1. Social Engineering
Harri Levo

2. What it is?
O Leading the user in social media into wanted
direction
O Aka. Manipulation of the user
O Based on human cognitive decision making
O Miss guiding the user
O Can be used for commercial use or for
hacking

3. Miss usage techniques
O Pretexting
O Phishing and phone phishing
O Baiting
O Tailgating
O Virus hoax
O Confidence tricking
O Corner game

4. How it’s done
Pretexting
O Acquiring information
from the user through
a lie
O A social security
number for
identification
O Similar to ”security
questions”
Phishing
O Main goal to gain capital
O Gather data through
malwares:
O Emails
O SMS
O Links
O Phone calls can be also
used through “paid
numbers calling to users”

5. Baiting
O Leaving a obvious trace
O Usb-stick
O Cd-rom
O For web users the
hacker leaves an
obvious lead such as a
link.
O Tempting user to do
what the hacker wants
Corner game
O Changing a deliver of
a company into a
different place.
O Diversion theft
O Miss guiding a
deliver person
O ”old school” yet still
used

6. Virus hoax
O Miss guiding to think
that the user is under
a virus attack
O Email suggest the
user to forward the
mail to other users.
O Lives through the
users good belief
Confidence tricking
O A combination of other
tricks
O 6 stages
O
O
O
O
O
O
Foundation work
Approach
Build-up
Pay-off
The Hurrah
In-and-out
O Benefitting from the
good belief of the user

7. Tailgating
O AKA. Piggybacking
O Using an authors information to enter the data
base
O The it-support person in a company has he’s
memory stick compromised, infected by a virus.
As he starts using the data base the virus will
gather key information from the session. Such
as, the routes the data goes when the master
password is used.
O Tailgating is based on the knowledge of the user
interface and the platform of the system.
O Old windows DOS.

8. How to protect yourself
O Be skeptic, if something's too good to be
true, it probably is
O Don’t connect your computer, laptop, phone
with devices you’re not certain with
O Be a little bit paranoid in the internet if you
don’t know what you’re doing
O Common sense is the best defense against
the misusage of your information.

9. Sources
O http://searchcio.techtarget.com/definition/pretexting
O http://www.microsoft.com/security/online-privacy/phishingO
O
O
O
O
symptoms.aspx
http://www.webroot.com/us/en/home/resources/tips/onlineshopping-banking/secure-what-is-social-engineering
http://searchsecurity.techtarget.com/definition/virus-hoax
http://www.oxforddictionaries.com/definition/english/confide
nce-trick
http://www.crimes-of-persuasion.com/Victims/victims.htm
http://searchsecurity.techtarget.com/tip/Social-engineeringpenetration-testing-Four-effective-techniques