SlideShare a Scribd company logo

Social engineering

Download as PPTX, PDF
Vîñàý Pãtêl
Vîñàý Pãtêl

Social engineering is an means of hacking making a person fool and to steal their dat

Technology
1 of 36
THE MIND GAME BEYOND Normal HUMAN!
Simple Definition  Social engineering is a psycho-social attack that subverts human trust and helpfulness in order to attain the attacker’s goals.
Outline  What is it?  How is it done?  Who is at risk?  Approach?
What is it?  Social engineering is the oldest form of hacking.  Social engineers focus on the users of the system. By gaining the trust of the user, a social engineer can simply ask for whatever information he or she wants…and usually get it.
The Social Engineering!!!!  Uses Psychological Methods  Exploits human tendency to trust  Goals are the Same as Hacking “the art and science of getting people to comply with your wishes”
Why Social Engineering?  Easier than technical hacking  Hard to detect and track
A social engineer’s mantra… “There is no patch for human stupidity.”
The Mind of a Social Engineer  More like actors than hackers  Learn to know how people feel by observing their actions  can alter these feelings by changing what they say and do  make the victim want to give them the information they need
How is it done?  Attacks come in various forms:  On the phone, over e-mail, in person impersonation
Impersonation  Play the part!  Social Engineers must:  Anticipate problems  Know jargon and procedures of the role
Impersonation  And most importantly, knowledge of how to build trust with whomever they need information from.  Social engineers most often impersonate authority figures, assistants to authority figure, and new employees.
More techniques…  Dummy Mode  Bury the key question  Research (Google)
Over the phone  The phone is the most popular method of social engineering because it is difficult to verify or deny someone’s identity.
Over e-mail and IM  E-mail attacks are very common (phishing).  E-mail is also used for impersonation.  Obtaining password for an IM account could lead to access to a bank account, other personal data.
Dumpster diving  Digging through trash at corporations in search of sensitive data.
Outline  What is it?  How is it done?  Who is at risk?  Approach?
Who is at risk?  Everyone.  Everyone with information is a potential target!
Real World Examples  90% of office workers gave away their password for a pen.  70% of people who trade their password for a bar of chocolate.
Real World Examples  1/3 of the IRS employees provided their user name and changed their password in a 2005 security audit.  USC vs. Cal basketball game
Approaches  Carelessness  Comfort Zone  Helpfulness  Fear
Careless Approach  Victim is Careless  Does not implement, use, or enforce proper countermeasures  Used for Reconnaissance  Looking for what is laying around
Careless Examples  Dumpster Diving/Trashing  Huge amount of information in the trash  Most of it does not seem to be a threat  The who, what and where of an organization  Knowledge of internal systems  Materials for greater authenticity  Intelligence Agencies have done this for years
Comfort Zone Examples  Impersonation  Could be anyone  Tech Support  Co-Worker  Boss  CEO  User  Maintenance Staff  Generally Two Goals  Asking for a password  Building access - Careless Approach
Comfort Zone Approach  Victim organization members are in a comfortable environment  Lower threat perception  Usually requires the use of another approach
Helpful Approach  People generally try to help even if they do not know who they are helping  Usually involves being in a position of obvious need  Attacker generally does not even ask for the help they receive
Helpful Examples  Piggybacking  Attacker will trail an employee entering the building  More Effective:  Carry something large so they hold the door open for you  Go in when a large group of employees are going in  Pretend to be unable to find door key
Fear Approach  Usually draws from the other approaches  Puts the user in a state of fear and anxiety  Very aggressive
Fear Examples  Conformity  The user is the only one who has not helped out the attacker with this request in the past  Personal responsibility is diffused  User gets justification for granting an attack.
Combating Social Engineers  User Education and Training  Identifying Areas of Risk  Tactics correspond to Area  Strong, Enforced, and Tested Security Policy
User Education and Training  Security Orientation for new employees  Yearly security training for all employees  Weekly newsletters, videos, brochures, games and booklets detailing incidents and how they could have been prevented  Signs, posters, coffee mugs, pens, pencils, mouse pads, screen savers, etc with security slogans (I.e. “Loose lips sink ships”).
Security Policy  Management should know the importance of protecting against social engineering attacks  Specific enough that employees should not have to make judgment calls  Include procedure for responding to an attack
Areas of Risk  Certain areas have certain risks  What are the risks for these areas?  Help Desk, Building entrance, Office, Mail Room, Machine room/Phone Closet, Dumpsters, Intranet/Internet, Overall
Conclusions  Social Engineering is a very real threat  Realistic prevention is hard  Can be expensive  Militant Vs. Helpful Helpdesk Staff  Reasonable Balance
“You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” -Kevin Mitnick
Questions
References  Psychological Based Social Engineering, Charles Lively. December 2003. SANS Institute. 10 September 2005. http://www.giac.org/certified_professionals/practicals/gsec/3547.php  Sarah Granger, “Social Engineering Fundamentals: Part I”. Security Focus. December 2001. 10 September 2005. http://www.securityfocus.com/infocus/1527  Sarah Granger, “Social Engineering Fundamentals: Part II”. Security Focus. January 2002. 10 September 2005. http://www.securityfocus.com/infocus/1533

