1 / 15

Social Engineering

Social Engineering. Aleksandra Kurbatova 111611 IVCM. Agenda. What is social engineering ? Types Pretexting … Summary Conclusion. Social Engineering. Quite a young term Kevin Mitnick Art of manipulating people No face-to-face communication with the victim. Weakest link.

liana
Download Presentation

Social Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Social Engineering Aleksandra Kurbatova 111611 IVCM

  2. Agenda • What is social engineering? • Types • Pretexting • … • Summary • Conclusion

  3. Social Engineering • Quite a young term • Kevin Mitnick • Art of manipulating people • No face-to-face communication with the victim

  4. Weakest link • People are the largest vulnerabilities in any network. • Social engineering is based on decision making of human being.

  5. Different types: • Pretexting • Diversion theft • Quid pro quo • Phishing • Baiting • IVR or phone phishing

  6. Pretexting • Created scenario to persuade target to release information • Research • Gathering information in advance about victim • Build the trust • Rely on personal past experience

  7. Diversion theft • “Corner game” • Connected with courier or transport company • Need to persuade the driver near the address • Security van outside the shop when it should not be there

  8. Quid pro quo • From Latin “what for what” • Indicates exchanges • “Something for something” in social engineering • Can exchange a password a pen In survay, for instance

  9. Phishing • Method of fraudulently obtaining private information • E-mail with verification • Link to the fake web-page which look like real

  10. baiting • Leaving some CD/DVD/USB with malicious program where it will be definitely found • Have name like “salary from the last month” • Curious employee will run it to see the context • Access will be given by 3rd parties even without knowing SALARY TABLE

  11. IVR • Interactive Voice Response • Vishing (voice + phishing) • Criminal practice over the telephone • Victim gets the message to call to the bank • Automated text ask to change password or tell credit card number

  12. Summary • We try to secure our system, to find all the vulnerabilities, to mitigate the risks but THE WEAKEST LINK in ANY system is PERSON • Social engineering is based of human desision making • There are several types pretexting, phishing, vishing, baithing and so on • Collecting information about the victim will bring closer to the success

  13. Conclusion • We should educate people more that they should not easily trust to the others • Password should be hard enouth and hardly guessible • No secret question like “mothers surname or pet name” should be ussed • Check all the time the information which you get, if it is needed to call to the bank, use the phone number you have, not the one which is provided

  14. Questions?

  15. Thank you for your attention!

More Related