Abstract image of a woman sitting on books and studying on a laptop

Social engineering

A
ankushmohanty

Social engineering is manipulating people into revealing sensitive information or performing actions, rather than using technical hacking methods. It involves gaining people's trust and obtaining information that seems harmless but can be combined to compromise security. Famous social engineer Kevin Mitnick used only social engineering to access private networks. Common social engineering attacks include phishing scams, impersonating help desk staff, stealing documents, and installing malware under false pretenses. The weakest link is often human rather than technical, as people are more vulnerable to manipulation. Training employees, testing defenses with ethical hackers, and verifying unsolicited contacts can help prevent social engineering attacks.

Technology
Related topics:
Social Engineering
1 of 23
Downloaded 75 times
1
2
Most read
3
4
5
6
7
8
9
Most read
10
11
12
13
14
15
16
17
18
19
20
21
Most read
22
23
Social Engineering The Art of Social Hacking By-Ankush Mohanty
Introduction • What is Social Engineering? o Manipulate people into doing something, rather than by breaking in using technical means.This type of attack is non technical. • Types of Social Engineering • Ways to prevent Social Engineering
Social engineering
What is Social Engineering? • Attacker uses human interaction to obtain or compromise information • Attacker my appear unassuming or respectable o Pretend to be a new employee, repair man, ect o May even offer credentials • By asking questions, the attacker may piece enough information together to infiltrate a companies network o May attempt to get information from many sources
History of Social Engineering • The term Social Engineering was made popular ex- computer criminal Kevin Mitnick. • Confessed to illegally accessing private networks and possession of forged documents. • Claimed to of only used Social Engineering techniques with no help from software programs.
Kevin Mitnick Famous Social Engineer Hacker • Went to prison for hacking • Became ethical hacker "People are generally helpful, especially to someone who is nice, knowledgeable or insistent."
A Quote from Kevin Mitnick “You could spend a fortune purchasing technology and services from every exhibitor, speaker and sponsor at the RSA Conference, and your network infrastructure could still remain vulnerable to old-fashioned manipulation.”
Kevin Mitnick - Art of Deception: • "People inherently want to be helpful and therefore are easily duped" • "They assume a level of trust in order to avoid conflict" • "It's all about gaining access to information that people think is innocuous when it isn't" • Here a nice voice on the phone, we want to be helpful • Social engineering cannot be blocked by technology alone
Types of Attacks • Phishing • Impersonation on help desk calls • Physical access (such as tailgating) • Shoulder surfing • Dumpster diving • Stealing important documents • Fake software • Trojans
Phishing • Fraudulently obtaining private information o Send an email that looks like it came from a legitimate business o Request verification of information and warn of some consequence if not provided o Usually contains link to a fraudulent web page that looks legitimate o User gives information to the social engineer  Ex: Ebay Scam
Phishing continued • Spear Fishing o Specific phishing  Ex: email that makes claims using your name • Vishing o Phone phishing o Rogue interactive voice system  Ex:call bank to verify information Prevention: Honeypot email addresses Education Awareness of network and website changes
Impersonation on help desk calls • Calling the help desk pretending to be someone else • Usually an employee or someone with authority • Prevention: – Assign pins for calling the help desk – Don‟t do anything on someone‟s order – Stick to the scope of the help desk
Physical access • Tailgating • Ultimately obtains unauthorize building access • Prevention – Require badges – Employee training – Security officers – No exceptions!
Shoulder surfing • Someone can watch the keys you press when entering your password • Probably less common • Prevention: – Be aware of who‟s around when entering your password
Dumpster diving • Looking through the trash for sensitive information • Doesn‟t have to be dumpsters: any trashcan will do • Prevention: – Easy secure document destruction – Lock dumpsters – Erase magnetic media
Stealing important documents • Can take documents off someone‟s desk • Prevention: – Lock your office – If you don‟t have an office: lock your files securely – Don‟t leave important information in the open
Fake Software • Fake login screens • The user is aware of the software but thinks it‟s trustworthy • Prevention: – Have a system for making real login screens obvious (personalized key, image, or phrase) – Education – Antivirus (probably won‟t catch custom tailored attacks)
Trojans • Appears to be useful and legitimate software before running • Performs malicious actions in the background • Does not require interaction after being run • Prevention: – Don„t run programs on someone else‟s computer – Only open attachments you‟re expecting – Use an antivirus
Weakest Link? • No matter how strong your: o Firewalls o Intrusion Detection Systems o Cryptography o Anti-virus software • You are the weakest link in computer security! o People are more vulnerable than computers • "The weakest link in the security chain is the human element" -Kevin Mitnick
Ways to Prevent Social Engineering Training • User Awareness o User knows that giving out certain information is bad • Military requires Cyber Transportation to hold o Top Secret Security Clearance o Security Plus Certification • Policies o Employees are not allowed to divulge private information o Prevents employees from being socially pressured or tricked
Ways to Prevent Social Engineering Cont.. • 3rd Party test - Ethical Hacker o Have a third party come to your company and attempted to hack into your network o 3rd party will attempt to glean information from employees using social engineering o Helps detect problems people have with security • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information • Do not provide personal information, information about the company(such as internal network) unless authority of person is verified
General Saftey • Before transmitting personal information over the internet, check the connection is secure and check the url is correct • If unsure if an email message is legitimate, contact the person or company by another means to verify • Be paranoid and aware when interacting with anything that needs protected o The smallest information could compromise what you're protecting
Questions?