Recommended

Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 

Recommended

Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Simon Salter
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesLearningwithRayYT
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeMuhammad Irfan
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 

More Related Content

What's hot

Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Simon Salter
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesLearningwithRayYT
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Radar Cyber Security
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 

What's hot (20)

Cyber security
Cyber securityCyber security
Cyber security
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me"
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
social engineering
social engineering social engineering
social engineering
 
Cyber security
Cyber securityCyber security
Cyber security
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
 
Social Engineering Attacks & Principles
Social Engineering Attacks & PrinciplesSocial Engineering Attacks & Principles
Social Engineering Attacks & Principles
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025Cyber attacks and IT security management in 2025
Cyber attacks and IT security management in 2025
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Social engineering
Social engineeringSocial engineering
Social engineering
 

Viewers also liked

Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen CatheySocial Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Catheynwrecruit
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Humans Are The Weakest Link – How DLP Can Help?
Humans Are The Weakest Link – How DLP Can Help?Humans Are The Weakest Link – How DLP Can Help?
Humans Are The Weakest Link – How DLP Can Help?Vera Trubacheva
 
Social Engineering
Social Engineering Social Engineering
Social Engineering Mirna Hanna
 
Customer Human Engineering jmg
Customer Human Engineering jmgCustomer Human Engineering jmg
Customer Human Engineering jmgJose Garcia
 
Skip the date quick start
Skip the date quick startSkip the date quick start
Skip the date quick startskipthedate
 
Verbal Judo: The Art of Using Words to Close More Deals
Verbal Judo: The Art of Using Words to Close More DealsVerbal Judo: The Art of Using Words to Close More Deals
Verbal Judo: The Art of Using Words to Close More DealsActiveRain
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackStefan Tanase
 
7 social engineering and insider threats
7 social engineering and insider threats 7 social engineering and insider threats
7 social engineering and insider threats mohamad Hamizi
 
2 cybersecurity best practices
2 cybersecurity best practices 2 cybersecurity best practices
2 cybersecurity best practices mohamad Hamizi
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 

Viewers also liked (19)

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen CatheySocial Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
Humans Are The Weakest Link – How DLP Can Help?
Humans Are The Weakest Link – How DLP Can Help?Humans Are The Weakest Link – How DLP Can Help?
Humans Are The Weakest Link – How DLP Can Help?
 
Social Engineering
Social Engineering Social Engineering
Social Engineering
 
Customer Human Engineering jmg
Customer Human Engineering jmgCustomer Human Engineering jmg
Customer Human Engineering jmg
 
Skip the date quick start
Skip the date quick startSkip the date quick start
Skip the date quick start
 
The Reid Technique
The Reid TechniqueThe Reid Technique
The Reid Technique
 
Verbal Judo: The Art of Using Words to Close More Deals
Verbal Judo: The Art of Using Words to Close More DealsVerbal Judo: The Art of Using Words to Close More Deals
Verbal Judo: The Art of Using Words to Close More Deals
 
Today’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attackToday’s hidden dangers: Social networks under attack
Today’s hidden dangers: Social networks under attack
 
