SlideShare une entreprise Scribd logo

social_engineering.pptx

Télécharger en tant que PPTX, PDF
A
alexadejumo

Real-Life Scenario of Social Engineering

Technologie
1  sur  10
Real-life Scenerios of Social Engineering Social engineering may be the oldest type of attack on information systems still it works till today. Social engineering has become the backbone of many cyber threats, from phishing emails to smishing and vishing attacks. Here’s some real-life social engineering attacks
1. $ 100 Million Google and Facebook Spear Phishing Scam. • The biggest social engineering attack of all time (as far as we know) was perpetrated by Lithuanian national, Evaldas Rimasauskas, against two of the FAANG: Google and Facebook. Rimasauskas and his team set up a fake company, pretending to be a computer manufacturer that worked with Google and Facebook. Rimsauskas also set up bank accounts in the company’s name. • The scammers then sent phishing emails to specific Google and Facebook employees, invoicing them for goods and services that the manufacturer had genuinely provided — but directing them to deposit money into their fraudulent accounts. Between 2013 and 2015, Rimasauskas and his associates cheated the two tech giants out of over $100 million.
2. 2022 Persuasive email phishing attack imitates US Department of Labor • In January 2022, Bleeping Computer described a sophisticated phishing attack designed to steal Office 365 credentials in which the attackers imitated the US Department of Labor (DoL). The scam is a noteworthy example of how convincing phishing attempts are becoming. • The attack used two methods to impersonate the DoL’s email address—spoofing the actual DoL email domain (reply@dol[.]gov) and buying up look-a-like domains, including “dol-gov[.]com” and “dol- gov[.]us”. Using these domains, the phishing emails sailed through the target organizations’ security gateways.The emails used official DoL branding and were professionally written and invited recipients to bid on a government project. The supposed bidding instructions were included in a three-page PDF with a “Bid Now” button embedded.On clicking the link, targets were redirected to a phishing site that looked identical to the actual DoL site, hosted at a URL such as bid-dolgov[.]us. The fake bidding site instructed users to enter their Office 365 credentials. The site even displayed an “error” message after the first input, ensuring the target would enter their credentials twice and thus reducing the possibility of mistyped credentials.
3. Microsoft 365 phishing scam steals credentials in 2021 • In April 2021, security researchers discovered a Business Email Compromise (BEC) scam that tricks the recipient into installing malicious code on their device. • The target receives a blank email with a subject line about a “price revision.” The email contains an attachment that looks like an Excel spreadsheet file (.xlsx). However, the “spreadsheet” is actually a .html file in disguise. • Upon opening the (disguised) .html file, the target is directed to a website containing malicious code. The code triggers a pop-up notification, telling the user they’ve been logged out of Microsoft 365, and inviting them to re- enter their login credentials.
4. Sacramento phishing attack exposes health information in 2021. • Five employees at Sacramento County revealed their login credentials to cybercriminals after receiving phishing emails on June 22, 2021. • The attack was discovered five months later, after an internal audit of workers’ email inboxes. • The breach occurred after employees received phishing emails containing a link to a malicious website. The targets entered their usernames and passwords into a fake login page which were then harvested by cybercriminals. • The attack resulted in a data breach exposing 2,096 records of health information and 816 records of “personal identification information.” The county notified the victims by email and offered free credit monitoring and identity theft services. • It remains to be seen whether this proposed resolution by the county will be enough. Protection of health information is particularly tightly regulated in the US, under the Health Insurance Portability and Accountability Act (HIPAA), and data breaches involving health data have led to some hefty lawsuits in the past.
5. 2021 Singapore Bank phishing saga • Customers of the Oversea-Chinese Banking Corporation (OCBC) were hit by a string of phishing attacks and malicious transactions in 2021, leading to around $8.5 million of losses across approximately 470 customers. • OCBC customers were duped into giving up their account details after receiving phishing emails in December 2021. The situation escalated quickly despite the bank shutting down fraudulent domains and alerting customers of the scam.
6. 2011 RSA SecurID Phishing Attack • In 2011, one of these attacks bit encryption giant RSA and succeeded in netting hackers valuable information about the company’s SecurID two-factor authentication fobs. • Although RSA initially denied that the information could help hackers compromise anyone using SecurID, defense contractor Lockheed Martin soon detected hackers attempting to breach their network using stolen SecurID data. RSA backpedaled quickly and agreed to replace most of the distributed security tokens. • All this trouble boiled down to four employees at RSA parent corporation EMC. Attackers sent them email with a spoofed address purporting to be at a job recruitment website, with an Excel attachment titled 2011 Recruitment Plan. It wasn’t even clear why the employees would care about a spreadsheet from a third-party website, but they opened it—and a zero-day Flash exploit buried in the spreadsheet installed backdoor access to their work machines that soon laid open the keys to the kingdom.
7. 2021 Sharepoint Phishing Fraud targeting home workers • April 2021 saw yet another phishing attack emerge that appears specifically designed to target remote workers using cloud-based software. • The attack begins when the target receives an email—written in the urgent tone favored by phishing scammers—requesting their signature on a document hosted in Microsoft Sharepoint. • The email looks legitimate. It includes the Sharepoint logo and branding familiar to many office workers. But the link leads to a phishing site designed to siphon off users’ credentials.
2020 Vishing Scam results in compromise High- profile Twitter Users’ Accounts. • In July 2020, Twitter lost control of 130 Twitter accounts, including those of some of the world’s most famous people — Barack Obama, Joe Biden, and Kanye West. • Twitter has described the incident as a “phone spear phishing” attack (also known as a “vishing” attack). The calls’ details remain unclear, but somehow Twitter employees were tricked into revealing account credentials that allowed access to the compromised accounts.
Similarities of Social Engineering Attack Scenerios Some of the factors causing and influencing the success of these attacks • Fear • Greed • Curiosity • Urgency • Excess trust

