Last night we had a system crash here, and we are checking for the lost data. Can you give me your ID and password?"
HUMAN-BASED SOCIAL ENGINEERING ABHAY PATHAK Eavesdropping • Eavesdropping or unauthorized listening of conversation or reading a messages • Interception of any form such as audio, video, or written. • It can also be done using communication channels such as telephone lines, emails, Instant messaging etc. Shoulder Surfing • It uses direct observation techniques such as looking over someone's shoulder to get information such as passwords, PIN's, Account numbers. etc. • It can be done from a longer distance by using enhancing devices such as zoom in camera
HUMAN-BASED SOCIAL ENGINEERING ABHAY PATHAK Dumpster Diving Dumpster diving is looking for treasure in someone else's trash. Phone Bills, Contact Information, Financial information, Operations Information, etc.
COMPUTER-BASED SOCIAL ENGINEERING ABHAY PATHAK Pop-Up Windows Windows that suddenly pop up while surfing the internet and ask for users information to login or sign-in Instant Messenger Gathering the information by chatting such as Date of Birth, contact no, maiden names, etc. Phishing Gathering the login credential by sending duplicate website Spam Email Irrelevant, unwanted, and unsolicited email to collect the financial information, PIN and network information
COMPUTER-BASED SOCIAL ENGINEERING POP-UP WINDOWS ABHAY PATHAK Pop-Ups windows trick to force users click on hyperlink and redirects then on fake web page full of malicious programs such key loggers, spyware, Trojan, virus, etc.
COMPUTER-BASED SOCIAL ENGINEERING PHISHING ABHAY PATHAK • An illegitimate email falsely claiming to be from a legitimate site attempts to steal user's personal information or login credential. • Phishing emails redirects you a phishing website and ask to submit personal information. DEMONSTRATION
ABHAY PATHAK
MOBILE-BASED SOCIAL ENGINEERING PUBLISHING MALICIOUS APPS ABHAY PATHAK • Attacker create fake malicious apps with attractive features and similar names of popular apps and publish them on app stores • Less knowledge victim download these apps and malwares in mobile, and attacker steal the sensitive information from mobile
MOBILE-BASED SOCIAL ENGINEERING FAKE SECURITY APPS ABHAY PATHAK • Attacker infects the victim's PC • The victim logs onto their bank accounts • Malware in PC pop-ups a message telling the victim to download an application onto their phone in order to receive security messages • Victim download the malicious application on his phone • Attacker can now access second authentication factor sent to the victim from the bank via SMS
ABHAY PATHAK
TOOL:NET Craft Anti Phishing Tool Bar ABHAY PATHAK
Behaviors Vulnerable to Attack Trust Human nature of trust is the basic of any Social Engineering Attack Ignorannce Ignore about Social Engineering and its effect among the workforce makes an organization is easy target Fear Social Engineers might threaten severe losses in case of non compliance with their request Greed Spocial Engineers lure the targets to divulge information by promising something nothing Moral Duty Targets asks for the help,and they comply out to sense of moral oblization ABHAY PATHAK
Impact on the Organization Economic Loss Damage of Goodwill Loss of Privacy Dangers of terrorism Lawsuits and Arbitrations Temporary and Permanent Closure ABHAY PATHAK
Countermeasures Training:- An efficient training program should consist of all security policies and methods to increase the awareness on Social Engineering. ABHAY PATHAK
Countermeasures Password Policies:- • Periodic password change • Avoiding guessable password • Account blocking after failed attempt • Make maximum length and complexity of password • Secrecy of password ABHAY PATHAK
Security Policies -Checklist Account Setup Password Change Policies Help Desk Procedure Access Privileges Employee Identification Privacy Policy Paper Documents Modems Physical Address Restrictions Virus Control ABHAY PATHAK
ABHAY PATHAK

Recommended

Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 

Recommended

Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
Santhosh Prabhu
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
n|u - The Open Security Community
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
ICT Frame Magazine Pvt. Ltd.
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
Divyank Jindal
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
LearningwithRayYT
 