7 social engineering and insider threats
7 social engineering and insider threats 7 social engineering and insider threats
7 social engineering and insider threats
 
2 cybersecurity best practices
2 cybersecurity best practices 2 cybersecurity best practices
2 cybersecurity best practices
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 

Similar to Social engineering

Social engineering
Social engineeringSocial engineering
Social engineeringHHSome
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT WorldAkshay Mittal
 
Unlocking the Hidden Potential
Unlocking the Hidden PotentialUnlocking the Hidden Potential
Unlocking the Hidden PotentialEricaCiko
 
VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1tgbrunet
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefShah Sheikh
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING ijmvsc
 
Issa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's RevengeIssa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's RevengeMike Murray
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badbanerjeea
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorSandra (Sandy) Dunn
 
Cyber Security | Mayur Rele
Cyber Security | Mayur ReleCyber Security | Mayur Rele
Cyber Security | Mayur ReleMayur Rele
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text graphhoc
 

Similar to Social engineering (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Social Engineering Attacks in IT World
Social Engineering Attacks in IT WorldSocial Engineering Attacks in IT World
Social Engineering Attacks in IT World
 
Unlocking the Hidden Potential
Unlocking the Hidden PotentialUnlocking the Hidden Potential
Unlocking the Hidden Potential
 
VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1VCU INFO 644 Critical Thinking 1
VCU INFO 644 Critical Thinking 1
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman ThiefYehia Mamdouh @ DTS Solution - The Gentleman Thief
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
 
Issa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's RevengeIssa Vancouver 6 09 Pareto's Revenge
Issa Vancouver 6 09 Pareto's Revenge
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Whitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-badWhitepaper-When-Admins-go-bad
Whitepaper-When-Admins-go-bad
 
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating WarriorBanning Whining, Avoiding Cyber Wolves, and Creating Warrior
Banning Whining, Avoiding Cyber Wolves, and Creating Warrior
 
Cyber Security | Mayur Rele
Cyber Security | Mayur ReleCyber Security | Mayur Rele
Cyber Security | Mayur Rele
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text Case Study On Social Engineering Techniques for Persuasion Full Text
Case Study On Social Engineering Techniques for Persuasion Full Text
 

More from Vîñàý Pãtêl

More from Vîñàý Pãtêl (7)

Psychotropic drugs review
Psychotropic drugs reviewPsychotropic drugs review
Psychotropic drugs review
 
Supernatural creatures
Supernatural creaturesSupernatural creatures
Supernatural creatures
 
Microscope
MicroscopeMicroscope
Microscope
 
Mutations
MutationsMutations
Mutations
 
Psychotropic drugs
Psychotropic drugsPsychotropic drugs
Psychotropic drugs
 
Bioweapons
Bioweapons Bioweapons
Bioweapons
 
RNA polymerase
RNA polymeraseRNA polymerase
RNA polymerase
 

Recently uploaded

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Recently uploaded (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Social engineering