Recommandé

Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHydn|u - The Open Security Community
 
Cybersecurity Awareness for employees.pptx
Cybersecurity Awareness for employees.pptxCybersecurity Awareness for employees.pptx
Cybersecurity Awareness for employees.pptxAbdullaFatiya3
 
Article how can organisations tackle business email compromise - paul wright
Article how can organisations tackle business email compromise - paul wrightArticle how can organisations tackle business email compromise - paul wright
Article how can organisations tackle business email compromise - paul wrightPaul Wright MSc
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022ndcmanagement
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceDulanja Liyanage
 
Databreach forecast
Databreach forecastDatabreach forecast
Databreach forecastSuresh Kesavan
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
 

Recommandé

Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHydn|u - The Open Security Community
 
Cybersecurity Awareness for employees.pptx
Cybersecurity Awareness for employees.pptxCybersecurity Awareness for employees.pptx
Cybersecurity Awareness for employees.pptxAbdullaFatiya3
 
Article how can organisations tackle business email compromise - paul wright
Article how can organisations tackle business email compromise - paul wrightArticle how can organisations tackle business email compromise - paul wright
Article how can organisations tackle business email compromise - paul wrightPaul Wright MSc
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022List of data breaches and cyber attacks in january 2022
List of data breaches and cyber attacks in january 2022ndcmanagement
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceDulanja Liyanage
 
Databreach forecast
Databreach forecastDatabreach forecast
Databreach forecastSuresh Kesavan
 
Improving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association MiningImproving Phishing URL Detection Using Fuzzy Association Mining
Improving Phishing URL Detection Using Fuzzy Association Miningtheijes
 
O365Engage17 - Protecting your Users Against Email Spoofing and Phishing
O365Engage17 - Protecting your Users Against Email Spoofing and PhishingO365Engage17 - Protecting your Users Against Email Spoofing and Phishing
O365Engage17 - Protecting your Users Against Email Spoofing and PhishingNCCOMMS
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfBrafton
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N Gchiewmingli
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxtidwellveronique
 
Top Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryTop Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryProtected Harbor
 
Intro phishing
Intro phishingIntro phishing
Intro phishingSayali Dayama
 
June NOW 2014
June NOW 2014June NOW 2014
June NOW 2014Louis Smith
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
The Cost Of Hacking
The Cost Of HackingThe Cost Of Hacking
The Cost Of Hackingbluecoatss
 
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...Executive Leaders Network
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docxaryan532920
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Securityscstatelibrary
 
