SlideShare une entreprise Scribd logo

Amazon Social Engineering slides

Télécharger en tant que PPTX, PDF
A
AltinetLtd

Amazon Social Engineering slides

Technologie
1  sur  7
HOW TO SPOT A SOCIAL ENGINEERING EMAIL
Social engineering is essentially the act of manipulating people into giving access to confidential information or areas, rather than using force or hacking. The information they seek can be anything from passwords to bank details, or even employee records from businesses. Some common social engineering techniques include pretexting, baiting, tailgating, and - most prominently – phishing. All of these tactics differ from each other slightly, but they all depend on the attacker’s ability to trick the victim into trusting them.
1. Check Email Addresses The display name might look authentic, but email addresses are much harder to falsify. With many companies purchasing their own domain names, attackers often have to alter the spelling slightly – in our example you can see that the domain replaces the O in ‘Amazon’ with an A.
2. Hyperlinks If an email from an unknown source includes lots of pushy links or buttons be wary; they can often harbour malicious software that can log your keystrokes or take you to a convincing website where they can steal your login details. Avoiding links altogether is the best practice, but if it seems to be for an important page try using a trusted search engine to find it instead, or hover over the link before clicking to reveal the URL.
3. The Context Different social engineering tactics use different methods to try to persuade the user into complying. In this instance, the message offers a reward in exchange for following the link, which is an example of a baiting email. Other tactics may offer a service or use urgent language to scare the target into clicking through the link.
4. Too good to be true The biggest give-away with scam emails is that they always go for the big flashy prizes, or large sums of money. In this instance, the example doesn’t give an amount for the refund, but it does offer a scenario, meaning you can easily check your bank to see if you really were ‘double charged’ before proceeding.
For more topics and training material visit the Boxphish website.

Recommandé

Debenhams Social Engineering Slides
Debenhams Social Engineering SlidesDebenhams Social Engineering Slides
Debenhams Social Engineering SlidesAltinetLtd
 
GMP Ransomware Slides
GMP Ransomware SlidesGMP Ransomware Slides
GMP Ransomware SlidesAltinetLtd
 
Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? The TNS Group
 
Keeping Your Email Secure
Keeping Your Email SecureKeeping Your Email Secure
Keeping Your Email SecureTexas Medical Liability Trust
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringVinay Bhargav
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Data Security: A Guide To Whale Phishing
Data Security: A Guide To Whale PhishingData Security: A Guide To Whale Phishing
Data Security: A Guide To Whale PhishingPhil Astell
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishingRaviteja Chowdary Adusumalli
 

Recommandé

Debenhams Social Engineering Slides
Debenhams Social Engineering SlidesDebenhams Social Engineering Slides
Debenhams Social Engineering SlidesAltinetLtd
 
GMP Ransomware Slides
GMP Ransomware SlidesGMP Ransomware Slides
GMP Ransomware SlidesAltinetLtd
 
Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? Are Phishing Attacks Angling For You?
Are Phishing Attacks Angling For You? The TNS Group
 
Keeping Your Email Secure
Keeping Your Email SecureKeeping Your Email Secure
Keeping Your Email SecureTexas Medical Liability Trust
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringVinay Bhargav
 
Prevent phishing scams
Prevent phishing scamsPrevent phishing scams
Prevent phishing scamsronpoul
 
Data Security: A Guide To Whale Phishing
Data Security: A Guide To Whale PhishingData Security: A Guide To Whale Phishing
Data Security: A Guide To Whale PhishingPhil Astell
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishingRaviteja Chowdary Adusumalli
 
IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptxTanvir Amin
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxvdgtkhdh
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxamby3
 
Security awareness
Security awarenessSecurity awareness
Security awarenessSanoop Nair
 
How to check a suspicious link without clicking on it?
How to check a suspicious link without clicking on it?How to check a suspicious link without clicking on it?
How to check a suspicious link without clicking on it?Ankush Sarkar
 
Common Email Security Mistakes
Common Email Security MistakesCommon Email Security Mistakes
Common Email Security MistakesEmerge Management Training Center
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitssuser64f8f8
 
Phishing
PhishingPhishing
PhishingSyeda Javeria
 
Security-Awareness-Training.pptx
Security-Awareness-Training.pptxSecurity-Awareness-Training.pptx
Security-Awareness-Training.pptxWizer - Cyber Security Awareness
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUBilly Warero
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacksNamik Heydarov
 
Train Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security BreachesTrain Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security BreachesHuman Resources & Payroll
 
S_A_T.pptx
S_A_T.pptxS_A_T.pptx
S_A_T.pptxPurnanandaSwarupAcha
 
Lesson learned from linked in
Lesson learned from linked inLesson learned from linked in
Lesson learned from linked inPayza
 