  • 2. Simple Definition  Social engineering is a psycho-social attack that subverts human trust and helpfulness in order to attain the attacker’s goals.
  • 3. Outline  What is it?  How is it done?  Who is at risk?  Approach?
  • 4. What is it?  Social engineering is the oldest form of hacking.  Social engineers focus on the users of the system. By gaining the trust of the user, a social engineer can simply ask for whatever information he or she wants…and usually get it.
  • 5. The Social Engineering!!!!  Uses Psychological Methods  Exploits human tendency to trust  Goals are the Same as Hacking “the art and science of getting people to comply with your wishes”
  • 6. Why Social Engineering?  Easier than technical hacking  Hard to detect and track
  • 7. A social engineer’s mantra… “There is no patch for human stupidity.”
  • 8. The Mind of a Social Engineer  More like actors than hackers  Learn to know how people feel by observing their actions  can alter these feelings by changing what they say and do  make the victim want to give them the information they need
  • 9. How is it done?  Attacks come in various forms:  On the phone, over e-mail, in person impersonation
  • 10. Impersonation  Play the part!  Social Engineers must:  Anticipate problems  Know jargon and procedures of the role
  • 11. Impersonation  And most importantly, knowledge of how to build trust with whomever they need information from.  Social engineers most often impersonate authority figures, assistants to authority figure, and new employees.
  • 12. More techniques…  Dummy Mode  Bury the key question  Research (Google)
  • 13. Over the phone  The phone is the most popular method of social engineering because it is difficult to verify or deny someone’s identity.
  • 14. Over e-mail and IM  E-mail attacks are very common (phishing).  E-mail is also used for impersonation.  Obtaining password for an IM account could lead to access to a bank account, other personal data.
  • 15. Dumpster diving  Digging through trash at corporations in search of sensitive data.
  • 16. Outline  What is it?  How is it done?  Who is at risk?  Approach?
  • 17. Who is at risk?  Everyone.  Everyone with information is a potential target!
  • 18. Real World Examples  90% of office workers gave away their password for a pen.  70% of people who trade their password for a bar of chocolate.
  • 19. Real World Examples  1/3 of the IRS employees provided their user name and changed their password in a 2005 security audit.  USC vs. Cal basketball game
  • 20. Approaches  Carelessness  Comfort Zone  Helpfulness  Fear
  • 21. Careless Approach  Victim is Careless  Does not implement, use, or enforce proper countermeasures  Used for Reconnaissance  Looking for what is laying around
  • 22. Careless Examples  Dumpster Diving/Trashing  Huge amount of information in the trash  Most of it does not seem to be a threat  The who, what and where of an organization  Knowledge of internal systems  Materials for greater authenticity  Intelligence Agencies have done this for years
  • 23. Comfort Zone Examples  Impersonation  Could be anyone  Tech Support  Co-Worker  Boss  CEO  User  Maintenance Staff  Generally Two Goals  Asking for a password  Building access - Careless Approach
  • 24. Comfort Zone Approach  Victim organization members are in a comfortable environment  Lower threat perception  Usually requires the use of another approach
  • 25. Helpful Approach  People generally try to help even if they do not know who they are helping  Usually involves being in a position of obvious need  Attacker generally does not even ask for the help they receive
  • 26. Helpful Examples  Piggybacking  Attacker will trail an employee entering the building  More Effective:  Carry something large so they hold the door open for you  Go in when a large group of employees are going in  Pretend to be unable to find door key
  • 27. Fear Approach  Usually draws from the other approaches  Puts the user in a state of fear and anxiety  Very aggressive
  • 28. Fear Examples  Conformity  The user is the only one who has not helped out the attacker with this request in the past  Personal responsibility is diffused  User gets justification for granting an attack.
  • 29. Combating Social Engineers  User Education and Training  Identifying Areas of Risk  Tactics correspond to Area  Strong, Enforced, and Tested Security Policy
  • 30. User Education and Training  Security Orientation for new employees  Yearly security training for all employees  Weekly newsletters, videos, brochures, games and booklets detailing incidents and how they could have been prevented  Signs, posters, coffee mugs, pens, pencils, mouse pads, screen savers, etc with security slogans (I.e. “Loose lips sink ships”).
  • 31. Security Policy  Management should know the importance of protecting against social engineering attacks  Specific enough that employees should not have to make judgment calls  Include procedure for responding to an attack
  • 32. Areas of Risk  Certain areas have certain risks  What are the risks for these areas?  Help Desk, Building entrance, Office, Mail Room, Machine room/Phone Closet, Dumpsters, Intranet/Internet, Overall
  • 33. Conclusions  Social Engineering is a very real threat  Realistic prevention is hard  Can be expensive  Militant Vs. Helpful Helpdesk Staff  Reasonable Balance
  • 34. “You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” -Kevin Mitnick
  • 36. References  Psychological Based Social Engineering, Charles Lively. December 2003. SANS Institute. 10 September 2005. http://www.giac.org/certified_professionals/practicals/gsec/3547.php  Sarah Granger, “Social Engineering Fundamentals: Part I”. Security Focus. December 2001. 10 September 2005. http://www.securityfocus.com/infocus/1527  Sarah Granger, “Social Engineering Fundamentals: Part II”. Security Focus. January 2002. 10 September 2005. http://www.securityfocus.com/infocus/1533