Phishing
PhishingPhishing
PhishingSyahida
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Worst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodWorst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodSecPod Technologies
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishingRaviteja Chowdary Adusumalli
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Contenu connexe

Similaire à social_engineering.pptx

O365Engage17 - Protecting your Users Against Email Spoofing and Phishing
O365Engage17 - Protecting your Users Against Email Spoofing and PhishingO365Engage17 - Protecting your Users Against Email Spoofing and Phishing
O365Engage17 - Protecting your Users Against Email Spoofing and PhishingNCCOMMS
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfBrafton
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxtidwellveronique
 
Top Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryTop Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryProtected Harbor
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
The Cost Of Hacking
The Cost Of HackingThe Cost Of Hacking
The Cost Of Hackingbluecoatss
 
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...Executive Leaders Network
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docxaryan532920
 
Phishing
PhishingPhishing
PhishingSyahida
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Worst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodWorst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodSecPod Technologies
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the worldSeqrite
 

Similaire à social_engineering.pptx (20)

O365Engage17 - Protecting your Users Against Email Spoofing and Phishing
O365Engage17 - Protecting your Users Against Email Spoofing and PhishingO365Engage17 - Protecting your Users Against Email Spoofing and Phishing
O365Engage17 - Protecting your Users Against Email Spoofing and Phishing
 
White Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdfWhite Paper Example - Brafton for NIP Group.pdf
White Paper Example - Brafton for NIP Group.pdf
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
 
P H I S H I N G
P H I S H I N GP H I S H I N G
P H I S H I N G
 
Case 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docxCase 11. What exactly occurred Twitter is one of popular soci.docx
Case 11. What exactly occurred Twitter is one of popular soci.docx
 
Top Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryTop Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout History
 
Intro phishing
Intro phishingIntro phishing
Intro phishing
 
June NOW 2014
June NOW 2014June NOW 2014
June NOW 2014
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
The Cost Of Hacking
The Cost Of HackingThe Cost Of Hacking
The Cost Of Hacking
 
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
Current Ransomware Trends, Ransomware Attack Survey 2022 (Colin Wright at Hor...
 
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docx
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Security
 
Phishing
PhishingPhishing
Phishing
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
 
Worst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPodWorst security data breaches till 2015 - SecPod
Worst security data breaches till 2015 - SecPod
 
[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world[Infographic] 7 Cyber attacks that shook the world
[Infographic] 7 Cyber attacks that shook the world
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
 
Introduction to phishing
Introduction to phishingIntroduction to phishing
Introduction to phishing
 

Dernier

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Dernier (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

