Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
17 views24 pages

Social Engineering Fund

Social engineering is the manipulation of individuals to obtain confidential information or breach security practices, with various attack methods such as phishing, pretexting, and baiting. Common tactics include creating a false sense of trust, urgency, and enticing offers to trick victims into revealing personal data. To defend against these attacks, individuals should be cautious about sharing information, verify requests for personal data, and maintain up-to-date security measures.

Uploaded by

Haider Hadi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views24 pages

Social Engineering Fund

Social engineering is the manipulation of individuals to obtain confidential information or breach security practices, with various attack methods such as phishing, pretexting, and baiting. Common tactics include creating a false sense of trust, urgency, and enticing offers to trick victims into revealing personal data. To defend against these attacks, individuals should be cautious about sharing information, verify requests for personal data, and maintain up-to-date security measures.

Uploaded by

Haider Hadi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

Social

Engineering
What is Social Engineering?
The art of manipulating people so that they give up
confidential information or break standard security
practices.
Facts About Social Engineering
• Everyone is a potential target!
• It’s often easier for cybercriminals to
manipulate a human than a computer
network or system.
• Attacks can be relatively low-tech, low-
cost, and easy to execute.
• Technology is rapidly accelerating along
with the sophistication of attacks.
Social Engineering Attack Cycle
Prepare the Attack Establish a Relationship
• Identify the victim(s) • Engage the target
• Gather background information • Spin a story
• Select attack method(s) • Take control of the interaction

Obtain Information Close the Interaction


• Expand the foothold • Remove any traces of malware
• Execute the attack • Bring the attack to a natural end
• Disrupt business and/or steal data
Common Social Engineering Attacks

Phishing/Spear
Pretexting Vishing
Phishing

Smishing Baiting Scareware

Dumpster Shoulder
Ransomware
Diving Surfing
What is Pretexting?

Pretexting is a social
engineering technique in
which a fictional situation is
created for the purpose of
obtaining personal and
sensitive information from
an unsuspecting individual.
Pretexting Techniques & Goals

How is Pretexting Done?

• Attackers impersonate co-workers, police officers, bankers, tax


authorities, or charitable organizations.
• An attacker builds a credible story (pretext) that leaves little
room for doubt on the part of their target.
• A false sense of trust is developed with the target.
• A pretexter may ask a series of questions designed to gather
personally identifiable information.

Why is it Done?

• Obtain Sensitive Information – Social security number, mothers


maiden name, place or date of birth or account numbers.
What is Phishing?

A type of attack often used to steal


user data, including login
credentials, personally identifiable
information or credit card
numbers. It occurs when an
attacker poses as a trusted entity,
dupes a victim into opening an
email or instant message.
Common Signs of Phishing
Too Good To Be True
• Eye-catching or attention-grabbing offers designed to attract people’s
attention immediately. For instance, a claim that you have won an iPhone,
a lottery, or some other prize.

Sense of Urgency
• Act fast because the super deals are only for a limited time.
• Your account will be suspended unless you update your personal details
immediately.

Hyperlinks
• Click here to claim your offer.
• Click here to change your login credentials.

Attachments
• Often contain ransomware, malware or other viruses.
Phishing Email
Other Forms of Phishing
Spear Phishing

• Similar to phishing, spear phishing is an email or electronic


communications scam targeted towards a specific
individual, organization or business.

Vishing (Voice Phishing)

• An attacker calls their target and uses an automated


recording designed to generate fear. The recording will ask
the target to call a number to resolve the issue.

Smishing (SMS Phishing)

• An attacker tries to trick you into giving them your private


information by sending you a text message.
What is Baiting?

Involves offering
something physically
or digitally enticing to
a target in exchange
for login information
or private data.
Baiting Techniques
Free Media Download
• Attackers publish download links on the web, mostly
containing malicious software, offering free music, movie, or
video games if the target surrenders their login credentials to a
certain site.
Unusually Low-Priced Product
• Attackers advertise extremely low priced products in an
online store they created hoping individuals will attempt to
purchase the product and give up their credit or debit card
details.
Compromised USB Drive
• Infected USB drive used to inject malware, redirect you
to phishing websites, or give a hacker access to your computer.
What is Scareware?

Malicious computer
programs designed to trick
a user into buying and
downloading unnecessary
and potentially dangerous
software, such as fake
antivirus protection.
How Does Scareware Work?
Commonly generates pop-ups
An offer to obtain downloadable
that imitate Windows system
software to fix the problem is
messages often pretending to be
made or the user is advised to call
antivirus software. The message
a telephone number displayed in
usually states that infected files
the message for technical
have been found on the users
support.
computer.

The user obtains/downloads the


The users money is lost if
software which is effectively
payment was made, and their
useless or allows the attacker that
computer will most likely become
the user called to connect to their
unstable due to the newly
computer remotely to install
installed malware.
malware.
What is Ransomware?

Malicious software
(malware) that prevents
users from accessing their
system or personal files
and demands a ransom
payment from the user in
order to regain access.
Ransomware - WannaCry
Dumpster Diving

An attacker digs through


trash looking for personal
or confidential
information that can be
used to carry out an
attack on a person or
business.
Shoulder Surfing

Shoulder surfing involves


looking over a person's
shoulder to gather personal
information while the victim is
unaware. This is especially
effective in crowded places
where a person uses a
computer, smartphone or ATM.
Defend Against Pretexting!

How to Avoid Pretexting Scams


• Never give out private information about yourself or
anybody else over the phone or internet unless you
initiated the contact.
• Legitimate organizations will never contact you via phone
requesting personal information.
• If you are approached by somebody you don’t know who
is requesting personal information about you or somebody
you know, end the conversation immediately. Let the
individual know you want to contact their organization and
verify their identity and motive first.
Defend Against Phishing!

How to Avoid Phishing Scams


• Do not respond to communication you are unfamiliar with.
• Do not call any phone numbers listed in an email, text
message, or instant message.
• Do not click on any links in an email message and do not
open any attachments contained in a suspicious email.
• Do not enter personal information in any pop-up screens.
Legitimate organizations don’t ask for personal
information using pop-up screens. Instead, contact the
supposed organization and verify.
• If in doubt, delete the email or message.
Defend Against Baiting!
How to Avoid Baiting Scams
• Think twice before clicking unfamiliar hyperlinks while
surfing the web.
• Use reputable retailers when shopping for products or
services.
• Do not click on any hyperlinks that offer free music,
movie, or video game downloads.
• Avoid any hyperlinks your search engine returns that are
classified as ads.
• Do not insert any USB drives into your computer that you
find laying around. Turn it into your organizations security
team.
Defend Against Scareware!

How to Avoid Scareware Scams


• Always use up-to-date web browsers to ensure the
latest security updates are applied.
• Turn on pop-up blockers.
• If you get a pop-up, completely shut down the browser.
Use Ctrl-Alt-Delete to close the browser if your are
unable to close it normally.
• Do not click any links in a pop-up if you do get one.
• Always keep your antivirus program updated.
• Don’t give up personal information requested by a pop-
up.
Cybersecurity Facts and Stats
• Cyberattacks are the fastest growing crime
globally.
• There is a hacker attack every 39 seconds.
• Total cost of cybercrime globally has added up
to over $1 trillion in 2018.
• Approximately $6 trillion is expected to be spent
globally on cybersecurity by 2021.
• 95% of cybersecurity breaches are due to
human error.

You might also like