More Related Content

PPTX
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
PPTX
Social engineering presentation
pooja_doshi
 
PPTX
Social engineering hacking attack
Pankaj Dubey
 
PPTX
Social engineering
Vîñàý Pãtêl
 
PDF
Social Engineering Basics
Luke Rusten
 
PDF
Social Engineering Attacks & Principles
LearningwithRayYT
 
PPTX
Social engineering
Abdelhamid Limami
 
PDF
Social engineering
Robert Hood
 
Social Engineering,social engeineering techniques,social engineering protecti...
ABHAY PATHAK
 
Social engineering presentation
pooja_doshi
 
Social engineering hacking attack
Pankaj Dubey
 
Social engineering
Vîñàý Pãtêl
 
Social Engineering Basics
Luke Rusten
 
Social Engineering Attacks & Principles
LearningwithRayYT
 
Social engineering
Abdelhamid Limami
 
Social engineering
Robert Hood
 

What's hot (20)

PPTX
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
PPT
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
PPTX
Cybercrime and Security
Noushad Hasan
 
PPTX
Social engineering: A Human Hacking Framework
Jahangirnagar University
 
PPTX
Social engineering
Vishal Kumar
 
PPTX
Email phishing and countermeasures
Jorge Sebastiao
 
PPTX
Social engineering
Maulik Kotak
 
PPTX
Social engineering-Attack of the Human Behavior
James Krusic
 
PPTX
Cyber security
Dr. Kishor Nikam
 
PPT
Phishing
Alka Falwaria
 
PPTX
Data Security - English
Data Security
 
PPTX
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
PPTX
Cyber Security Awareness Program.pptx
Dinesh582831
 
PPTX
Different Types of Phishing Attacks
SysCloud
 
PDF
Cyber Security
Ramiro Cid
 
PDF
What is Social Engineering? An illustrated presentation.
Pratum
 
PPTX
PPT on Phishing
Pankaj Yadav
 
PDF
Social engineering attacks
Ramiro Cid
 
PDF
Application Security - Your Success Depends on it
WSO2
 
PPT
Cyber crime
Muhammad Osama Khalid
 
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Social Engineering | #ARMSec2015
Hovhannes Aghajanyan
 
Cybercrime and Security
Noushad Hasan
 
Social engineering: A Human Hacking Framework
Jahangirnagar University
 
Social engineering
Vishal Kumar
 
Email phishing and countermeasures
Jorge Sebastiao
 
Social engineering
Maulik Kotak
 
Social engineering-Attack of the Human Behavior
James Krusic
 
Cyber security
Dr. Kishor Nikam
 
Phishing
Alka Falwaria
 
Data Security - English
Data Security
 
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cyber Security Awareness Program.pptx
Dinesh582831
 
Different Types of Phishing Attacks
SysCloud
 
Cyber Security
Ramiro Cid
 
What is Social Engineering? An illustrated presentation.
Pratum
 
PPT on Phishing
Pankaj Yadav
 
Social engineering attacks
Ramiro Cid
 
Application Security - Your Success Depends on it
WSO2
 
Cyber crime
Muhammad Osama Khalid
 
Ad

Viewers also liked (18)

PPTX
Social Engineering
Ahmed Musaad
 
PPTX
Social Engineering
primeteacher32
 
PPTX
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 
PDF
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...
Eternal Power Foundation
 
PDF
Social Engineering
William Gregorian
 
PDF
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp
 
PPTX
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
PPTX
Attacking the cloud with social engineering
Peter Wood
 
PDF
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
nwrecruit
 
PDF
Hacking the Helpdesk: Social Engineering Risks
Craig Clark ITIL, CIS LI,EU GDPR P
 
PDF
Social Engineering, or hacking people
Tudor Damian
 
PPTX
Social engineering
Alexander Zhuravlev
 
PPT
Introduction To Information Security
belsis
 
PPTX
Fraud detection
International School of Engineering
 
PPTX
Credit card fraud detection
kalpesh1908
 
PPTX
Information Security Lecture #1 ppt
vasanthimuniasamy
 
PPT
Presentation on fraud prevention, detection & control
Dominic Sroda Korkoryi
 
PPTX
INFORMATION SECURITY
Ahmed Moussa
 
Social Engineering
Ahmed Musaad
 
Social Engineering
primeteacher32
 
Social Engineering - Human aspects of industrial and economic espionage
Marin Ivezic
 