Types of Hacker
Types of Hacker Types of Hacker
Types of Hacker
Mukund Kumar Bharti
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 
Mobile security
Mobile securityMobile security
Mobile security
Tapan Khilar
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Manish Chauhan
 

More Related Content

What's hot

Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
SysCloud
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
n|u - The Open Security Community
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
ICT Frame Magazine Pvt. Ltd.
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
Divyank Jindal
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
LearningwithRayYT
 
Types of Hacker
Types of Hacker Types of Hacker
Types of Hacker
Mukund Kumar Bharti
 
Phishing
PhishingPhishing
Phishing
anjalika sinha
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarRaghunath G
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
ControlScan, Inc.
 

What's hot (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Different Types of Phishing Attacks
Different Types of Phishing AttacksDifferent Types of Phishing Attacks
Different Types of Phishing Attacks
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Information Security and Ethical Hacking
Information Security and Ethical HackingInformation Security and Ethical Hacking
Information Security and Ethical Hacking
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
 
Types of Hacker
Types of Hacker Types of Hacker
Types of Hacker
 
Phishing
PhishingPhishing
Phishing
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
 
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScanHow to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
How to Spot and Combat a Phishing Attack - Cyber Security Webinar | ControlScan
 

Similar to Social Engineering,social engeineering techniques,social engineering protection techniques,

Mobile security
Mobile securityMobile security
Mobile security
Tapan Khilar
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Manish Chauhan
 
Amir bouker
Amir bouker Amir bouker
Amir bouker
Amir Bouker
 
pp.pptx
pp.pptxpp.pptx
pp.pptx
ThayalanOdniel1
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Richard Common
 
Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things
The Center for Identity
 
Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
MeshalALshammari12
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
Tzar Umang
 
unit 2.pptx
unit 2.pptxunit 2.pptx
unit 2.pptx
ThangamaniR3
 
What is social engineering.pdf
What is social engineering.pdfWhat is social engineering.pdf
What is social engineering.pdf
uzair
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptx
Tapan Khilar
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
Tapan Khilar
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
Jahangirnagar University
 
Social engineering
Social engineeringSocial engineering
Social engineering
n|u - The Open Security Community
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf Security
Aardwolf Security
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
Lokender Yadav
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Kushal Mondal
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
BarakaMuyengi
 
Smart Phone Security
Smart Phone SecuritySmart Phone Security
Smart Phone SecurityGuneet Pahwa
 

Similar to Social Engineering,social engeineering techniques,social engineering protection techniques, (20)

Mobile security
Mobile securityMobile security
Mobile security
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Amir bouker
Amir bouker Amir bouker
Amir bouker
 
pp.pptx
pp.pptxpp.pptx
pp.pptx
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest Link
 
Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things Center for Identity Webcast: The Internet of Things
Center for Identity Webcast: The Internet of Things
 
Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
unit 2.pptx
unit 2.pptxunit 2.pptx
unit 2.pptx
 
What is social engineering.pdf
What is social engineering.pdfWhat is social engineering.pdf
What is social engineering.pdf
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
mobile security.pptx
mobile security.pptxmobile security.pptx
mobile security.pptx
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Learn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf SecurityLearn About Social Engineering Services - Aardwolf Security
Learn About Social Engineering Services - Aardwolf Security
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptxCYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
CYBER SECURITY AND CYBER CRIME COMPLETE GUIDE.pLptx
 
Smart Phone Security
Smart Phone SecuritySmart Phone Security
Smart Phone Security
 

Recently uploaded

CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
karthi keyan
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
addressing modes in computer architecture
addressing modes in computer architectureaddressing modes in computer architecture
addressing modes in computer architecture
ShahidSultan24
 
Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
MuhammadTufail242431
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
Jayaprasanna4
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
Kamal Acharya
 
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSETECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
DuvanRamosGarzon1
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
seandesed
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
Robbie Edward Sayers
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
SamSarthak3
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
Jayaprasanna4
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
Osamah Alsalih
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
Pipe Restoration Solutions
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
ankuprajapati0525
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
gdsczhcet
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 

