Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Social engineering brief


Published on

Self-read brief on social engineering - definition, activities, tactics, defense

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

Social engineering brief

  1. 1. Social Engineering Brief >> 08.06.2012 Social Engineering
  2. 2. Social Engineering Brief >> 08.06.2012Social EngineeringNew media and new socialapplications add to the long list oftools and techniques to elicit criticalbusiness information fromemployees. This information can beused to harm businesses and to putthem in a disadvantage position intheir competitive environment.
  3. 3. Social Engineering Brief >> 08.06.2012DefinitionSocial engineering is a non-technical way of intrusion thatexploits human behavior based onhuman interaction. Often socialengineering involves false claims,statements and identities to tricktarget individuals and have thembreak normal security procedures.Actually, social engineering is part ofall kinds of exploits.
  4. 4. Social Engineering Brief >> 08.06.2012ActivitiesPhishing – per e-mail or telephoneemployees are convinced todisclose sensitive informationMalware – employees are urged torun virus infected software oncorporate devicesShoulder surfing – social engineerslook over employees’ shoulders tomemorize passwords
  5. 5. Social Engineering Brief >> 08.06.2012ActivitiesDustbin searching – socialengineers search and analyzedustbin contentPassword guessing – socialengineers take advantage ofemployees’ natural habit to usepasswords that are meaningful totheir personal circumstances andthus can be easily guessed
  6. 6. Social Engineering Brief >> 08.06.2012TacticsSocial Engineering exploits humanbehavior and addresses traits suchas vanity, lack of self-confidence,greed, craving for recognition,helpfulness … A supportive fact tosuccessful social engineering is thatnowadays employees have notcompletely grasped the value ofinformation in general and ofbusiness related information inparticular. The complexity of theinformation society adds to this, too.
  7. 7. Social Engineering Brief >> 08.06.2012DefendBeyond a comprehensive and strictcorporate information policy andemployee guideline, there are fourrules that can be easily followed toprotect the employee and theemployer against social engineering:First rule – inhale and follow thecorporate information policy andguideline
  8. 8. Social Engineering Brief >> 08.06.2012DefendSecond rule – avoid time pressure;ask for a telephone number or e-mail address to get back in touchThird rule – verify claims /statements which put you on thespot and urge you to act withoutthinking; verify the urgency, theindividual, the situation, the requestat all
  9. 9. Social Engineering Brief >> 08.06.2012DefendFourth rule – in case of uncertaintyimmediately involve superiors /security personal
  10. 10. Social Engineering Brief >> 08.06.2012INFO + DATENINFO + DATEN GmbH & Co. KGUdo HohlfeldP: +49 6731 5493512M: contact @ infoplusdaten . netW: