SlideShare a Scribd company logo

The Art of Social Hacking: Manipulating People for Information

Download as PPTX, PDF
Maulik Kotak
Maulik Kotak

Social engineering is manipulating people into revealing confidential information through deception rather than technical hacking methods. It includes techniques like quid pro quo, phishing, baiting, pretexting, and diversion theft. Famous social engineer Kevin Mitnick emphasized that people inherently want to be helpful and trustworthy, making them vulnerable. Training and policies can help prevent social engineering by raising awareness of common tactics and restricting disclosure of private information. The human element remains the weakest link despite strong technical security defenses.

EducationTechnologyNews & Politics
1 of 24
./whoami 0 If You want to Hack some one First Hack Your self. 0 I am NOT a Hacker Just Learner as Security analyst.
“The Art of Social Hacking”
Introduction • What is Social Engineering? Manipulate people into doing something, rather than by breaking in using technical means • Types of Social Engineering o Quid Pro Quo o Phishing o Baiting o Pretexting o Diversion Theft • Ways to prevent Social Engineering o
What is Social Engineering? • Attacker uses human interaction to obtain or compromise information • Attacker my appear unassuming or respectable o o Pretend to be a new employee, repair man, ect May even offer credentials • By asking questions, the attacker may piece enough information together to infiltrate a companies network o May attempt to get information from many sources
Kevin Mitnick Famous Social Engineer Hacker • Went to prison for hacking • Became ethical hacker "People are generally helpful, especially to someone who is nice, knowledgeable or insistent."
Kevin Mitnick - Art of Deception • "People inherently want to be helpful and therefore are easily duped" • "They assume a level of trust in order to avoid conflict" • "It's all about gaining access to information that people think is innocuous when it isn't" • Here a nice voice on the phone, we want to be helpful • Social engineering cannot be blocked by technology alone
Examples of Social Engineering • Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge Pretend to work there, give manager name from another branch o Fakes a phone conversation when caught o o • Free food at McDonalds
Live Example • Convinced friend that I would help fix their computer • People inherently want to trust and will believe someone when they want to be helpful • Fixed minor problems on the computer and secretly installed remote control software • Now I have total access to their computer through ultravnc viewer
Types of Social Engineering • • • • • Quid Pro Quo o Something for something Phishing o Fraudulently obtaining private information Baiting o Real world trojan horse Pretexting o Invented Scenario Diversion Theft o A con
Quid Pro Quo • Something for Something o Call random numbers at a company, claiming to be from technical support. o Eventually, you will reach someone with a legitamite problem o Grateful you called them back, they will follow your instructions o The attacker will "help" the user, but will really have the victim type commands that will allow the attacker to install malware
Phishing • Fraudulently obtaining private information o Send an email that looks like it came from a legitimate business o Request verification of information and warn of some consequence if not provided o Usually contains link to a fraudulent web page that looks legitimate o User gives information to the social engineer  Ex: Ebay Scam
Phishing continued • Spear Fishing o Specific phishing  Ex: email that makes claims using your name • Vishing o o Phone phishing Rogue interactive voice system  Ex:call bank to verify information
Baiting • Real world Trojan horse o Uses physical media o Relies on greed/curiosity of victim o Attacker leaves a malware infected cd or usb drive in a location sure to be found o Attacker puts a legitimate or curious lable to gain interest o Ex: "Company Earnings 2009" left at company elevator  Curious employee/Good samaritan uses  User inserts media and unknowingly installs malware
Pretexting • Invented Scenario o o o Prior Research/Setup used to establish legitimacy  Give information that a user would normally not divulge This technique is used to impersonate  Authority ect  Using prepared answers to victims questions  Other gathered information Ex: Law Enforcement  Threat of alleged infraction to detain suspect and hold for questioning
Pretexting Real Example: • Signed up for Free Credit Report • Saw Unauthorized charge from another credit company o Called to dispute charged and was asked for Credit Card Number  They insisted it was useless without the security code o • Asked for Social Security number Talked to Fraud Department at my bank
Weakest Link? • No matter how strong your: o Firewalls o Intrusion Detection Systems o Cryptography o Anti-virus software • You are the weakest link in computer security! o People are more vulnerable than computers • "The weakest link in the security chain is the human element" -Kevin Mitnick
Ways to Prevent Social Engineering Training • User Awareness o User knows that giving out certain information is bad • Military requires Cyber Transportation to hold o Top Secret Security Clearance o Security Plus Certification • Policies o Employees are not allowed to divulge private information o Prevents employees from being socially pressured or tricked
Ways to Prevent Social Engineering Cont.. • 3rd Party test - Ethical Hacker o Have a third party come to your company and attempted to hack into your network o 3rd party will attempt to glean information from employees using social engineering o Helps detect problems people have with security • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information • Do not provide personal information, information about the company(such as internal network) unless authority of person is verified
General Safety • Before transmitting personal information over the internet, check the connection is secure and check the url is correct • If unsure if an email message is legitimate, contact the person or company by another means to verify • Be paranoid and aware when interacting with anything that needs protected o The smallest information could compromise what you're protecting
Conclusion • What is Social Engineering? Manipulate people into doing something, rather than by breaking in using technical means • Types of Social Engineering o Quid Pro Quo o Phishing o Baiting o Pretexting o Diversion Theft • Ways to prevent Social Engineering o
Questions?
!! For Regarding any question contact me !! http://www.maulikkotak.webnode.com http://www.facebook.com/maulikkotakstar http://www.twitter.com/maulikkotakstar

Recommended

What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 

Recommended

What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringn|u - The Open Security Community
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepalICT Frame Magazine Pvt. Ltd.
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime typeskiran yadav
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 

More Related Content

What's hot

Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime typeskiran yadav
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation sweetpeace1
 

What's hot (20)

Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Cyber security awareness presentation nepal
Cyber security awareness presentation nepalCyber security awareness presentation nepal
Cyber security awareness presentation nepal
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
Password Attack
Password Attack Password Attack
Password Attack
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime types
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
social engineering
social engineering social engineering
social engineering
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 

Viewers also liked

Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About itAleksandr Yampolskiy
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
Skimming: Review of Credit & Debit Card Fraud
Skimming: Review of Credit & Debit Card FraudSkimming: Review of Credit & Debit Card Fraud
Skimming: Review of Credit & Debit Card FraudJason Sookram
 
Social engineering-Sandy Suhling
Social engineering-Sandy SuhlingSocial engineering-Sandy Suhling
Social engineering-Sandy Suhlingsuhlingse
 
2016 Social Engineering Training
2016 Social Engineering Training2016 Social Engineering Training
2016 Social Engineering TrainingRob Valdez
 
The 5 security awareness training generations [CARTOON]
The 5 security awareness training generations [CARTOON]The 5 security awareness training generations [CARTOON]
The 5 security awareness training generations [CARTOON]Stu Sjouwerman
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social EngineeringNutan Kumar Panda
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 

Viewers also liked (17)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Kevin Mitnick
Kevin Mitnick Kevin Mitnick
Kevin Mitnick
 
Kevin mitnick
Kevin mitnickKevin mitnick
Kevin mitnick
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
Skimming: Review of Credit & Debit Card Fraud
Skimming: Review of Credit & Debit Card FraudSkimming: Review of Credit & Debit Card Fraud
Skimming: Review of Credit & Debit Card Fraud
 
Social engineering-Sandy Suhling
Social engineering-Sandy SuhlingSocial engineering-Sandy Suhling
Social engineering-Sandy Suhling
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
2016 Social Engineering Training
2016 Social Engineering Training2016 Social Engineering Training
2016 Social Engineering Training
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
The 5 security awareness training generations [CARTOON]
The 5 security awareness training generations [CARTOON]The 5 security awareness training generations [CARTOON]
The 5 security awareness training generations [CARTOON]
 
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark ArtsSocial Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Arts
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 

Similar to The Art of Social Hacking: Manipulating People for Information

Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringPrem Lamsal
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineeringVi Tính Hoàng Nam
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017Evan Francen
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Marta Barrio Marcos
 
Cybercrimes and Cybercriminals
Cybercrimes and CybercriminalsCybercrimes and Cybercriminals
Cybercrimes and CybercriminalsAshikur Rahman
 
Introduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxIntroduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxShubhamGupta833557
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking peopleTudor Damian
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Infosecurity2010
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security Lokender Yadav
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenshipstephensc
 
Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenshipstephensc
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 

Similar to The Art of Social Hacking: Manipulating People for Information (20)

Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineering
 
Social Engineering.pdf
Social Engineering.pdfSocial Engineering.pdf
Social Engineering.pdf
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017People. The Social Engineer's Dream - TechPulse 2017
People. The Social Engineer's Dream - TechPulse 2017
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
Cybercrimes and Cybercriminals
Cybercrimes and CybercriminalsCybercrimes and Cybercriminals
Cybercrimes and Cybercriminals
 
Introduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptxIntroduction to Cybersecurity - Secondary School_0.pptx
Introduction to Cybersecurity - Secondary School_0.pptx
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking people
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
Sharon Conheady - Social engineering & social networks (4 novmber Jaarbeurs U...
 
Ethical Hacking & Network Security
Ethical Hacking & Network Security Ethical Hacking & Network Security
Ethical Hacking & Network Security
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenship
 
Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenship
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptx
 
Hacking
HackingHacking
Hacking
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library Setup
 

Recently uploaded

How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
The Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsThe Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsRommel Regala
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operationalssuser3e220a
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxRosabel UA
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 

Recently uploaded (20)

How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
The Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World PoliticsThe Contemporary World: The Globalization of World Politics
The Contemporary World: The Globalization of World Politics
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operational
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Presentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptxPresentation Activity 2. Unit 3 transv.pptx
Presentation Activity 2. Unit 3 transv.pptx
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 

The Art of Social Hacking: Manipulating People for Information

  • 1.
  • 2. ./whoami 0 If You want to Hack some one First Hack Your self. 0 I am NOT a Hacker Just Learner as Security analyst.
  • 3. “The Art of Social Hacking”
  • 4. Introduction • What is Social Engineering? Manipulate people into doing something, rather than by breaking in using technical means • Types of Social Engineering o Quid Pro Quo o Phishing o Baiting o Pretexting o Diversion Theft • Ways to prevent Social Engineering o
  • 5.
  • 6. What is Social Engineering? • Attacker uses human interaction to obtain or compromise information • Attacker my appear unassuming or respectable o o Pretend to be a new employee, repair man, ect May even offer credentials • By asking questions, the attacker may piece enough information together to infiltrate a companies network o May attempt to get information from many sources
  • 7. Kevin Mitnick Famous Social Engineer Hacker • Went to prison for hacking • Became ethical hacker "People are generally helpful, especially to someone who is nice, knowledgeable or insistent."
  • 8. Kevin Mitnick - Art of Deception • "People inherently want to be helpful and therefore are easily duped" • "They assume a level of trust in order to avoid conflict" • "It's all about gaining access to information that people think is innocuous when it isn't" • Here a nice voice on the phone, we want to be helpful • Social engineering cannot be blocked by technology alone
  • 9. Examples of Social Engineering • Kevin Mitnick talks his way into central Telco office Tells guard he will get a new badge Pretend to work there, give manager name from another branch o Fakes a phone conversation when caught o o • Free food at McDonalds
  • 10. Live Example • Convinced friend that I would help fix their computer • People inherently want to trust and will believe someone when they want to be helpful • Fixed minor problems on the computer and secretly installed remote control software • Now I have total access to their computer through ultravnc viewer
  • 11. Types of Social Engineering • • • • • Quid Pro Quo o Something for something Phishing o Fraudulently obtaining private information Baiting o Real world trojan horse Pretexting o Invented Scenario Diversion Theft o A con
  • 12. Quid Pro Quo • Something for Something o Call random numbers at a company, claiming to be from technical support. o Eventually, you will reach someone with a legitamite problem o Grateful you called them back, they will follow your instructions o The attacker will "help" the user, but will really have the victim type commands that will allow the attacker to install malware
  • 13. Phishing • Fraudulently obtaining private information o Send an email that looks like it came from a legitimate business o Request verification of information and warn of some consequence if not provided o Usually contains link to a fraudulent web page that looks legitimate o User gives information to the social engineer  Ex: Ebay Scam
  • 14. Phishing continued • Spear Fishing o Specific phishing  Ex: email that makes claims using your name • Vishing o o Phone phishing Rogue interactive voice system  Ex:call bank to verify information
  • 15. Baiting • Real world Trojan horse o Uses physical media o Relies on greed/curiosity of victim o Attacker leaves a malware infected cd or usb drive in a location sure to be found o Attacker puts a legitimate or curious lable to gain interest o Ex: "Company Earnings 2009" left at company elevator  Curious employee/Good samaritan uses  User inserts media and unknowingly installs malware
  • 16. Pretexting • Invented Scenario o o o Prior Research/Setup used to establish legitimacy  Give information that a user would normally not divulge This technique is used to impersonate  Authority ect  Using prepared answers to victims questions  Other gathered information Ex: Law Enforcement  Threat of alleged infraction to detain suspect and hold for questioning
  • 17. Pretexting Real Example: • Signed up for Free Credit Report • Saw Unauthorized charge from another credit company o Called to dispute charged and was asked for Credit Card Number  They insisted it was useless without the security code o • Asked for Social Security number Talked to Fraud Department at my bank
  • 18. Weakest Link? • No matter how strong your: o Firewalls o Intrusion Detection Systems o Cryptography o Anti-virus software • You are the weakest link in computer security! o People are more vulnerable than computers • "The weakest link in the security chain is the human element" -Kevin Mitnick
  • 19. Ways to Prevent Social Engineering Training • User Awareness o User knows that giving out certain information is bad • Military requires Cyber Transportation to hold o Top Secret Security Clearance o Security Plus Certification • Policies o Employees are not allowed to divulge private information o Prevents employees from being socially pressured or tricked
  • 20. Ways to Prevent Social Engineering Cont.. • 3rd Party test - Ethical Hacker o Have a third party come to your company and attempted to hack into your network o 3rd party will attempt to glean information from employees using social engineering o Helps detect problems people have with security • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information • Do not provide personal information, information about the company(such as internal network) unless authority of person is verified
  • 21. General Safety • Before transmitting personal information over the internet, check the connection is secure and check the url is correct • If unsure if an email message is legitimate, contact the person or company by another means to verify • Be paranoid and aware when interacting with anything that needs protected o The smallest information could compromise what you're protecting
  • 22. Conclusion • What is Social Engineering? Manipulate people into doing something, rather than by breaking in using technical means • Types of Social Engineering o Quid Pro Quo o Phishing o Baiting o Pretexting o Diversion Theft • Ways to prevent Social Engineering o
  • 24. !! For Regarding any question contact me !! http://www.maulikkotak.webnode.com http://www.facebook.com/maulikkotakstar http://www.twitter.com/maulikkotakstar