Human Engineering workshop by Eternal Power Foundation Team v1.1_28Feb16 PDF ...
Eternal Power Foundation
 
Social Engineering
William Gregorian
 
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp
 
The Art of Human Hacking : Social Engineering
OWASP Foundation
 
Attacking the cloud with social engineering
Peter Wood
 
Social Engineering: The Human Element of Sourcing and Recruiting | Glen Cathey
nwrecruit
 
Hacking the Helpdesk: Social Engineering Risks
Craig Clark ITIL, CIS LI,EU GDPR P
 
Social Engineering, or hacking people
Tudor Damian
 
Social engineering
Alexander Zhuravlev
 
Introduction To Information Security
belsis
 
Fraud detection
International School of Engineering
 
Credit card fraud detection
kalpesh1908
 
Information Security Lecture #1 ppt
vasanthimuniasamy
 
Presentation on fraud prevention, detection & control
Dominic Sroda Korkoryi
 
INFORMATION SECURITY
Ahmed Moussa
 
Ad

Similar to Social engineering (20)

PDF
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Richard Common
 
PDF
National Life IT Department's Cyber Security Awareness Presentation
Jamie Proctor-Brassard
 
PPTX
Conference about Social Engineering (by Wh0s)
Marta Barrio Marcos
 
PPT
Social Engineering: "The Cyber-Con"
abercius24
 
PPTX
MHTA Social Engineering Presentation - 050917
Evan Francen
 
PPT
Social Engineering: Protecting Yourself on the Campus Network
thowell
 
PDF
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
EMC
 
PPTX
Introduction to Social engineering | Techniques of Social engineering
Prem Lamsal
 
PPTX
ethical hacking in motion MODULE - II.ppt
ShivaniSingha1
 
PDF
phishing and dumpster diving attacks in socialengineering.pdf
jayaprasanna10
 
PPT
DNR-Security-Awareness-Training expert.ppt
pdffree25
 
PDF
Case Study On Social Engineering Techniques for Persuasion Full Text
graphhoc
 
PPTX
What is social engineering & why it is important
Vikram Khanna
 
PDF
- Social Engineering Unit- II Part- I.pdf
Ramya Nellutla
 
PPT
Social Engineering threats and concern.ppt
asalahuddin317
 
PDF
Social Engineering
Paul Devassy, CPP
 
PDF
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Shah Sheikh
 
PPTX
Social Engineering security Aweness.pptx
YacinRouger
 
PDF
Airport IT&T 2013 John McCarthy
Russell Publishing
 
PPSX
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Richard Common
 
National Life IT Department's Cyber Security Awareness Presentation
Jamie Proctor-Brassard
 
Conference about Social Engineering (by Wh0s)
Marta Barrio Marcos
 
Social Engineering: "The Cyber-Con"
abercius24
 
MHTA Social Engineering Presentation - 050917
Evan Francen
 
Social Engineering: Protecting Yourself on the Campus Network
thowell
 
White Paper: Social Engineering and Cyber Attacks: The Psychology of Deception
EMC
 
Introduction to Social engineering | Techniques of Social engineering
Prem Lamsal
 
ethical hacking in motion MODULE - II.ppt
ShivaniSingha1
 
phishing and dumpster diving attacks in socialengineering.pdf
jayaprasanna10
 
DNR-Security-Awareness-Training expert.ppt
pdffree25
 
Case Study On Social Engineering Techniques for Persuasion Full Text
graphhoc
 
What is social engineering & why it is important
Vikram Khanna
 
- Social Engineering Unit- II Part- I.pdf
Ramya Nellutla
 
Social Engineering threats and concern.ppt
asalahuddin317
 
Social Engineering
Paul Devassy, CPP
 
Yehia Mamdouh @ DTS Solution - The Gentleman Thief
Shah Sheikh
 
Social Engineering security Aweness.pptx
YacinRouger
 
Airport IT&T 2013 John McCarthy
Russell Publishing
 
Social Engineering - Are You Protecting Your Data Enough?
JamRivera1
 

Recently uploaded (20)

PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PPTX
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
August Patch Tuesday
Ivanti
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
What is a Computer? Input Devices /output devices
GulJan8
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
Modernising the Digital Integration Hub
Daniel Toomey
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
Web Crawler for Trend Tracking Gen Z Insights.pptx
Actowiz Solustions
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
August Patch Tuesday
Ivanti
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 