Phis
PhisPhis
PhisPresentaionslive.blogspot.com
 
Phishing Awareness Training.pptx
Phishing Awareness Training.pptxPhishing Awareness Training.pptx
Phishing Awareness Training.pptxHajar Bouchriha
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Phishing technology
Phishing technologyPhishing technology
Phishing technologyPreeti Papneja
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Contenu connexe

Similaire à Amazon Social Engineering slides

IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptxTanvir Amin
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - KloudlearnKloudLearn
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxvdgtkhdh
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxamby3
 
Security awareness
Security awarenessSecurity awareness
Security awarenessSanoop Nair
 
How to check a suspicious link without clicking on it?
How to check a suspicious link without clicking on it?How to check a suspicious link without clicking on it?
How to check a suspicious link without clicking on it?Ankush Sarkar
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitssuser64f8f8
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUBilly Warero
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacksNamik Heydarov
 
Train Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security BreachesTrain Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security BreachesHuman Resources & Payroll
 
Lesson learned from linked in
Lesson learned from linked inLesson learned from linked in
Lesson learned from linked inPayza
 
Phishing Awareness Training.pptx
Phishing Awareness Training.pptxPhishing Awareness Training.pptx
Phishing Awareness Training.pptxHajar Bouchriha
 

Similaire à Amazon Social Engineering slides (20)

IS Presetation.pptx
IS Presetation.pptxIS Presetation.pptx
IS Presetation.pptx
 
What is Phishing - Kloudlearn
What is Phishing - KloudlearnWhat is Phishing - Kloudlearn
What is Phishing - Kloudlearn
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptx
 
phishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptxphishing-awareness-powerpoint.pptx
phishing-awareness-powerpoint.pptx
 
Security awareness
Security awarenessSecurity awareness
Security awareness
 
How to check a suspicious link without clicking on it?
How to check a suspicious link without clicking on it?How to check a suspicious link without clicking on it?
How to check a suspicious link without clicking on it?
 
Common Email Security Mistakes
Common Email Security MistakesCommon Email Security Mistakes
Common Email Security Mistakes
 
phishing facts be aware and do not take the bait
phishing facts be aware and do not take the baitphishing facts be aware and do not take the bait
phishing facts be aware and do not take the bait
 
Phishing
PhishingPhishing
Phishing
 
Security-Awareness-Training.pptx
Security-Awareness-Training.pptxSecurity-Awareness-Training.pptx
Security-Awareness-Training.pptx
 
IDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOUIDENTIFYING CYBER THREATS NEAR YOU
IDENTIFYING CYBER THREATS NEAR YOU
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
10 tips to prevent phishing attacks
10 tips to prevent phishing attacks10 tips to prevent phishing attacks
10 tips to prevent phishing attacks
 
Train Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security BreachesTrain Employees to Avoid Inadvertent Cyber-Security Breaches
Train Employees to Avoid Inadvertent Cyber-Security Breaches
 
S_A_T.pptx
S_A_T.pptxS_A_T.pptx
S_A_T.pptx
 
Lesson learned from linked in
Lesson learned from linked inLesson learned from linked in
Lesson learned from linked in
 
Phis
PhisPhis
Phis
 
Phishing Awareness Training.pptx
Phishing Awareness Training.pptxPhishing Awareness Training.pptx
Phishing Awareness Training.pptx
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 
Phishing technology
Phishing technologyPhishing technology
Phishing technology
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Dernier (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Amazon Social Engineering slides

  • 1. HOW TO SPOT A SOCIAL ENGINEERING EMAIL
  • 2. Social engineering is essentially the act of manipulating people into giving access to confidential information or areas, rather than using force or hacking. The information they seek can be anything from passwords to bank details, or even employee records from businesses. Some common social engineering techniques include pretexting, baiting, tailgating, and - most prominently – phishing. All of these tactics differ from each other slightly, but they all depend on the attacker’s ability to trick the victim into trusting them.
  • 3. 1. Check Email Addresses The display name might look authentic, but email addresses are much harder to falsify. With many companies purchasing their own domain names, attackers often have to alter the spelling slightly – in our example you can see that the domain replaces the O in ‘Amazon’ with an A.
  • 4. 2. Hyperlinks If an email from an unknown source includes lots of pushy links or buttons be wary; they can often harbour malicious software that can log your keystrokes or take you to a convincing website where they can steal your login details. Avoiding links altogether is the best practice, but if it seems to be for an important page try using a trusted search engine to find it instead, or hover over the link before clicking to reveal the URL.
  • 5. 3. The Context Different social engineering tactics use different methods to try to persuade the user into complying. In this instance, the message offers a reward in exchange for following the link, which is an example of a baiting email. Other tactics may offer a service or use urgent language to scare the target into clicking through the link.
  • 6. 4. Too good to be true The biggest give-away with scam emails is that they always go for the big flashy prizes, or large sums of money. In this instance, the example doesn’t give an amount for the refund, but it does offer a scenario, meaning you can easily check your bank to see if you really were ‘double charged’ before proceeding.
  • 7. For more topics and training material visit the Boxphish website.