social_engineering.pptx

  • 1. Real-life Scenerios of Social Engineering Social engineering may be the oldest type of attack on information systems still it works till today. Social engineering has become the backbone of many cyber threats, from phishing emails to smishing and vishing attacks. Here’s some real-life social engineering attacks
  • 2. 1. $ 100 Million Google and Facebook Spear Phishing Scam. • The biggest social engineering attack of all time (as far as we know) was perpetrated by Lithuanian national, Evaldas Rimasauskas, against two of the FAANG: Google and Facebook. Rimasauskas and his team set up a fake company, pretending to be a computer manufacturer that worked with Google and Facebook. Rimsauskas also set up bank accounts in the company’s name. • The scammers then sent phishing emails to specific Google and Facebook employees, invoicing them for goods and services that the manufacturer had genuinely provided — but directing them to deposit money into their fraudulent accounts. Between 2013 and 2015, Rimasauskas and his associates cheated the two tech giants out of over $100 million.
  • 3. 2. 2022 Persuasive email phishing attack imitates US Department of Labor • In January 2022, Bleeping Computer described a sophisticated phishing attack designed to steal Office 365 credentials in which the attackers imitated the US Department of Labor (DoL). The scam is a noteworthy example of how convincing phishing attempts are becoming. • The attack used two methods to impersonate the DoL’s email address—spoofing the actual DoL email domain (reply@dol[.]gov) and buying up look-a-like domains, including “dol-gov[.]com” and “dol- gov[.]us”. Using these domains, the phishing emails sailed through the target organizations’ security gateways.The emails used official DoL branding and were professionally written and invited recipients to bid on a government project. The supposed bidding instructions were included in a three-page PDF with a “Bid Now” button embedded.On clicking the link, targets were redirected to a phishing site that looked identical to the actual DoL site, hosted at a URL such as bid-dolgov[.]us. The fake bidding site instructed users to enter their Office 365 credentials. The site even displayed an “error” message after the first input, ensuring the target would enter their credentials twice and thus reducing the possibility of mistyped credentials.
  • 4. 3. Microsoft 365 phishing scam steals credentials in 2021 • In April 2021, security researchers discovered a Business Email Compromise (BEC) scam that tricks the recipient into installing malicious code on their device. • The target receives a blank email with a subject line about a “price revision.” The email contains an attachment that looks like an Excel spreadsheet file (.xlsx). However, the “spreadsheet” is actually a .html file in disguise. • Upon opening the (disguised) .html file, the target is directed to a website containing malicious code. The code triggers a pop-up notification, telling the user they’ve been logged out of Microsoft 365, and inviting them to re- enter their login credentials.
  • 5. 4. Sacramento phishing attack exposes health information in 2021. • Five employees at Sacramento County revealed their login credentials to cybercriminals after receiving phishing emails on June 22, 2021. • The attack was discovered five months later, after an internal audit of workers’ email inboxes. • The breach occurred after employees received phishing emails containing a link to a malicious website. The targets entered their usernames and passwords into a fake login page which were then harvested by cybercriminals. • The attack resulted in a data breach exposing 2,096 records of health information and 816 records of “personal identification information.” The county notified the victims by email and offered free credit monitoring and identity theft services. • It remains to be seen whether this proposed resolution by the county will be enough. Protection of health information is particularly tightly regulated in the US, under the Health Insurance Portability and Accountability Act (HIPAA), and data breaches involving health data have led to some hefty lawsuits in the past.
  • 6. 5. 2021 Singapore Bank phishing saga • Customers of the Oversea-Chinese Banking Corporation (OCBC) were hit by a string of phishing attacks and malicious transactions in 2021, leading to around $8.5 million of losses across approximately 470 customers. • OCBC customers were duped into giving up their account details after receiving phishing emails in December 2021. The situation escalated quickly despite the bank shutting down fraudulent domains and alerting customers of the scam.
  • 7. 6. 2011 RSA SecurID Phishing Attack • In 2011, one of these attacks bit encryption giant RSA and succeeded in netting hackers valuable information about the company’s SecurID two-factor authentication fobs. • Although RSA initially denied that the information could help hackers compromise anyone using SecurID, defense contractor Lockheed Martin soon detected hackers attempting to breach their network using stolen SecurID data. RSA backpedaled quickly and agreed to replace most of the distributed security tokens. • All this trouble boiled down to four employees at RSA parent corporation EMC. Attackers sent them email with a spoofed address purporting to be at a job recruitment website, with an Excel attachment titled 2011 Recruitment Plan. It wasn’t even clear why the employees would care about a spreadsheet from a third-party website, but they opened it—and a zero-day Flash exploit buried in the spreadsheet installed backdoor access to their work machines that soon laid open the keys to the kingdom.
  • 8. 7. 2021 Sharepoint Phishing Fraud targeting home workers • April 2021 saw yet another phishing attack emerge that appears specifically designed to target remote workers using cloud-based software. • The attack begins when the target receives an email—written in the urgent tone favored by phishing scammers—requesting their signature on a document hosted in Microsoft Sharepoint. • The email looks legitimate. It includes the Sharepoint logo and branding familiar to many office workers. But the link leads to a phishing site designed to siphon off users’ credentials.
  • 9. 2020 Vishing Scam results in compromise High- profile Twitter Users’ Accounts. • In July 2020, Twitter lost control of 130 Twitter accounts, including those of some of the world’s most famous people — Barack Obama, Joe Biden, and Kanye West. • Twitter has described the incident as a “phone spear phishing” attack (also known as a “vishing” attack). The calls’ details remain unclear, but somehow Twitter employees were tricked into revealing account credentials that allowed access to the compromised accounts.
  • 10. Similarities of Social Engineering Attack Scenerios Some of the factors causing and influencing the success of these attacks • Fear • Greed • Curiosity • Urgency • Excess trust