Social engineering

  • 1. Social Engineering The Art of Social Hacking By-Ankush Mohanty
  • 2. Introduction • What is Social Engineering? o Manipulate people into doing something, rather than by breaking in using technical means.This type of attack is non technical. • Types of Social Engineering • Ways to prevent Social Engineering
  • 4. What is Social Engineering? • Attacker uses human interaction to obtain or compromise information • Attacker my appear unassuming or respectable o Pretend to be a new employee, repair man, ect o May even offer credentials • By asking questions, the attacker may piece enough information together to infiltrate a companies network o May attempt to get information from many sources
  • 5. History of Social Engineering • The term Social Engineering was made popular ex- computer criminal Kevin Mitnick. • Confessed to illegally accessing private networks and possession of forged documents. • Claimed to of only used Social Engineering techniques with no help from software programs.
  • 6. Kevin Mitnick Famous Social Engineer Hacker • Went to prison for hacking • Became ethical hacker "People are generally helpful, especially to someone who is nice, knowledgeable or insistent."
  • 7. A Quote from Kevin Mitnick “You could spend a fortune purchasing technology and services from every exhibitor, speaker and sponsor at the RSA Conference, and your network infrastructure could still remain vulnerable to old-fashioned manipulation.”
  • 8. Kevin Mitnick - Art of Deception: • "People inherently want to be helpful and therefore are easily duped" • "They assume a level of trust in order to avoid conflict" • "It's all about gaining access to information that people think is innocuous when it isn't" • Here a nice voice on the phone, we want to be helpful • Social engineering cannot be blocked by technology alone
  • 9. Types of Attacks • Phishing • Impersonation on help desk calls • Physical access (such as tailgating) • Shoulder surfing • Dumpster diving • Stealing important documents • Fake software • Trojans
  • 10. Phishing • Fraudulently obtaining private information o Send an email that looks like it came from a legitimate business o Request verification of information and warn of some consequence if not provided o Usually contains link to a fraudulent web page that looks legitimate o User gives information to the social engineer  Ex: Ebay Scam
  • 11. Phishing continued • Spear Fishing o Specific phishing  Ex: email that makes claims using your name • Vishing o Phone phishing o Rogue interactive voice system  Ex:call bank to verify information Prevention: Honeypot email addresses Education Awareness of network and website changes
  • 12. Impersonation on help desk calls • Calling the help desk pretending to be someone else • Usually an employee or someone with authority • Prevention: – Assign pins for calling the help desk – Don‟t do anything on someone‟s order – Stick to the scope of the help desk
  • 13. Physical access • Tailgating • Ultimately obtains unauthorize building access • Prevention – Require badges – Employee training – Security officers – No exceptions!
  • 14. Shoulder surfing • Someone can watch the keys you press when entering your password • Probably less common • Prevention: – Be aware of who‟s around when entering your password
  • 15. Dumpster diving • Looking through the trash for sensitive information • Doesn‟t have to be dumpsters: any trashcan will do • Prevention: – Easy secure document destruction – Lock dumpsters – Erase magnetic media
  • 16. Stealing important documents • Can take documents off someone‟s desk • Prevention: – Lock your office – If you don‟t have an office: lock your files securely – Don‟t leave important information in the open
  • 17. Fake Software • Fake login screens • The user is aware of the software but thinks it‟s trustworthy • Prevention: – Have a system for making real login screens obvious (personalized key, image, or phrase) – Education – Antivirus (probably won‟t catch custom tailored attacks)
  • 18. Trojans • Appears to be useful and legitimate software before running • Performs malicious actions in the background • Does not require interaction after being run • Prevention: – Don„t run programs on someone else‟s computer – Only open attachments you‟re expecting – Use an antivirus
  • 19. Weakest Link? • No matter how strong your: o Firewalls o Intrusion Detection Systems o Cryptography o Anti-virus software • You are the weakest link in computer security! o People are more vulnerable than computers • "The weakest link in the security chain is the human element" -Kevin Mitnick
  • 20. Ways to Prevent Social Engineering Training • User Awareness o User knows that giving out certain information is bad • Military requires Cyber Transportation to hold o Top Secret Security Clearance o Security Plus Certification • Policies o Employees are not allowed to divulge private information o Prevents employees from being socially pressured or tricked
  • 21. Ways to Prevent Social Engineering Cont.. • 3rd Party test - Ethical Hacker o Have a third party come to your company and attempted to hack into your network o 3rd party will attempt to glean information from employees using social engineering o Helps detect problems people have with security • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information • Do not provide personal information, information about the company(such as internal network) unless authority of person is verified
  • 22. General Saftey • Before transmitting personal information over the internet, check the connection is secure and check the url is correct • If unsure if an email message is legitimate, contact the person or company by another means to verify • Be paranoid and aware when interacting with anything that needs protected o The smallest information could compromise what you're protecting