SlideShare a Scribd company logo

Social engineering-Sandy Suhling

S
suhlingse

Social engineering: Case Study & attack implications

Technology
1 of 10
Download to read offline
Social Engineering Attacks: Case Studies & Security Implications By Sandy Suhling INFO 644--Fall 2013
What is social engineering? ● “gaining of information from legitimate users for illegitimate access (Dhillon, 2013).” ● generally involves manipulating someone to take action or give information that may or may not be in the target’s best interests (Hadnagy, 2010).
Social Engineering techniques ● dumpster diving (Brody, Brizzee, & Cano, 2012) ● shoulder surfing ● tailgating/piggybacking ● phishing ● pretexting ● intimidation (Orlando, 2007) ● bribery
Case Study: Wayland Fruit Company http://world-beautifulwallpapers.blogspot.com/2013/02/beautiful-fruits-wallpapers.html
Case Study: Holes in Security ● company policy violations ○ vulnerable to blackmail, coercion ● hacker use of pretexting to get information ○ pretended to be EW IT Technician ○ knew information about the company & Mr. Farmer ● Lack of awareness/education ● use of same login ID and password for multiple accounts
Social & Technical Vulnerabilities ● Walmart: good customer service vs. giving out business information (Cowley, 2012). ● Human tendencies = vulnerabilities: ○ want to be helpful ○ make assumptions ○ reluctance to question authorities ○ people take shortcuts, security vs. usabilitiy (Hadnagy, 2010). ○ overconfidence
Implications for attacks ● can have high costs ○ financial costs $25,000-$100,000/incident ○ loss of trust in employees ○ loss of business ● difficult to prevent because of natural human tendencies
Preventing social engineering attacks ● include 4th generation security measures (Dhillon, 2013). ● education and awareness about social engineering for all employees ● use a combination of informal, formal, and technical controls/security measures ● make use of penetration testing ● don’t make it easy! ○ ex: proper disposal of trash/important documents (Brody, Brizzee, & Cano, 2012)
Class Question What other security measures can businesses use to prevent social engineering attacks? How are these security measures different from those instituted to protect from other types of attacks?
References ● Brody, R.G., Brizzee, W.B., and Cano, L. (2012). Flying under the radar: Social engineering. International Journal of Accounting and Information Management, 20(4). Retrieved from http://www.emeraldinsight.com.proxy.library.vcu.edu/ journals.htm?articleid=17058136&show=abstract. ● Cowley, S. (2012). How a lying 'social engineer' hacked Wal-Mart. CNN. Retrieved from http://money.cnn.com/2012/08/07/technology/walmart-hack-defcon/index.htm. ● Dhillon, G. (2013). Enterprise Cyber Security: Principles and Practice. Washington, DC: Paradigm Books. ● Hadnagy, C. (2010). Social Engineering: The Art of Human Hacking. Indianapolis, IN: John Wiley & Sons. Retrieved from http://proquest.safaribooksonline.com.proxy.library.vcu.edu/9780470639535 ● Orlando, J. (2007). Social engineering in penetration testing: Cases. Security Strategies Alert. Retrieved from http://www.networkworld.com/newsletters/2007/1022sec2.html?page=1

Recommended

Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenship
Jonah Howard
 
„The four most-used passwords are love, sex, secret, and God“: password secur...
„The four most-used passwords are love, sex, secret, and God“: password secur...„The four most-used passwords are love, sex, secret, and God“: password secur...
„The four most-used passwords are love, sex, secret, and God“: password secur...
Kaido Kikkas
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Social engineering
Social engineeringSocial engineering
Social engineering
Nicholas Davis
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
William Gregorian
 
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark ArtsSocial Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Arts
n|u - The Open Security Community
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 

Recommended

Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenship
Jonah Howard
 
„The four most-used passwords are love, sex, secret, and God“: password secur...
„The four most-used passwords are love, sex, secret, and God“: password secur...„The four most-used passwords are love, sex, secret, and God“: password secur...
„The four most-used passwords are love, sex, secret, and God“: password secur...
Kaido Kikkas
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Cyber Agency
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Social engineering
Social engineeringSocial engineering
Social engineering
Nicholas Davis
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
William Gregorian
 
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark ArtsSocial Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Arts
n|u - The Open Security Community
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
Nutan Kumar Panda
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
Chris Hammond-Thrasher
 
Social engineering
Social engineeringSocial engineering
Social engineering
Alexander Zhuravlev
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
Praetorian
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit framework
Prashanth Sivarajan
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
realpeterz
 
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxRunning head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
todd271
 
Designing for Usable Security and Privacy
Designing for Usable Security and PrivacyDesigning for Usable Security and Privacy
Designing for Usable Security and Privacy
Cori Faklaris
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdf
SaraJayneTerp
 
CanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfCanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdf
SaraJayneTerp
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
Kory Edwards
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
Kory Edwards
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
honey690131
 
