SlideShare une entreprise Scribd logo

Social engineering-Sandy Suhling

S
suhlingse

Social engineering: Case Study & attack implications

Technologie
1  sur  10
Télécharger pour lire hors ligne
Social Engineering Attacks: Case Studies & Security Implications By Sandy Suhling INFO 644--Fall 2013
What is social engineering? ● “gaining of information from legitimate users for illegitimate access (Dhillon, 2013).” ● generally involves manipulating someone to take action or give information that may or may not be in the target’s best interests (Hadnagy, 2010).
Social Engineering techniques ● dumpster diving (Brody, Brizzee, & Cano, 2012) ● shoulder surfing ● tailgating/piggybacking ● phishing ● pretexting ● intimidation (Orlando, 2007) ● bribery
Case Study: Wayland Fruit Company http://world-beautifulwallpapers.blogspot.com/2013/02/beautiful-fruits-wallpapers.html
Case Study: Holes in Security ● company policy violations ○ vulnerable to blackmail, coercion ● hacker use of pretexting to get information ○ pretended to be EW IT Technician ○ knew information about the company & Mr. Farmer ● Lack of awareness/education ● use of same login ID and password for multiple accounts
Social & Technical Vulnerabilities ● Walmart: good customer service vs. giving out business information (Cowley, 2012). ● Human tendencies = vulnerabilities: ○ want to be helpful ○ make assumptions ○ reluctance to question authorities ○ people take shortcuts, security vs. usabilitiy (Hadnagy, 2010). ○ overconfidence
Implications for attacks ● can have high costs ○ financial costs $25,000-$100,000/incident ○ loss of trust in employees ○ loss of business ● difficult to prevent because of natural human tendencies
Preventing social engineering attacks ● include 4th generation security measures (Dhillon, 2013). ● education and awareness about social engineering for all employees ● use a combination of informal, formal, and technical controls/security measures ● make use of penetration testing ● don’t make it easy! ○ ex: proper disposal of trash/important documents (Brody, Brizzee, & Cano, 2012)
Class Question What other security measures can businesses use to prevent social engineering attacks? How are these security measures different from those instituted to protect from other types of attacks?
References ● Brody, R.G., Brizzee, W.B., and Cano, L. (2012). Flying under the radar: Social engineering. International Journal of Accounting and Information Management, 20(4). Retrieved from http://www.emeraldinsight.com.proxy.library.vcu.edu/ journals.htm?articleid=17058136&show=abstract. ● Cowley, S. (2012). How a lying 'social engineer' hacked Wal-Mart. CNN. Retrieved from http://money.cnn.com/2012/08/07/technology/walmart-hack-defcon/index.htm. ● Dhillon, G. (2013). Enterprise Cyber Security: Principles and Practice. Washington, DC: Paradigm Books. ● Hadnagy, C. (2010). Social Engineering: The Art of Human Hacking. Indianapolis, IN: John Wiley & Sons. Retrieved from http://proquest.safaribooksonline.com.proxy.library.vcu.edu/9780470639535 ● Orlando, J. (2007). Social engineering in penetration testing: Cases. Security Strategies Alert. Retrieved from http://www.networkworld.com/newsletters/2007/1022sec2.html?page=1

Recommandé

Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenshipJonah Howard
 
„The four most-used passwords are love, sex, secret, and God“: password secur...
„The four most-used passwords are love, sex, secret, and God“: password secur...„The four most-used passwords are love, sex, secret, and God“: password secur...
„The four most-used passwords are love, sex, secret, and God“: password secur...Kaido Kikkas
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Social engineering
Social engineeringSocial engineering
Social engineeringNicholas Davis
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark ArtsSocial Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Artsn|u - The Open Security Community
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 

Recommandé

Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenshipJonah Howard
 
„The four most-used passwords are love, sex, secret, and God“: password secur...
„The four most-used passwords are love, sex, secret, and God“: password secur...„The four most-used passwords are love, sex, secret, and God“: password secur...
„The four most-used passwords are love, sex, secret, and God“: password secur...Kaido Kikkas
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Social engineering
Social engineeringSocial engineering
Social engineeringNicholas Davis
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark ArtsSocial Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Artsn|u - The Open Security Community
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social EngineeringNutan Kumar Panda
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit frameworkPrashanth Sivarajan
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxRunning head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxtodd271
 
Designing for Usable Security and Privacy
Designing for Usable Security and PrivacyDesigning for Usable Security and Privacy
Designing for Usable Security and PrivacyCori Faklaris
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfSaraJayneTerp
 
CanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfCanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfSaraJayneTerp
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technohoney690131
 
Project Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxProject Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxbriancrawford30935
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxtodd581
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxglendar3
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...The University of Texas (UTRGV)
 
CSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfCSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfSaraJayneTerp
 
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxChapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxbartholomeocoombs
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxnormanibarber20063
 

Contenu connexe

En vedette

Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social EngineeringNutan Kumar Panda
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 

En vedette (8)

Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit framework
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 

Similaire à Social engineering-Sandy Suhling

Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxRunning head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxtodd271
 
