SlideShare a Scribd company logo

Social Engineering

Download as PPTX, PDF
Muhanned Alaqili
Muhanned Alaqili
TechnologyBusiness
1 of 12
SOCIAL ENGINEERING By Muhanned Alaqili , CCNA, ACE, Security+ Lewis University
• “ It’s human nature to trust our fellow man, especially when the request meets the test of being reasonable. Social engineers use this knowledge to exploit their victims and to achieve their goals.” - Kevin Mitnick
WHAT ? • What is Social Engineering? It is the tactic or trick of gaining sensitive information by exploiting the basic human nature such as:  Trust  Fear  Desire to help
WHY ? Social engineers attempt to gather information such as:  Sensitive information  Authorization access  Access details
APPROACHES • Human-based Social Engineering  Gathers sensitive information by interaction  Attacks of this category exploits trust, fear and helping nature of humans • Computer-based Social Engineering  Carried out with the aid of computers to secretly install spyware or other malicious software or to trick you into handing over your passwords, sensitive financial or personal information
HUMAN-BASED SOCIAL ENGINEERING • Posing as a legitimate End user  Gives identity and asks for sensitive information • Posing as an important user  CEO, project manager,..,etc • Posing as a Technical support • Eavesdropping • Shoulder surfing • Dumpster diving • Tailgating • Piggybacking  a social engineer appears as a legitimate employee and walks into a secure building by following behind someone who has access.
COMPUTER-BASED SOCIAL ENGINEERING • USB Drive / Memory Stick, CD/DVD Malware • Mail • Instance Chat Messenger  Gathering of personal information by chatting with a selected online user to attempt to get information such as birth dates and maiden names • Pop-up Windows ask for users’ information to login/sing in • Websites / Sweepstakes • Spam mail • Phishing  An illegitimate email falsely claiming to be from a legitimate site attempts to acquire user’s personal or account information
COMMON TARGETS • Receptionists • Help desk personnel • Vendors of targeted organization • System Administrator • End users
VECTORS Major attack vectors that social engineers use: • Online • Telephone • Personal approaches • Reverse social engineering
REVERSE SOCIAL ENGINEERING More advance method of Social Engineering and required a great deal of research and preparation. It’s when the hacker create a persona that appears to be in a position of authority so that employees in the target organization will ask him for information, rather than the other way around !! Reverse Engineering attack involves three parts:  Marketing/advertising  Sabotage  Assisting/providing support
RSE EXAMPLE • The hacker sabotages a network (e.g. switch) , causing a problem arise. That hacker then advertises that he is the appropriate contact to fix the problem, and then, when he comes to fix the network problem, he requests certain bits of information from the employees and gets what he really came for. They never know it was a hacker, because their network problem goes away and everyone is happy. • The hacker marketing himself as a problem solver or an expert in networking for example. Then, sabotage the network (e.g. switch) of targeted organization causing a problem arise, and then, when he called to fix the problem, he request certain bits of information (Server passwords, Network infrastructure, etc.).
CONCLUSION Social Engineering is the hardest form of attack to defend against. No matter what hardware / software you have or how much money did you spend so far PEOPLE still the weakest link in the security chain.

Recommended

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
primeteacher32
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 

Recommended

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
primeteacher32
 
Social engineering
Social engineeringSocial engineering
Social engineering
ankushmohanty
 
Social engineering
Social engineering Social engineering
Social engineering
Abdelhamid Limami
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
Pankaj Dubey
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
Luke Rusten
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignInfographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Pratum
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
Pratum
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
Evan Francen
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Social engineering
Social engineeringSocial engineering
Social engineering
Vishal Kumar
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
Tzar Umang
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
Pankaj Dubey
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
Aleksandr Yampolskiy
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
James Krusic
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
Ahmed Musaad
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
social engineering
social engineering social engineering
social engineering
Ravi Patel
 
Social engineering
Social engineeringSocial engineering
Social engineering
Maulik Kotak
 
Social engineering
Social engineeringSocial engineering
Social engineering
Robert Hood
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
Paul Devassy, CPP
 
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random StrangerSocial engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
Steven Hatfield
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
Craig Clark ITIL, CIS LI,EU GDPR P
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
Raghunath G
 
Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
MeshalALshammari12
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
Lokender Yadav
 

More Related Content

What's hot

Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
Raghunath G
 

What's hot (20)

Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test CampaignInfographic: Penetration Testing - A Look into a Full Pen Test Campaign
Infographic: Penetration Testing - A Look into a Full Pen Test Campaign
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Hacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guideHacking and Penetration Testing - a beginners guide
Hacking and Penetration Testing - a beginners guide
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
social engineering
social engineering social engineering
social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random StrangerSocial engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering Risks
 
