social engineering tales
TRANSCRIPT
Introduction about Myself
• Ahmed Abbas Mohammed.
• Graduated from SUST-CSIT, Networks department.
• Currently working as an Information Security Administrator.
• Organizer and speaker at OWASP Khartoum.
• Member at Sudan-T00r and Hex Hex security teams.
• Interested in physical security, security awareness and psychology.
What is social engineering?
• the art of manipulating, influencing, or deceiving you in order to gain control over your computer system. The hacker might use the phone, email, snail mail or direct contact to gain illegal access.
• Why spend thousands of dollars on sophisticated hacking software when you could just trick someone into telling you the password?
Terms
• Confidence trick
• Amygdala hijacking
• Elicitation
• Influencing
• Manipulation
• Pretexting
Social Engineering Tales - 2015
• Phishing
• Spear-phishing
• Harvesting
• Dumpster diving
• Shoulder surfing
• Tailgating
Humans Weak Points
• Diffusion of Responsibility
• Chance for Ingratiation
• Trust Relationship
• Guilt
• Desire to help.
Why is Social Engineering Effective?
• Manipulates legitimate users into undermining their own security system
• Abuses trusted relationships between employees
• Very cheap for the attacker
• Attacker does not need specialized equipment or skills