Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Slides:



Advertisements
Similar presentations
How to protect yourself, your computer, and others on the internet
Advertisements

How It Applies In A Virtual World. Phishing Definition: n. To request confidential information over the Internet under false pretenses in order to fraudulently.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Recommendations on the future of online GyroScope & Databse implementation.
SECURITY AND SOCIAL ENGINEERING US Department of Commerce Office of Security Updated 09/26/11 Security is Everyone's Responsibility – See Something, Say.
Social media threats. Warning! May contain mild peril.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Bsharah Presentation Threats to Information Security Protecting Your Personal Information from Phishing Scams.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Internet Phishing Not the kind of Fishing you are used to.
Social Engineering Networks Reid Chapman Ciaran Hannigan.
Internet Security Awareness Presenter: Royce Wilkerson.
Cyber X-Force-SMS alert system for threats.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
How It Applies In A Virtual World
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.
Cyber Crime & Security Raghunath M D BSNL Mobile Services,
Internet Safety By Stephanie Jarrard. What is the Internet?  “Internet” is a shortened name for “Interconnected networks”  The internet is a global.
Cyber Crimes.
Ashley Chambliss ED 505 Fall 2. “Digital Citizenship is a way for teachers to prepare you for a world full of technology.” (Ribble, ) “A means.
You, Me & Technology. Overview Technology –Our relationship with technology Threats –What, Who, When, Where, Why & How Protection –What we can do to protect.
IT security By Tilly Gerlack.
© Hodder Gibson 2012 Staying safe online. © Hodder Gibson 2012 Dangers on the Internet There are a number of dangers on the Internet such as: viruses.
Adam Soph, Alexandra Smith, Landon Peterson. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details.
People use the internet more and more these days so it is very important that we make sure everyone is safe and knows what can happen and how to prevent.
Internet Security & Safety. What makes up the internet? Protecting and securing your password Protecting your identity What is social networking? Benefits.
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.
 Introduction to Computing  Computer Programming  Terrorisom.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
How Phishing Works Prof. Vipul Chudasama.
Cassidy Culligan Digital Citizenship Project ED 505.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Topic 5: Basic Security.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. Cyber.
What are they? What do they have to with me?. Introduction  You may not know exactly what it is, but chances are you have encountered one at some point.
Computer crimes.
Cybersecurity Test Review Introduction to Digital Technology.
Internet Safety Sam Farnsworth Utah PTA Technology Specialist
Safe Computing Practices. What is behind a cyber attack? 1.
The internet is a place of both useful and bad information. It has both good and bad side- and it’s all too easy for kids to stray into it. And no parents/guardian.
Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
Internet Security TEAMS March 18 th, ISP:Internet Service Provider.
JANELL LAYSER Training Manual. AWARENESS! Social Engineers are out there, and everyone should be prepared to deal with them! They can contact you by phone,
How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.
Digital Citizenship Project Submitted by: Etta Pope Instructor: Laurie Fowler.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
Social Engineering: The Human Element of Computer Security
An Introduction to Phishing and Viruses
PHISHING Hi, The comms team asked if I could refresh everyone about Phishing after a fairly successful phishing circulated last week that led to.
IT Security  .
Social Engineering Charniece Craven COSC 316.
Information Security 101 Richard Davis, Rob Laltrello.
Phishing is a form of social engineering that attempts to steal sensitive information.
Cybersecurity Awareness
Robert Leonard Information Security Manager Hamilton
Risk of the Internet At Home
Social Engineering No class today! Dr. X.
Computer Security.
What is Phishing? Pronounced “Fishing”
Wireless Spoofing Attacks on Mobile Devices
Communicating in the IT Industry
Cybersecurity Simplified: Phishing
Presentation transcript:

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria

Social Networking Today

Project Goals 1. Address threats on Facebook by the use of different social engineering techniques. 2. Show why each of the threats are serious and how they are conducted. 3. Perform our own attacks in a controlled, lab environment. 4. Show users how they can protect themselves and their information from these attacks.

How much information are you publicly sharing? Facebook users sometimes unknowingly share personal information with complete strangers. For example, phone numbers, personal and work address, pictures and the user’s location information are readily available. All of this information could be useful when combined with social engineering techniques to aid in identity theft or the compromising of sensitive information.

Social Networks and Social Engineering Malicious actors are targeting Social network users to gain information to be used in phishing and other attacks Users are often not aware of the amount of information that is unwittingly shared in social networking sites Social Engineering is the often the precursor to targeted APT attacks on companies

Facebook Groups and Apps Specifically, Facebook groups can be used to social engineer private information from users Games and other Applications in Facebook are often infected with malware and/or infected links that compromise the security of the user and all of their connected friends Awareness and careful vetting of all connected friends is critical to securing the Facebook experience

Social Media Abuse As in any large scale social gathering, whether physical or virtual, there are always abusers and criminals involved. Facebook allows criminals to conceal their identity by creating fake accounts in order to carry out malicious activities anonymously. Many crimes have been solved using Facebook as a social networking source

What is Phishing? Phishing websites are malicious, “imitation websites” that look practically identical to the original website. The main purpose of these websites are to steal confidential information such as usernames and passwords or financial information. Common attack performed on Facebook users.

Website has to look authentic The phishing website has to look authentic for the user to be tricked into entering their login credentials. There are ways to identify if you are on a legitimate website, but many Facebook users will fall for this trick.

Which is the real Facebook?

Is this the real Facebook?

How can you tell which is real? Always check the address bar of the website you are on! Phishing Website Authentic Website

Establish Trust As with any type of social engineering attack, the attacker must convince the victim that you are trustworthy. This can be done in many ways. For example, the attacker may have made a fake Facebook account to get access to your friends list. From there, the attacker can create a fake address that impersonates the name of one of their friends. For example, Or the attacker can pose to be a leader of a fan group for a sports team listed under their favorite teams section. This is how attackers can mine information on a specific user in order to craft a unique attack.

Retrieve Login Information Once the victim types in their account information, the hacker now has the login credentials to the user’s Facebook account. Once the user attempted to login to the fake webpage, their login credentials got sent to a file on the hacker’s server called “lol.html” in this case. We can now login as the victim and spread the attack to their friends.

User’s login credentials

What is “Clickjacking” Clickjacking tricks users into clicking on a specific portion of a webpage that performs an action other than what they are intending

How a clickjacking attack works? Utilizes JavaScript technology to create a transparent frame that hovers above the website the user actually sees.

Clickjacking Blog Clickjacking is an easy way to attract attention to a Facebook business page or fan page.

Clickjacking Defenses Clickjacking attacks are difficult to identify and prevent. Staying logged into online accounts such as amazon.com and Facebook while surfing the internet puts you at a much greater risk.

Final Thoughts Phishing and clickjacking attacks are a very real threat to users on the Facebook network. Many attacks like these are carried out everyday. Our personal information is at risk. Facebook is only as secure as the user is smart. It is up to the user to follow safe practices when using social networking websites. Some of the attacks described are nearly impossible to avoid. Facebook users need to be properly trained on how to identify these types of attacks.

References twitter-2010-user-stats/ twitter-2010-user-stats/ content/uploads/2011/06/PrivateFacebook.jpg content/uploads/2011/06/PrivateFacebook.jpg content/uploads/2011/07/phishing1.jpg

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com Inc. All rights reserved.