Presentation is loading. Please wait.

Presentation is loading. Please wait.

People: The Social Engineer’s Dream

Published byΚύμα Καζαντζής Modified over 5 years ago

Similar presentations

Presentation on theme: "People: The Social Engineer’s Dream"— Presentation transcript:

1 People: The Social Engineer’s Dream
John Harmon – VP of Operations at FRSecure May 21, 2018

2 People: The Social Engineer’s Dream
Introduction People: The Social Engineer’s Dream Topics/Agenda Introduction Social Engineering Defined Famous Social Engineers Types of Social Engineering Real Stories WHAT TO DO?! Questions

3 People: The Social Engineer’s Dream
Introduction People: The Social Engineer’s Dream Speaker: John Harmon, VP of Operations Lead the security and project management teams at FRSecure Business background 6th team member at FRSecure Wife, 2 teenaged boys Classically-trained singer Concordia (Moorhead) Alumn Very happy to be here!

4 People: The Social Engineer’s Dream
Introduction People: The Social Engineer’s Dream FRSecure Information Security Consulting and Management company. It’s all we do. Our core services include: Security Risk Analysis – using FISASCORE® Social Engineering Services Penetration Testing Services PCI QSA Services Incident Management Services HITRUST Services Information Security Training & Awareness vServices (vCISO, vISO, and vISA) Methodology fanatics, mentoring champions, and product agnostic.

5 People: The Social Engineer’s Dream
Social Engineering Defined People: The Social Engineer’s Dream Social engineering is hacking human trust. It’s convincing someone that it’s in their best interests to give you something. That something could be credentials, access to a computer system, personal information, physical access, or any number of things. - Evan Francen, FRSecure

6 People: The Social Engineer’s Dream
Famous Social Engineers People: The Social Engineer’s Dream (in)Famous Social Engineers Some of my favorites

7 People: The Social Engineer’s Dream
Types of social Engineering People: The Social Engineer’s Dream Types of Social Engineering DON’T FORGET: the best way to protect yourself against a social engineer is to know their techniques and be aware. There are four main types of social engineering attacks and a bunch of variations: Electronic: Phishing is the #1 variation of electronic social engineering. In-person: Physical attacks that typically focus on gaining physical access to something. Physical drop: Most often flash drives loaded with something bad. Telephone: Call and ask. Get somebody to give you something over the phone. All of these types of attacks give GREAT results. We have a saying: “It’s easier to go through your assistant than it is your firewall.”

8 People: The Social Engineer’s Dream
Real Stories (People Like Stories) People: The Social Engineer’s Dream Electronic - Phishing What would you guess is the success rate for a phishing attack against a typical bank? ~50% of users give us credentials/100% of banks

9 People: The Social Engineer’s Dream
Real Stories (People Like Stories) People: The Social Engineer’s Dream Electronic - Phishing

10 People: The Social Engineer’s Dream
Real Stories (People Like Stories) People: The Social Engineer’s Dream Electronic - Phishing

11 People: The Social Engineer’s Dream
Real Stories (People Like Stories) People: The Social Engineer’s Dream In Person

12 People: The Social Engineer’s Dream
Real Stories (People Like Stories) People: The Social Engineer’s Dream In Person What do you get when you mix Gatorade, a dead spider, and a fake ID?

13 People: The Social Engineer’s Dream
Real Stories (People Like Stories) People: The Social Engineer’s Dream In Person KIND HELPFUL INNOCENT TRUSTWORTHY

14 People: The Social Engineer’s Dream
Real Stories (People Like Stories) People: The Social Engineer’s Dream Telephone

15 People: The Social Engineer’s Dream
Real Stories (People Like Stories) People: The Social Engineer’s Dream Telephone (almost had him)

16 People: The Social Engineer’s Dream
Real Stories (people love stories) People: The Social Engineer’s Dream Think it couldn’t happen to you? Things that a social engineer loves: People who don’t think it can happen to them. People who are too busy to notice. 100 / 10 / 3 – Verizon Stats

17 People: The Social Engineer’s Dream
WHAT TO DO?! People: The Social Engineer’s Dream The best way to protect yourself against a social engineer is to know their techniques and be aware. Phishing – NEVER click on a link in an that leads to a login page and login. Phishing – NEVER clink on a link in an and download a file. Physical – ALWAYS question somebody that you don’t know who seems out of place. Physical – ALWAYS ask for identification. Physical – ALWAYS know where your access card and/or keys are. Physical – NEVER allow someone to follow behind you through an access controlled door. Phone – NEVER give out sensitive information on a phone call you didn’t initiate. Phone – NEVER give someone access to anything on a phone call you didn’t initiate. NOTHING can guarantee that you won’t be tricked or taken advantage of, so be prepared for what you will do if when it happens.

18 People: The Social Engineer’s Dream
Questions? People: The Social Engineer’s Dream Questions? Hopefully about security. Thank you! For a copy of this presentation, text MCOCE18 to 44222 John Harmon FRSecure

Download ppt "People: The Social Engineer’s Dream"

Similar presentations

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Protecting Your Identity: What to Know, What to Do.

Protecting Your Identity: What to Know, What to Do.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Recommendations on the future of online GyroScope & Databse implementation.

Recommendations on the future of online GyroScope & Databse implementation.
INTERNET SAFETY FOR STUDENTS

INTERNET SAFETY FOR STUDENTS
Information Security Awareness Training

Information Security Awareness Training
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
How computers changed the world.

How computers changed the world.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
© 2008. Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.

© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
INTERNET SAFETY FOR STUDENTS

INTERNET SAFETY FOR STUDENTS
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
Reliability & Desirability of Data

Reliability & Desirability of Data
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS). SELECT AND USE APPROPRIATE METHODS TO MINIMISE SECURITY RISK TO IT SYSTEMS AND DATA 1.1 I can describe.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Phishing scams Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal.

Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.

Similar presentations

Ads by Google