People: The Social Engineer’s Dream

Slides:



Advertisements
Similar presentations
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Advertisements

Protecting Your Identity: What to Know, What to Do.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Recommendations on the future of online GyroScope & Databse implementation.
INTERNET SAFETY FOR STUDENTS
Information Security Awareness Training
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
How computers changed the world.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
INTERNET SAFETY FOR STUDENTS
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Reliability & Desirability of Data
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
For brownies this PowerPoint will help you understand computer viruses and help stop them!!!!
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.
Phishing Dennis Schmidt, CISSP Director, Office of Information Systems HIPAA Security Officer UNC School of Medicine UNC School of Medicine.
5 different ways to get tricked on the internet. 1. Viruses A virus is a computer malware program that copies it’s files to the computer. This may allow.
Internet safety. Dangers of a poor password How people guess your password Your partner, child, or pet's name, possibly followed by a 0 or 1 The last.
ARE YOU A CYBER SECURITY RISK?. Pass the Hat Al QaedaFARCHezbollahIRAHAMAS.
Important Information Provided by Information Technology Center
Internet Safety.
As modern children, we have a huge number of electronic devices available to us. We might use computers, tablets, mobile phones or games consoles; for.
Creating your online identity
Social Engineering: The Human Element of Computer Security
Social Engineering Dr. X.
PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.
Learn how to protect yourself against common attacks
Scams & Schemes Scams and Schemes.
Unit 4 IT Security.
Protecting What’s Yours: Your Identity
How to use the internet safely and How to protect my personal data?
Information Security.
Ways to protect yourself against hackers
Protecting Your Identity:
A POWERPOINT MADE TO KEEP YOU SAFE ONLINE!
Keeping safe and private on the internet
What is Cyber bullying? Cyber bullying is when a person, or a group of people, uses the internet, mobile phones or other digital technologies to threaten,
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Online Safety.
Protect Your Computer Against Harmful Attacks!
Presented by: Brendan Walsh Manager, Security and Access Management
Cybersecurity Awareness
Information is at the heart of any University, and Harvard is no exception. We create it, analyze it, share it, and apply it. As you would imagine, we.
Robert Leonard Information Security Manager Hamilton
Risk of the Internet At Home
The Art of Deception.
Social Engineering No class today! Dr. X.
WHAT SHOULD AN EXECUTIVE EXPECT FROM INFORMATION SECURITY
Network Security Best Practices
Introduction to Computers
Encryption and Hacking
Security Hardening through Awareness August 2018
Online Safety! Created by Educational Technology Network
E - safety How e-safe are you?.
Qiyu chen, Xiaomin Dong, Chenhui Lai, Xinteng Chen, Vittorio DiPentino
Social Engineering Humans are often the weakest point in security
What is Phishing? Pronounced “Fishing”
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Financial (cyber) Security
Founded in 2002, Credit Abuse Resistance Education (CARE) educates high school and college students on the responsible use of credit and other fundamentals.
Presentation transcript:

People: The Social Engineer’s Dream ----------- John Harmon – VP of Operations at FRSecure May 21, 2018

People: The Social Engineer’s Dream Introduction People: The Social Engineer’s Dream Topics/Agenda Introduction Social Engineering Defined Famous Social Engineers Types of Social Engineering Real Stories WHAT TO DO?! Questions

People: The Social Engineer’s Dream Introduction People: The Social Engineer’s Dream Speaker: John Harmon, VP of Operations Lead the security and project management teams at FRSecure Business background 6th team member at FRSecure Wife, 2 teenaged boys Classically-trained singer Concordia (Moorhead) Alumn Very happy to be here!

People: The Social Engineer’s Dream Introduction People: The Social Engineer’s Dream FRSecure Information Security Consulting and Management company. It’s all we do. Our core services include: Security Risk Analysis – using FISASCORE® Social Engineering Services Penetration Testing Services PCI QSA Services Incident Management Services HITRUST Services Information Security Training & Awareness vServices (vCISO, vISO, and vISA) Methodology fanatics, mentoring champions, and product agnostic.

People: The Social Engineer’s Dream Social Engineering Defined People: The Social Engineer’s Dream Social engineering is hacking human trust. It’s convincing someone that it’s in their best interests to give you something. That something could be credentials, access to a computer system, personal information, physical access, or any number of things. - Evan Francen, FRSecure

People: The Social Engineer’s Dream Famous Social Engineers People: The Social Engineer’s Dream (in)Famous Social Engineers Some of my favorites

People: The Social Engineer’s Dream Types of social Engineering People: The Social Engineer’s Dream Types of Social Engineering DON’T FORGET: the best way to protect yourself against a social engineer is to know their techniques and be aware. There are four main types of social engineering attacks and a bunch of variations: Electronic: Phishing is the #1 variation of electronic social engineering. In-person: Physical attacks that typically focus on gaining physical access to something. Physical drop: Most often flash drives loaded with something bad. Telephone: Call and ask. Get somebody to give you something over the phone. All of these types of attacks give GREAT results. We have a saying: “It’s easier to go through your assistant than it is your firewall.”

People: The Social Engineer’s Dream Real Stories (People Like Stories) People: The Social Engineer’s Dream Electronic - Phishing What would you guess is the success rate for a phishing attack against a typical bank? ~50% of users give us credentials/100% of banks

People: The Social Engineer’s Dream Real Stories (People Like Stories) People: The Social Engineer’s Dream Electronic - Phishing

People: The Social Engineer’s Dream Real Stories (People Like Stories) People: The Social Engineer’s Dream Electronic - Phishing

People: The Social Engineer’s Dream Real Stories (People Like Stories) People: The Social Engineer’s Dream In Person

People: The Social Engineer’s Dream Real Stories (People Like Stories) People: The Social Engineer’s Dream In Person What do you get when you mix Gatorade, a dead spider, and a fake ID?

People: The Social Engineer’s Dream Real Stories (People Like Stories) People: The Social Engineer’s Dream In Person KIND HELPFUL INNOCENT TRUSTWORTHY

People: The Social Engineer’s Dream Real Stories (People Like Stories) People: The Social Engineer’s Dream Telephone

People: The Social Engineer’s Dream Real Stories (People Like Stories) People: The Social Engineer’s Dream Telephone (almost had him)

People: The Social Engineer’s Dream Real Stories (people love stories) People: The Social Engineer’s Dream Think it couldn’t happen to you? Things that a social engineer loves: People who don’t think it can happen to them. People who are too busy to notice. 100 / 10 / 3 – Verizon Stats

People: The Social Engineer’s Dream WHAT TO DO?! People: The Social Engineer’s Dream The best way to protect yourself against a social engineer is to know their techniques and be aware. Phishing – NEVER click on a link in an email that leads to a login page and login. Phishing – NEVER clink on a link in an email and download a file. Physical – ALWAYS question somebody that you don’t know who seems out of place. Physical – ALWAYS ask for identification. Physical – ALWAYS know where your access card and/or keys are. Physical – NEVER allow someone to follow behind you through an access controlled door. Phone – NEVER give out sensitive information on a phone call you didn’t initiate. Phone – NEVER give someone access to anything on a phone call you didn’t initiate. NOTHING can guarantee that you won’t be tricked or taken advantage of, so be prepared for what you will do if when it happens.

People: The Social Engineer’s Dream Questions? People: The Social Engineer’s Dream Questions? Hopefully about security. Thank you! For a copy of this presentation, text MCOCE18 to 44222 John Harmon FRSecure jharmon@frsecure.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.