Designing for Usable Security and Privacy
Designing for Usable Security and PrivacyDesigning for Usable Security and Privacy
Designing for Usable Security and PrivacyCori Faklaris
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfSaraJayneTerp
 
CanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfCanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfSaraJayneTerp
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technohoney690131
 
Project Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxProject Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxbriancrawford30935
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxtodd581
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxglendar3
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...The University of Texas (UTRGV)
 
CSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfCSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfSaraJayneTerp
 
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxChapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxbartholomeocoombs
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxnormanibarber20063
 
Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)SaraJayneTerp
 
MITIGATING SOCIAL ENGINEERING ATTACKS.pptx
MITIGATING SOCIAL ENGINEERING ATTACKS.pptxMITIGATING SOCIAL ENGINEERING ATTACKS.pptx
MITIGATING SOCIAL ENGINEERING ATTACKS.pptxzeeguy4lyf
 
Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyCSCJournals
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
 
Target Data Security Breach Case Study
Target Data Security Breach Case StudyTarget Data Security Breach Case Study
Target Data Security Breach Case StudyAngilina Jones
 

Similaire à Social engineering-Sandy Suhling (20)

Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxRunning head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
 
Designing for Usable Security and Privacy
Designing for Usable Security and PrivacyDesigning for Usable Security and Privacy
Designing for Usable Security and Privacy
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdf
 
CanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfCanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdf
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
 
Project Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxProject Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docx
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...
 
CSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfCSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdf
 
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxChapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docx
 
Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
MITIGATING SOCIAL ENGINEERING ATTACKS.pptx
MITIGATING SOCIAL ENGINEERING ATTACKS.pptxMITIGATING SOCIAL ENGINEERING ATTACKS.pptx
MITIGATING SOCIAL ENGINEERING ATTACKS.pptx
 
Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In Technology
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
 
Target Data Security Breach Case Study
Target Data Security Breach Case StudyTarget Data Security Breach Case Study
Target Data Security Breach Case Study
 

Dernier

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Dernier (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Social engineering-Sandy Suhling

  • 1. Social Engineering Attacks: Case Studies & Security Implications By Sandy Suhling INFO 644--Fall 2013
  • 2. What is social engineering? ● “gaining of information from legitimate users for illegitimate access (Dhillon, 2013).” ● generally involves manipulating someone to take action or give information that may or may not be in the target’s best interests (Hadnagy, 2010).
  • 3. Social Engineering techniques ● dumpster diving (Brody, Brizzee, & Cano, 2012) ● shoulder surfing ● tailgating/piggybacking ● phishing ● pretexting ● intimidation (Orlando, 2007) ● bribery
  • 4. Case Study: Wayland Fruit Company http://world-beautifulwallpapers.blogspot.com/2013/02/beautiful-fruits-wallpapers.html
  • 5. Case Study: Holes in Security ● company policy violations ○ vulnerable to blackmail, coercion ● hacker use of pretexting to get information ○ pretended to be EW IT Technician ○ knew information about the company & Mr. Farmer ● Lack of awareness/education ● use of same login ID and password for multiple accounts
  • 6. Social & Technical Vulnerabilities ● Walmart: good customer service vs. giving out business information (Cowley, 2012). ● Human tendencies = vulnerabilities: ○ want to be helpful ○ make assumptions ○ reluctance to question authorities ○ people take shortcuts, security vs. usabilitiy (Hadnagy, 2010). ○ overconfidence
  • 7. Implications for attacks ● can have high costs ○ financial costs $25,000-$100,000/incident ○ loss of trust in employees ○ loss of business ● difficult to prevent because of natural human tendencies
  • 8. Preventing social engineering attacks ● include 4th generation security measures (Dhillon, 2013). ● education and awareness about social engineering for all employees ● use a combination of informal, formal, and technical controls/security measures ● make use of penetration testing ● don’t make it easy! ○ ex: proper disposal of trash/important documents (Brody, Brizzee, & Cano, 2012)
  • 9. Class Question What other security measures can businesses use to prevent social engineering attacks? How are these security measures different from those instituted to protect from other types of attacks?
  • 10. References ● Brody, R.G., Brizzee, W.B., and Cano, L. (2012). Flying under the radar: Social engineering. International Journal of Accounting and Information Management, 20(4). Retrieved from http://www.emeraldinsight.com.proxy.library.vcu.edu/ journals.htm?articleid=17058136&show=abstract. ● Cowley, S. (2012). How a lying 'social engineer' hacked Wal-Mart. CNN. Retrieved from http://money.cnn.com/2012/08/07/technology/walmart-hack-defcon/index.htm. ● Dhillon, G. (2013). Enterprise Cyber Security: Principles and Practice. Washington, DC: Paradigm Books. ● Hadnagy, C. (2010). Social Engineering: The Art of Human Hacking. Indianapolis, IN: John Wiley & Sons. Retrieved from http://proquest.safaribooksonline.com.proxy.library.vcu.edu/9780470639535 ● Orlando, J. (2007). Social engineering in penetration testing: Cases. Security Strategies Alert. Retrieved from http://www.networkworld.com/newsletters/2007/1022sec2.html?page=1