The document discusses social engineering as a method of psychological manipulation aimed at obtaining confidential information from individuals. It identifies major attack vectors, including human trust and ignorance, and outlines various techniques such as phishing and dumpster diving employed by attackers. Recommendations for combatting social engineering include training programs, strong password policies, and comprehensive security measures.

1. SOCIAL ENGINEERING
A HACKING OF HUMEN’S MIND
ABHAY PATHAK
• The term “Social Engineering” is an act of the psychological
manipulation of human’s mind.this is also connected with thw Social
Science.
But the Social Engineering techniques has caugh-on among computers
and information security professional

2. The major attack vector :-Social Engineering
ABHAY PATHAK

3. SOCIAL ENGINEERING
A HACKING OF HUMEN’S MIND
ABHAY PATHAK
There is no security mechanism that can stop attackers
from performing social engineering,
Other than educating Victims about social engineering
tricks and warning about its threats.

4. SOCIAL ENGINEERING
A HACKING OF HUMEN’S MIND
ABHAY PATHAK
Social Engineering is the art of manipulate people to reveal
confidential information including Username and password.
Victim are unaware of their Valuable information and careless to
protect it.
Social engineering depends on trust.
Attacker can easily breach the security of an organization using social
engineering tricks.

5. WHAT IS SOCIAL ENGINEERING?
ABHAY PATHAK
Social Engineering is the art of manipulate people to reveal
confidential information including Username and password.
Victim are unaware of their Valuable information and careless to
protect it.
Social engineering depends on trust.
Attacker can easily breach the security of an organization using social
engineering tricks.

6. CAUSE OF SOCIAL ENGINEERING?
ABHAY PATHAK
Human nature of trust itself
becomes the main basis for
theses social engineering attacks.
Sometimes social engineering
performed by threatening targets.
Ignorance of social engineering makes
the organization an easy target.
Sometimes Attacker are
promising victims various kinds of
things like cash or other benefits.

7. MAIN FACTORS FOR SOCIAL ENGINEERING?
ABHAY PATHAK
INSUFFICIENT
SECURITY
TRAINING
EASY ACCESS OF
INFORMATION
SEVERAL
ORGANIZATIONAL
UNITS
LACK OF SECURITY
POLICIES

8. WHY IS SOCIAL ENGINEERING?
ABHAY PATHAK
Security policies are as strong as their weakest link, and human are
the most susceptible factor.
It is difficult to detect social engineering attempts.
There is no methods to ensure complete security.
There is no specific software or hardware for defending.

9. STEPS ARE USED BY ATTACKER
TO PERFORM SOCIAL ENGINEERING
ABHAY PATHAK
Research on Target Company: Dumpster diving, websites, employees,
tour company etc.
Select Victim: Identify the frustrated employees of the target company.
Develop Relationship: Develop relationship with the selected
employees.
Exploit the Relationship: Collect sensitive account infomation, financial
information, and current technologies

10. TYPES OF SOCIAL ENGINEERING?
ABHAY PATHAK
Human-based Social Engineering
• Gather sensitive information by interaction
• Attacks of this category exploit trust, fear, and helping nature of humans
Computer-based Social Engineering
Social engineering is carried out with the help of computer
Phishing, Fake emails, Pop-Up Windows attacks
Mobile-based Social Engineering
It is carried out with the help of mobile applications
Publishing malicious apps, Repackaging legitimate apps, Fake Security apps, SMS

11. HUMAN-BASED SOCIAL ENGINEERING?
ABHAY PATHAK
Posing as a legitimate end user
"Hi! This is Alice, from department X, I have forgotten my password. Can I get it?”
Posing as an important user
"Hi, This is john, CEO Secretary. I am working on an urgent project and lost my system password.
Can you help me out?"
Posing as a technical support
"Sir, This is Jessica, Technical support, X company. Last night we had a system crash here, and we
are checking for the lost data. Can you give me your ID and password?"