Recently uploaded (20)

CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
addressing modes in computer architecture
addressing modes in computer architectureaddressing modes in computer architecture
addressing modes in computer architecture
 
Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
 
ethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.pptethical hacking-mobile hacking methods.ppt
ethical hacking-mobile hacking methods.ppt
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
 
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSETECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdfAKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
AKS UNIVERSITY Satna Final Year Project By OM Hardaha.pdf
 
ethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.pptethical hacking in wireless-hacking1.ppt
ethical hacking in wireless-hacking1.ppt
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
 
The Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdfThe Benefits and Techniques of Trenchless Pipe Repair.pdf
The Benefits and Techniques of Trenchless Pipe Repair.pdf
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
 

Social Engineering,social engeineering techniques,social engineering protection techniques,

  • 1. SOCIAL ENGINEERING A HACKING OF HUMEN’S MIND ABHAY PATHAK • The term “Social Engineering” is an act of the psychological manipulation of human’s mind.this is also connected with thw Social Science. But the Social Engineering techniques has caugh-on among computers and information security professional
  • 2. The major attack vector :-Social Engineering ABHAY PATHAK
  • 3. SOCIAL ENGINEERING A HACKING OF HUMEN’S MIND ABHAY PATHAK There is no security mechanism that can stop attackers from performing social engineering, Other than educating Victims about social engineering tricks and warning about its threats.
  • 4. SOCIAL ENGINEERING A HACKING OF HUMEN’S MIND ABHAY PATHAK Social Engineering is the art of manipulate people to reveal confidential information including Username and password. Victim are unaware of their Valuable information and careless to protect it. Social engineering depends on trust. Attacker can easily breach the security of an organization using social engineering tricks.
  • 5. WHAT IS SOCIAL ENGINEERING? ABHAY PATHAK Social Engineering is the art of manipulate people to reveal confidential information including Username and password. Victim are unaware of their Valuable information and careless to protect it. Social engineering depends on trust. Attacker can easily breach the security of an organization using social engineering tricks.
  • 6. CAUSE OF SOCIAL ENGINEERING? ABHAY PATHAK Human nature of trust itself becomes the main basis for theses social engineering attacks. Sometimes social engineering performed by threatening targets. Ignorance of social engineering makes the organization an easy target. Sometimes Attacker are promising victims various kinds of things like cash or other benefits.
  • 7. MAIN FACTORS FOR SOCIAL ENGINEERING? ABHAY PATHAK INSUFFICIENT SECURITY TRAINING EASY ACCESS OF INFORMATION SEVERAL ORGANIZATIONAL UNITS LACK OF SECURITY POLICIES
  • 8. WHY IS SOCIAL ENGINEERING? ABHAY PATHAK Security policies are as strong as their weakest link, and human are the most susceptible factor. It is difficult to detect social engineering attempts. There is no methods to ensure complete security. There is no specific software or hardware for defending.
  • 9. STEPS ARE USED BY ATTACKER TO PERFORM SOCIAL ENGINEERING ABHAY PATHAK Research on Target Company: Dumpster diving, websites, employees, tour company etc. Select Victim: Identify the frustrated employees of the target company. Develop Relationship: Develop relationship with the selected employees. Exploit the Relationship: Collect sensitive account infomation, financial information, and current technologies
  • 10. TYPES OF SOCIAL ENGINEERING? ABHAY PATHAK Human-based Social Engineering • Gather sensitive information by interaction • Attacks of this category exploit trust, fear, and helping nature of humans Computer-based Social Engineering Social engineering is carried out with the help of computer Phishing, Fake emails, Pop-Up Windows attacks Mobile-based Social Engineering It is carried out with the help of mobile applications Publishing malicious apps, Repackaging legitimate apps, Fake Security apps, SMS