Social engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekarSocial engineering by-rakesh-nagekar
Social engineering by-rakesh-nagekar
 

Similar to Social Engineering

Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
Jayaseelan Vejayon
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
prosunghosh7
 

Similar to Social Engineering (20)

Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf
 
NENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social EngineeringNENA 2017 Doxing and Social Engineering
NENA 2017 Doxing and Social Engineering
 
Social Engineering - By Chris Hills
Social Engineering - By Chris HillsSocial Engineering - By Chris Hills
Social Engineering - By Chris Hills
 
ethical hacking in motion MODULE - II.ppt
ethical hacking in motion MODULE - II.pptethical hacking in motion MODULE - II.ppt
ethical hacking in motion MODULE - II.ppt
 
Hacking
HackingHacking
Hacking
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
SECURITY AWARENESS.pptx
SECURITY AWARENESS.pptxSECURITY AWARENESS.pptx
SECURITY AWARENESS.pptx
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
 
Engineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptxEngineering report ca2_Kritakbiswas.pptx
Engineering report ca2_Kritakbiswas.pptx
 
Topic 5.0 basic security part 1
Topic 5.0 basic security part 1Topic 5.0 basic security part 1
Topic 5.0 basic security part 1
 
Reconnaissance and Social Engineering
Reconnaissance and Social EngineeringReconnaissance and Social Engineering
Reconnaissance and Social Engineering
 
cybersecurity notes important points.pptx
cybersecurity notes important points.pptxcybersecurity notes important points.pptx
cybersecurity notes important points.pptx
 
Cyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moimaCyber security talks 2019 by theko moima
Cyber security talks 2019 by theko moima
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking people
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Recently uploaded (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Social Engineering

  • 1. SOCIAL ENGINEERING By Muhanned Alaqili , CCNA, ACE, Security+ Lewis University
  • 2. “ It’s human nature to trust our fellow man, especially when the request meets the test of being reasonable. Social engineers use this knowledge to exploit their victims and to achieve their goals.” - Kevin Mitnick
  • 3. WHAT ? • What is Social Engineering? It is the tactic or trick of gaining sensitive information by exploiting the basic human nature such as:  Trust  Fear  Desire to help
  • 4. WHY ? Social engineers attempt to gather information such as:  Sensitive information  Authorization access  Access details
  • 5. APPROACHES • Human-based Social Engineering  Gathers sensitive information by interaction  Attacks of this category exploits trust, fear and helping nature of humans • Computer-based Social Engineering  Carried out with the aid of computers to secretly install spyware or other malicious software or to trick you into handing over your passwords, sensitive financial or personal information
  • 6. HUMAN-BASED SOCIAL ENGINEERING • Posing as a legitimate End user  Gives identity and asks for sensitive information • Posing as an important user  CEO, project manager,..,etc • Posing as a Technical support • Eavesdropping • Shoulder surfing • Dumpster diving • Tailgating • Piggybacking  a social engineer appears as a legitimate employee and walks into a secure building by following behind someone who has access.
  • 7. COMPUTER-BASED SOCIAL ENGINEERING • USB Drive / Memory Stick, CD/DVD Malware • Mail • Instance Chat Messenger  Gathering of personal information by chatting with a selected online user to attempt to get information such as birth dates and maiden names • Pop-up Windows ask for users’ information to login/sing in • Websites / Sweepstakes • Spam mail • Phishing  An illegitimate email falsely claiming to be from a legitimate site attempts to acquire user’s personal or account information
  • 8. COMMON TARGETS • Receptionists • Help desk personnel • Vendors of targeted organization • System Administrator • End users
  • 9. VECTORS Major attack vectors that social engineers use: • Online • Telephone • Personal approaches • Reverse social engineering
  • 10. REVERSE SOCIAL ENGINEERING More advance method of Social Engineering and required a great deal of research and preparation. It’s when the hacker create a persona that appears to be in a position of authority so that employees in the target organization will ask him for information, rather than the other way around !! Reverse Engineering attack involves three parts:  Marketing/advertising  Sabotage  Assisting/providing support
  • 11. RSE EXAMPLE • The hacker sabotages a network (e.g. switch) , causing a problem arise. That hacker then advertises that he is the appropriate contact to fix the problem, and then, when he comes to fix the network problem, he requests certain bits of information from the employees and gets what he really came for. They never know it was a hacker, because their network problem goes away and everyone is happy. • The hacker marketing himself as a problem solver or an expert in networking for example. Then, sabotage the network (e.g. switch) of targeted organization causing a problem arise, and then, when he called to fix the problem, he request certain bits of information (Server passwords, Network infrastructure, etc.).
  • 12. CONCLUSION Social Engineering is the hardest form of attack to defend against. No matter what hardware / software you have or how much money did you spend so far PEOPLE still the weakest link in the security chain.