12. HUMAN-BASED SOCIAL ENGINEERING
ABHAY PATHAK
Eavesdropping
• Eavesdropping or unauthorized listening of
conversation or reading a messages
• Interception of any form such as audio, video,
or written.
• It can also be done using communication
channels such as telephone lines, emails,
Instant messaging etc.
Shoulder Surfing
• It uses direct observation techniques such as
looking over someone's shoulder to get
information such as passwords, PIN's, Account
numbers. etc.
• It can be done from a longer distance by using
enhancing devices such as zoom in camera

13. HUMAN-BASED SOCIAL ENGINEERING
ABHAY PATHAK
Dumpster Diving
Dumpster diving is looking for treasure in someone else's trash.
Phone Bills, Contact Information, Financial information, Operations Information, etc.

14. COMPUTER-BASED SOCIAL ENGINEERING
ABHAY PATHAK
Pop-Up Windows
Windows that suddenly pop up while
surfing the internet and ask for users
information to login or sign-in
Instant Messenger
Gathering the information by chatting
such as Date of Birth, contact no,
maiden names, etc.
Phishing
Gathering the login credential by sending
duplicate website
Spam Email
Irrelevant, unwanted, and unsolicited
email to collect the financial information,
PIN and network information

15. COMPUTER-BASED SOCIAL ENGINEERING
POP-UP WINDOWS
ABHAY PATHAK
Pop-Ups windows trick to force users click on hyperlink and redirects then on fake web page
full of malicious programs such key loggers, spyware, Trojan, virus, etc.

16. COMPUTER-BASED SOCIAL ENGINEERING
PHISHING
ABHAY PATHAK
• An illegitimate email falsely claiming to be from a legitimate site attempts to steal user's
personal information or login credential.
• Phishing emails redirects you a phishing website and ask to submit personal information.
DEMONSTRATION

17. ABHAY PATHAK

18. MOBILE-BASED SOCIAL ENGINEERING
PUBLISHING MALICIOUS APPS
ABHAY PATHAK
• Attacker create fake malicious apps with attractive features and similar names of popular apps
and publish them on app stores
• Less knowledge victim download these apps and malwares in mobile, and attacker steal the
sensitive information from mobile

19. MOBILE-BASED SOCIAL ENGINEERING
FAKE SECURITY APPS
ABHAY PATHAK
• Attacker infects the victim's PC
• The victim logs onto their bank accounts
• Malware in PC pop-ups a message telling the victim to download an application onto their
phone in order to receive security messages
• Victim download the malicious application on his phone
• Attacker can now access second authentication factor sent to the victim from the bank via
SMS

20. ABHAY PATHAK

21. TOOL:NET Craft Anti Phishing Tool Bar
ABHAY PATHAK

22. Behaviors Vulnerable to Attack
Trust
Human nature of trust is the basic of any Social Engineering Attack
Ignorannce
Ignore about Social Engineering and its effect among the workforce makes an organization is
easy target
Fear
Social Engineers might threaten severe losses in case of non compliance with their request
Greed
Spocial Engineers lure the targets to divulge information by promising something nothing
Moral Duty
Targets asks for the help,and they comply out to sense of moral oblization
ABHAY PATHAK

23. Impact on the Organization
Economic Loss
Damage of Goodwill
Loss of Privacy
Dangers of terrorism
Lawsuits and Arbitrations
Temporary and Permanent Closure
ABHAY PATHAK

24. Countermeasures
Training:-
An efficient training program should consist of all security policies and
methods to increase the awareness on Social Engineering.
ABHAY PATHAK

25. Countermeasures
Password Policies:-
• Periodic password change
• Avoiding guessable password
• Account blocking after failed attempt
• Make maximum length and complexity of password
• Secrecy of password
ABHAY PATHAK

26. Security Policies -Checklist
Account Setup
Password Change Policies
Help Desk Procedure
Access Privileges
Employee Identification
Privacy Policy
Paper Documents
Modems
Physical Address Restrictions
Virus Control
ABHAY PATHAK

27. ABHAY PATHAK