  • 11. HUMAN-BASED SOCIAL ENGINEERING? ABHAY PATHAK Posing as a legitimate end user "Hi! This is Alice, from department X, I have forgotten my password. Can I get it?” Posing as an important user "Hi, This is john, CEO Secretary. I am working on an urgent project and lost my system password. Can you help me out?" Posing as a technical support "Sir, This is Jessica, Technical support, X company. Last night we had a system crash here, and we are checking for the lost data. Can you give me your ID and password?"
  • 12. HUMAN-BASED SOCIAL ENGINEERING ABHAY PATHAK Eavesdropping • Eavesdropping or unauthorized listening of conversation or reading a messages • Interception of any form such as audio, video, or written. • It can also be done using communication channels such as telephone lines, emails, Instant messaging etc. Shoulder Surfing • It uses direct observation techniques such as looking over someone's shoulder to get information such as passwords, PIN's, Account numbers. etc. • It can be done from a longer distance by using enhancing devices such as zoom in camera
  • 13. HUMAN-BASED SOCIAL ENGINEERING ABHAY PATHAK Dumpster Diving Dumpster diving is looking for treasure in someone else's trash. Phone Bills, Contact Information, Financial information, Operations Information, etc.
  • 14. COMPUTER-BASED SOCIAL ENGINEERING ABHAY PATHAK Pop-Up Windows Windows that suddenly pop up while surfing the internet and ask for users information to login or sign-in Instant Messenger Gathering the information by chatting such as Date of Birth, contact no, maiden names, etc. Phishing Gathering the login credential by sending duplicate website Spam Email Irrelevant, unwanted, and unsolicited email to collect the financial information, PIN and network information
  • 15. COMPUTER-BASED SOCIAL ENGINEERING POP-UP WINDOWS ABHAY PATHAK Pop-Ups windows trick to force users click on hyperlink and redirects then on fake web page full of malicious programs such key loggers, spyware, Trojan, virus, etc.
  • 16. COMPUTER-BASED SOCIAL ENGINEERING PHISHING ABHAY PATHAK • An illegitimate email falsely claiming to be from a legitimate site attempts to steal user's personal information or login credential. • Phishing emails redirects you a phishing website and ask to submit personal information. DEMONSTRATION
  • 18. MOBILE-BASED SOCIAL ENGINEERING PUBLISHING MALICIOUS APPS ABHAY PATHAK • Attacker create fake malicious apps with attractive features and similar names of popular apps and publish them on app stores • Less knowledge victim download these apps and malwares in mobile, and attacker steal the sensitive information from mobile
  • 19. MOBILE-BASED SOCIAL ENGINEERING FAKE SECURITY APPS ABHAY PATHAK • Attacker infects the victim's PC • The victim logs onto their bank accounts • Malware in PC pop-ups a message telling the victim to download an application onto their phone in order to receive security messages • Victim download the malicious application on his phone • Attacker can now access second authentication factor sent to the victim from the bank via SMS
  • 21. TOOL:NET Craft Anti Phishing Tool Bar ABHAY PATHAK
  • 22. Behaviors Vulnerable to Attack Trust Human nature of trust is the basic of any Social Engineering Attack Ignorannce Ignore about Social Engineering and its effect among the workforce makes an organization is easy target Fear Social Engineers might threaten severe losses in case of non compliance with their request Greed Spocial Engineers lure the targets to divulge information by promising something nothing Moral Duty Targets asks for the help,and they comply out to sense of moral oblization ABHAY PATHAK
  • 23. Impact on the Organization Economic Loss Damage of Goodwill Loss of Privacy Dangers of terrorism Lawsuits and Arbitrations Temporary and Permanent Closure ABHAY PATHAK
  • 24. Countermeasures Training:- An efficient training program should consist of all security policies and methods to increase the awareness on Social Engineering. ABHAY PATHAK
  • 25. Countermeasures Password Policies:- • Periodic password change • Avoiding guessable password • Account blocking after failed attempt • Make maximum length and complexity of password • Secrecy of password ABHAY PATHAK
  • 26. Security Policies -Checklist Account Setup Password Change Policies Help Desk Procedure Access Privileges Employee Identification Privacy Policy Paper Documents Modems Physical Address Restrictions Virus Control ABHAY PATHAK