Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Published byBernice Paul Modified over 9 years ago

Similar presentations

Presentation on theme: "Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline."— Presentation transcript:

1 Social Engineering J Nivethan

2 Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline Any other means

3 Significance The weakest link in the security chain is the human element Attackers always try to exploit the weakest link in the security chain, as that gives them better results with less efforts

4 Why Social Engineering? Security of the systems have been improved in a great deal over the time It’s not easy to “bruteforce” the password of a bank account anymore But, it’s still not that difficult to deceive a gullible user and get his password from him!

5 Popular Social Engineering Attacks Phishing - The most popular Baiting Impersonation Online scams Tailgating Shoulder surfing Dumpster diving

6 Phishing Acquire information, pretending to be legitimate Ex: Fake login page

7 Baiting Like the real world Trojan Horse! Ex: Leave a flash drive with malware

8 Impersonation Ask for details impersonating (over email or phone) Calling help desk impersonating a customer Emailing employee impersonating boss/co- worker

9 Online Scams Ex: Enter your details, we will ship you free iPad

10 Tailgating Use an authorized person to gain access (Often when the person is careless or not aware)

11 Shoulder Surfing Using direct observation techniques to obtain information Ex: Look from behind Place a camera

12 Dumpster Diving Search the trashed things to gain any information Storage devices Written data on papers

13 Prevention / Mitigation Educating users o Training users on Phishing, Baiting, Impersonation, Online scams, Tailgating, Shoulder surfing, dumpster diving, tailgating Establishing policies o Proper data disposal policy (dumpster diving) Implement mechanisms o Like NYC subway mitigates tailgating o Session management

14 Educating users in an organization Perform all types social engineering attacks on employees (testing), and grade each of them according to their social engineering immunity Make the employee go through the training again if he/she gets low grade Reward the employees with better score

15 Recent Google Doc Phishing Hackers simply created a folder inside of a Google Drive account, marked it as public, uploaded a file there, and used the preview feature in Google Drive to get a URL that they could include in the email. Once a user enters his or her credentials and clicks “Sign in,” the information is sent to a compromised server And the user is redirected to a real Google Docs document, unaware that phishing happened.

16 Questions?

17

Download ppt "Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline."

Similar presentations

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.

Social Engineering Training. Training Goals Increase Laboratory Awareness. Provide the tools required to identify, avoid and report advanced Social Engineering.
Good morning - Matthias Vermeiren - Joachim Seminck Good morning.

Good morning - Matthias Vermeiren - Joachim Seminck Good morning.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
CIT 1100. In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
Email Basics. 2 Class Outline Part 1 - Introduction –Explaining email –Parts of an email address –Types of email services –Acquiring an email account.

Basics. 2 Class Outline Part 1 - Introduction –Explaining –Parts of an address –Types of services –Acquiring an account.
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.

Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.

Network & Computer Security Training.  Prevents unauthorized access to our network and your computer  Helps keep unwanted viruses and malware from entering.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
 Communicating with friends is now easier than ever, for example on Facebook you can connect with all your friends and chat to them very easily and instantly.

 Communicating with friends is now easier than ever, for example on Facebook you can connect with all your friends and chat to them very easily and instantly.
Program Objective Security Basics

Program Objective Security Basics
Social Engineering UTHSC Information Security Team.

Social Engineering UTHSC Information Security Team.
Information Security Phishing Update CTC

Information Security Phishing Update CTC
Security of systems Security risks come from two areas: employees (who introduce accidental and intentional risks) and external computer crime. Unfortunately.

Security of systems Security risks come from two areas: employees (who introduce accidental and intentional risks) and external computer crime. Unfortunately.
Chapter 4.  Can technology alone provide the best security for your organization?

Chapter 4.  Can technology alone provide the best security for your organization?

Similar presentations

Ads by Google