Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Published byLogan Newton Modified over 8 years ago

Similar presentations

Presentation on theme: "Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”"— Presentation transcript:

1 Social Engineering PA Turnpike Commission

2 “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users” The principle behind social engineering is that “users are the weak link in security.” Many attackers are finding that it is easier to get information or access to computing systems by exploiting people’s natural tendency to want to trust and be helpful, then by trying to break into a company or a system using technology.

3 A Social Engineer will commonly use the telephone, Internet, or e-mail to trick people into revealing sensitive information or to get them to do something that is against policy. Don’t divulge sensitive information, passwords, etc. over the phone, Internet or email, even to people claiming to need it. For targeted attacks, hackers will even go through dumpsters (“dumpster diving”) or do other research so they know enough to convince you to trust them. Even snippets of confidential information can be harmful if someone is clever enough to get bits of info from several different people and piece them together.

4 A simple example of Social Engineering: Someone calls claiming to be a system administrator and requests your password in order to fix ‘something’, or says the password is necessary to do his or her work. In reality, system administrators should never need to know a user’s password to get their job done. You will never need to give your password to PTC IT staff.

5 One more example of Social Engineering: You get an email that looks like it’s from your bank telling you that there is a problem with your account. It says that you need to click on a link in the e-mail to go to a special web page where you must confirm your account information. Instead of clicking on a link in an unsolicited email, contact the company directly to discuss, or at least go to their website directly for additional information, but do not use the link in the e-mail.

6 Preventative Tips: Lock your computer when you are away from your work area and log off of your computer at the end of the workday. Use strong passwords. Challenge strangers in your area. Share sensitive information on a need to know basis. Shred papers. Destroy CDs before discarding. Report suspicious activity.

7 How to defend against Social Engineering? Be aware of warning signs and common characteristics. Here are some types of attacks: Authority – Person uses perceived rank and name dropping. Ignorance – Person is unsure of process, acts like new employee. Exaggerated – Person acts very rushed, like it’s an emergency. Help Desk – Person impersonates help desk support person. Stake-out – Person is just loitering waiting for an opportunity. Fake Survey – Person says they need input for a survey. Dumpster Diving – Person is looking in trash bins and wastebaskets for information.

8 The different modules of this tutorial will: Discuss the risks to your computer and the data it contains. Provide some guidelines for avoiding risks. Suggest some practical and easy solutions. Please review these modules at your convenience.

Download ppt "Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”"

Similar presentations

Internet Safety at Work Protect company, customer, and your data online.

Internet Safety at Work Protect company, customer, and your data online.
What Are Scams? Scams are designed to trick you into giving away your money or your personal details. Scams come to you in many forms – by mail, email,

What Are Scams? Scams are designed to trick you into giving away your money or your personal details. Scams come to you in many forms – by mail, ,
A note for you We have created this presentation for you, the outstanding employee who has IT security on the brain. We want to help you spread the word.

A note for you We have created this presentation for you, the outstanding employee who has IT security on the brain. We want to help you spread the word.
Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.

Kelly Corning Julie Sharp.  Human-based techniques: impersonation  Computer-based techniques: malware and scams.
1 Identity Theft and Phishing: What You Need to Know.

1 Identity Theft and Phishing: What You Need to Know.
1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.

1.3.1.G1 © Family Economics & Financial Education – Revised October 2004 – Consumer Protection Unit – Identity Theft Funded by a grant from Take Charge.
Information Security Awareness Training

Information Security Awareness Training
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
8 Mistakes That Expose You to Online Fraud to Online Fraud.

8 Mistakes That Expose You to Online Fraud to Online Fraud.
Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.

Social Engineering J Nivethan. Social Engineering The process of deceiving people into giving away access or confidential information Onlinne Phone Offline.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Social Engineering Networks Reid Chapman Ciaran Hannigan.

Social Engineering Networks Reid Chapman Ciaran Hannigan.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.

The Art of Deception - Controlling Human Element of Security - Shohei Hagiwara November 17th, 2009.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!

Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.

Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
10 Essential Security Measures PA Turnpike Commission.

10 Essential Security Measures PA Turnpike Commission.
Information Assurance Outreach. Overview Survey Results Password Security E-mail Safety Internet Privacy Social Media Privacy and Safety Technology Demonstration.

Information Assurance Outreach. Overview Survey Results Password Security Safety Internet Privacy Social Media Privacy and Safety Technology Demonstration.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.

Similar presentations

Ads by Google