Project Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxProject Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docx
briancrawford30935
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
todd581
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
glendar3
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...
The University of Texas (UTRGV)
 
CSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfCSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdf
SaraJayneTerp
 
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxChapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
bartholomeocoombs
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docx
normanibarber20063
 

More Related Content

Viewers also liked

Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
Praetorian
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
realpeterz
 

Viewers also liked (8)

Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit framework
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 

Similar to Social engineering-Sandy Suhling

Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxRunning head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
todd271
 
CanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfCanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdf
SaraJayneTerp
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
Kory Edwards
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
Kory Edwards
 
Project Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxProject Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docx
briancrawford30935
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
todd581
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
glendar3
 
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxChapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
bartholomeocoombs
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docx
normanibarber20063
 
Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In Technology
CSCJournals
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
IJECEIAES
 
Target Data Security Breach Case Study
Target Data Security Breach Case StudyTarget Data Security Breach Case Study
Target Data Security Breach Case Study
Angilina Jones
 

Similar to Social engineering-Sandy Suhling (20)

Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxRunning head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
 
Designing for Usable Security and Privacy
Designing for Usable Security and PrivacyDesigning for Usable Security and Privacy
Designing for Usable Security and Privacy
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdf
 
CanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfCanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdf
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
 
Project Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxProject Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docx
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...
 
CSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfCSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdf
 
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxChapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docx
 
Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
MITIGATING SOCIAL ENGINEERING ATTACKS.pptx
MITIGATING SOCIAL ENGINEERING ATTACKS.pptxMITIGATING SOCIAL ENGINEERING ATTACKS.pptx
MITIGATING SOCIAL ENGINEERING ATTACKS.pptx
 
Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In Technology
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
 
Target Data Security Breach Case Study
Target Data Security Breach Case StudyTarget Data Security Breach Case Study
Target Data Security Breach Case Study
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Social engineering-Sandy Suhling

  • 1. Social Engineering Attacks: Case Studies & Security Implications By Sandy Suhling INFO 644--Fall 2013
  • 2. What is social engineering? ● “gaining of information from legitimate users for illegitimate access (Dhillon, 2013).” ● generally involves manipulating someone to take action or give information that may or may not be in the target’s best interests (Hadnagy, 2010).
  • 3. Social Engineering techniques ● dumpster diving (Brody, Brizzee, & Cano, 2012) ● shoulder surfing ● tailgating/piggybacking ● phishing ● pretexting ● intimidation (Orlando, 2007) ● bribery
  • 4. Case Study: Wayland Fruit Company http://world-beautifulwallpapers.blogspot.com/2013/02/beautiful-fruits-wallpapers.html
  • 5. Case Study: Holes in Security ● company policy violations ○ vulnerable to blackmail, coercion ● hacker use of pretexting to get information ○ pretended to be EW IT Technician ○ knew information about the company & Mr. Farmer ● Lack of awareness/education ● use of same login ID and password for multiple accounts
  • 6. Social & Technical Vulnerabilities ● Walmart: good customer service vs. giving out business information (Cowley, 2012). ● Human tendencies = vulnerabilities: ○ want to be helpful ○ make assumptions ○ reluctance to question authorities ○ people take shortcuts, security vs. usabilitiy (Hadnagy, 2010). ○ overconfidence
  • 7. Implications for attacks ● can have high costs ○ financial costs $25,000-$100,000/incident ○ loss of trust in employees ○ loss of business ● difficult to prevent because of natural human tendencies
  • 8. Preventing social engineering attacks ● include 4th generation security measures (Dhillon, 2013). ● education and awareness about social engineering for all employees ● use a combination of informal, formal, and technical controls/security measures ● make use of penetration testing ● don’t make it easy! ○ ex: proper disposal of trash/important documents (Brody, Brizzee, & Cano, 2012)
  • 9. Class Question What other security measures can businesses use to prevent social engineering attacks? How are these security measures different from those instituted to protect from other types of attacks?
  • 10. References ● Brody, R.G., Brizzee, W.B., and Cano, L. (2012). Flying under the radar: Social engineering. International Journal of Accounting and Information Management, 20(4). Retrieved from http://www.emeraldinsight.com.proxy.library.vcu.edu/ journals.htm?articleid=17058136&show=abstract. ● Cowley, S. (2012). How a lying 'social engineer' hacked Wal-Mart. CNN. Retrieved from http://money.cnn.com/2012/08/07/technology/walmart-hack-defcon/index.htm. ● Dhillon, G. (2013). Enterprise Cyber Security: Principles and Practice. Washington, DC: Paradigm Books. ● Hadnagy, C. (2010). Social Engineering: The Art of Human Hacking. Indianapolis, IN: John Wiley & Sons. Retrieved from http://proquest.safaribooksonline.com.proxy.library.vcu.edu/9780470639535 ● Orlando, J. (2007). Social engineering in penetration testing: Cases. Security Strategies Alert. Retrieved from http://www.networkworld.com/newsletters/2007/1022sec2.html?page=1