Harri levo social engineering
-
Upload
hhsome -
Category
Social Media
-
view
474 -
download
3
description
Transcript of Harri levo social engineering
Social Engineering
Harri Levo
What it is?O Leading the user in social media into
wanted directionO Aka. Manipulation of the user
O Based on human cognitive decision making
O Miss guiding the userO Can be used for commercial use or
for hacking
Miss usage techniquesO PretextingO Phishing and phone phishingO BaitingO TailgatingO Virus hoaxO Confidence trickingO Corner game
How it’s done
Pretexting Phishing
O Acquiring information from the user through a lieO A social security
number for identification
O Similar to ”security questions”
O Main goal to gain capitalO Gather data through
malwares:O EmailsO SMSO Links
O Phone calls can be also used through “paid numbers calling to users”
Baiting Corner gameO Leaving a obvious
traceO Usb-stickO Cd-rom
O For web users the hacker leaves an obvious lead such as a link.
O Tempting user to do what the hacker wants
O Changing a deliver of a company into a different place. O Diversion theftO Miss guiding a
deliver personO ”old school” yet
still used
Virus hoaxConfidence
tricking
O Miss guiding to think that the user is under a virus attackO Email suggest
the user to forward the mail to other users.
O Lives through the users good belief
O A combination of other tricks
O 6 stagesO Foundation workO ApproachO Build-upO Pay-offO The HurrahO In-and-out
O Benefitting from the good belief of the user
TailgatingO AKA. PiggybackingO Using an authors information to enter the data
baseO The it-support person in a company has he’s
memory stick compromised, infected by a virus. As he starts using the data base the virus will gather key information from the session. Such as, the routes the data goes when the master password is used.
O Tailgating is based on the knowledge of the user interface and the platform of the system. O Old windows DOS.
How to protect yourselfO Be skeptic, if something's too good to
be true, it probably isO Don’t connect your computer, laptop,
phone with devices you’re not certain with
O Be a little bit paranoid in the internet if you don’t know what you’re doing
O Common sense is the best defense against the misusage of your information.
SourcesO http://searchcio.techtarget.com/definition/pretextingO http://
www.microsoft.com/security/online-privacy/phishing-symptoms.aspx
O http://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering
O http://searchsecurity.techtarget.com/definition/virus-hoax
O http://www.oxforddictionaries.com/definition/english/confidence-trick
O http://www.crimes-of-persuasion.com/Victims/victims.htm
O http://searchsecurity.techtarget.com/tip/Social-engineering-penetration-testing-Four-effective-techniques