Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Social Engineering. To make you more aware of threats regarding information security Give you examples of real life threats Show.

Published byRosa Norman Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security Social Engineering. To make you more aware of threats regarding information security Give you examples of real life threats Show."— Presentation transcript:

1 Information Security Social Engineering

2

3 To make you more aware of threats regarding information security Give you examples of real life threats Show you a hacking scenario Let you know what you can do to prevent. Why are we here?

4 What is Social Media & Engineering? Social MediaSocial Engineering Process of using social skills to convince people to reveal access credentials or other valuable information to the attacker. Any method of social interaction where people create, share, or exchange ideas and information. Social media is a tool hackers use to build social engineering. We give them that.

5 Why care? Survey Results Primary use of internet is for social media and then school work Group is aware of cyber security and cyber attacks About 50% have answered personal questions online Group uses smartphones, tablets, and computers to access internet Hackers always find new ways and with advancement in technology it is becoming easier to exploit people STAY INFORMED!!!!

6 Misconception about Phone Security 57% of adult smartphone users are unaware that there are security solutions for smartphones 52% of users store sensitive files on their phones Last year, 38% of smartphone users were victims of cybercrime This number is expected to grow as the smartphone user base continues to grow Smartphones can become infected with many different variations of malware, just as computers can

7 Cell Phone Attacks NFC –Near Field Communication Radio-frequency identification Activate within 3 centimeters –Debuted in 2010 Samsung Nexus S –Used for Mobile Payments Device Pairing Data transfers Eavesdropping Antenna to intercept radio communication Steal/corrupt data being transmitted

8 Cell Phone Attacks Gyroscope –Detect devices orientation in space –Android Frequencies from 80Hz – 250Hz –iOS Frequencies 0Hz – 100Hz –Consequence Record human voices (80Hz – 250 Hz) No explicit permissions required No microphone necessary

9 Cell Phone Attacks Bluetooth –Ultra High Frequency Radio Waves –Short distance (~30ft) –Used for Data transfers Device communication –Bluesnarfing Connect without authentication CRUD  data –i.e. Calendar or contacts data –Bluebugging Connect by posing as headset or previously authenticated device Listen to phone calls Interact with text messages

10 Social Engineering Scams 419 Fraud Employment Scam Lottery Scam Online sales and rentals Romance Scam Purchase Order Scam Scams retailers and universities Sends money overseas Uses victims from Romance Scam to facilitate money wiring

11 Local Scams “Peg” Romance Victim Used online dating Fell in love with an “antic dealer” Mike Perry Helped wire money for her “boyfriend” from “antic sales” Money laundering scheme Papageorgiu Also a victim of online dating “girlfriend” was a woman living in Albuquerque Sold his condo to help his “girlfriend”

12 Social Engineering Tactics Nontechnical Pretexting Diversion theft Tailgaiting Shoulder Surfing Techie Talk Neuro-linguistic programming Technical Phishing Baiting Social Networking Social Engineering in reverse

13 Social Network Scam Example Offender Creates fake facebook with full content (pictures, hobbies, etc.) Pretend to be someone you should know (transfer student, fellow employee, etc.) Sends friend request Victim Has security options enabled to only allow friends to see information Is that enough?

14 Art of BS How to invade personal space and gain credibility Use of same language/ slang Humor Build trust 3 layers of space http://youtu.be/1kkOKvPrdZ4?t=31m55s Demonstration

15 Prevention Never give out: Personal information Medical Information Financial Information Be aware of who is asking Doctor, Employer, friend? Should they already have the information? Do they need this information? Why do they need this?

16 Prevention Be aware what they ask via phone Ask for full name of caller Correct spelling A call back number Why they need information When in doubt, put caller on hold and see if they wait. Most scammers will not. Log the strange call Be aware what they ask via internet Watch out for any attachments in e-mail they want you to run Avoid any requests to enter account information if you don’t know the sender or site. When in doubt, you can contact sender or send a new email to address with same subject.

17 Short Video and Live Demo https://www.youtube.com/watch?v=1kkOKvPrdZ4 16:58 Live Demo of Hacking

18 Q&A Can you find a difference between the secured session and insecure session?

19 Q&A True True or false: Social Engineering scams need your trust to happen

20 Q&A False- there are more online and is increasing, but can happen in person or over the phone. True or false: Social attacks can only happen online

21 Q&A Three How many layers of protection are there?

22

Download ppt "Information Security Social Engineering. To make you more aware of threats regarding information security Give you examples of real life threats Show."

Similar presentations

Www.sophos.com/loveyourphone Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Mobile device security Practical advice on how to keep your mobile device and the data on it safe.
Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.

Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.
Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
Victoria ISD Common Sense Media Grade 6: Scams and schemes

Victoria ISD Common Sense Media Grade 6: Scams and schemes
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
What is identity theft, and how can you protect yourself from it?

What is identity theft, and how can you protect yourself from it?
Cyberbullying When good technology goes bad…….. Stay safe in cyberspace.

Cyberbullying When good technology goes bad…….. Stay safe in cyberspace.
This week is anti-bullying week.

This week is anti-bullying week.
Using internet and cell phones safely

Using internet and cell phones safely
Smartphone Security How safe are you?. Main Points 1. Malware/Spyware 2. Other Mischief 3. How a phone might get infected 4. Staying Safe a. Malware b.

Smartphone Security How safe are you?. Main Points 1. Malware/Spyware 2. Other Mischief 3. How a phone might get infected 4. Staying Safe a. Malware b.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Internet Fraud By: Noelle Woodman.

Internet Fraud By: Noelle Woodman.
Scams Stevie's Scam School videos

Scams Stevie's Scam School videos
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.

MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?

DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
By Paul Capers.  A cell phone is a portable telephone that does not use a wired connection. It connects to a wireless carrier network using radio waves.

By Paul Capers.  A cell phone is a portable telephone that does not use a wired connection. It connects to a wireless carrier network using radio waves.

Similar presentations

Ads by Google