Social Engineering

Harri Levo

What it is?O Leading the user in social media into

wanted directionO Aka. Manipulation of the user

O Based on human cognitive decision making

O Miss guiding the userO Can be used for commercial use or

for hacking

Miss usage techniquesO PretextingO Phishing and phone phishingO BaitingO TailgatingO Virus hoaxO Confidence trickingO Corner game

How it’s done

Pretexting Phishing

O Acquiring information from the user through a lieO A social security

number for identification

O Similar to ”security questions”

O Main goal to gain capitalO Gather data through

malwares:O EmailsO SMSO Links

O Phone calls can be also used through “paid numbers calling to users”

Baiting Corner gameO Leaving a obvious

traceO Usb-stickO Cd-rom

O For web users the hacker leaves an obvious lead such as a link.

O Tempting user to do what the hacker wants

O Changing a deliver of a company into a different place. O Diversion theftO Miss guiding a

deliver personO ”old school” yet

still used

Virus hoaxConfidence

tricking

O Miss guiding to think that the user is under a virus attackO Email suggest

the user to forward the mail to other users.

O Lives through the users good belief

O A combination of other tricks

O 6 stagesO Foundation workO ApproachO Build-upO Pay-offO The HurrahO In-and-out

O Benefitting from the good belief of the user

TailgatingO AKA. PiggybackingO Using an authors information to enter the data

baseO The it-support person in a company has he’s

memory stick compromised, infected by a virus. As he starts using the data base the virus will gather key information from the session. Such as, the routes the data goes when the master password is used.

O Tailgating is based on the knowledge of the user interface and the platform of the system. O Old windows DOS.

How to protect yourselfO Be skeptic, if something's too good to

be true, it probably isO Don’t connect your computer, laptop,

phone with devices you’re not certain with

O Be a little bit paranoid in the internet if you don’t know what you’re doing

O Common sense is the best defense against the misusage of your information.

SourcesO http://searchcio.techtarget.com/definition/pretextingO http://

www.microsoft.com/security/online-privacy/phishing-symptoms.aspx

O http://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering

O http://searchsecurity.techtarget.com/definition/virus-hoax

O http://www.oxforddictionaries.com/definition/english/confidence-trick

O http://www.crimes-of-persuasion.com/Victims/victims.htm

O http://searchsecurity.techtarget.com/tip/Social-engineering-penetration-testing-Four-effective-techniques