Presentation of Social Engineering - The Art of Human Hacking
- 1. Social Engineering The Art of Human Hacking www.facebook.com/realexninja
- 2. โฌ24bn processed annually 12,000clients 3 offices: London. Dublin. Paris. 170employees
- 3. Social Engineering: Content โข Content: โ What is social engineering? โ Types of social engineering & new age threats โ How to use Facebook to ruin someoneโs life โ Countermeasures โ Q&A
- 4. Social Engineering: Intro Which city is on the picture?
- 6. Social Engineering: Intro โข Victims of social engineering โ RSA โข Infected Excel attachment, over $100 million of damage โ Well Fargo Bank โข โCatholic Healthcareโ phone call, $2.1 million vanished โ Vodafone Help Desk โข Malware and fraud call, end user lost everything
- 8. Social Engineering: Basics to Succeed โข What is social engineering? The attempt to control social behaviour. โ The 3 Critical Success Factors: โข trust โข satisfaction โข relationship
- 9. Social Engineering: Basics to Succeed
- 10. Social Engineering: Basics to Succeed โข The first โtouchโ with social engineering Happy mom Happy child
- 11. Social Engineering: Basics to Succeed Good Evil
- 12. Social Engineering: Types โข Old-Fashioned Types of Social Engineering Techniques: โ Direct approach โ Important user โ Helpless user โ Technical support โ Mail-outs โ Social media - Facebook
- 13. Social Engineering: Types โข 1. Direct approach โข 2. Important user
- 14. Social Engineering: Types โข 3. Helpless user โข 4. Technical support
- 15. Social Engineering: Types โข 6. Social mediaโข 5. Mail-outs
- 16. Social Engineering: Types โข New-Fashioned Types of Social Engineering Techniques: โ 1. Phishing with new lethal-strains of ransomware
- 17. Social Engineering: Types โข New-Fashioned Types of Social Engineering Techniques: โ 2. IVR and robocalls for credit card information Did you purchase a flat screen TV for $3,295? Press 1 for yes or 2 for no.
- 18. Social Engineering: Types โข New-Fashioned Types of Social Engineering Techniques: โ 3. Phishing with funerals
- 19. Social Engineering: Practical example How to use Facebook to ruin someoneโs life (attack on an employee)
- 20. Social Engineering: Practical example โข 1st step: Protect your identity โ Install new operation system on a new disk โ Encrypt your disk โ Use anonymous proxy โ Use free Wi-Fi in a bar โ Preform attack drinking cold beer
- 21. Social Engineering: Practical example โข 2nd step: Fake e-mail and Facebook account โ The character must be: โข Woman* โข 25 to 35 years old โข Single โข High educated โข Interesting * Statistically is proven that the success rate using a woman character is more than 100 times (!) higher then using a male profile.
- 22. Social Engineering: Practical example โข 3rd step: Select the victim(s) โ Before sending the invitation: โข Get him/her friends โข Get him/her interests
- 23. Social Engineering: Practical example โข 4th step: Get the victim(s) as friend โ Start chatting and get sensitive information โ Start chat and get โsensitiveโ photos โ Post link to an infected site โ โฆ
- 24. Social Engineering: How to spot โข How to spot Social Engineering attack? โ unusual requirements โ requiring respect for authority โ threating with negative consequences โ giving praise and flattery โ offering something for nothing โ seems too good to be true, etcโฆ
- 25. Social Engineering: Countermeasure โข Social Engineering Countermeasure โ Slow down and Research the facts โ Delete any request for financial information or passwords. โ Reject requests for help or offers of help โ Donโt let a link in control of where you land โ Do not post yours personal data or photos โ Do not reveal sensitive data (e.g. passwords) โ Do not avoid policies and procedures โ Report any suspicious activity
- 26. Social Engineering: Last Slideโฆ Promise! โข Questions and discussion โThere is no such thing as a stupid question, only stupid answersโ: Colin Powell www.facebook.com/realexninja
- 27. Social Engineering: The end Thank you!
Editor's Notes
- #3: Company HistoryFounded in 2000 โ Founder Colm Lyon remains our CEO โ still heavily involved.Key Focus on connecting CNP multi-channel merchants to banksPayment solutions,
- #5: You probably remember the story of the Trojan War, because this war was one of the most important events in Greek mythology. You probably also remember that Achaean (ARKIJN) troops besieged the city of Troy for ten years without any results and a lot of soldiers died in vain. Because the raw Attack on Trojans technology or walls did not work, the army of Achaean decided to attack the Trojans mind. And then the city fell to the ruse of the Trojan Horse made by wood in just one day. Why the wooden trick was so efficient? Because of usage of the power of social engineering.
- #7: An unidentified scammer managed to convince Well Fargo Bank to transfer $2.1 million to him from Catholic Healthcare West's bank account."The brazen theft was pulled off ingeniously, but the biggest responsibility for its successful realization seems to lay with the Wells Fargo escrow agent who authorized the transfer without thoroughly checking on the legitimacy of the requests," writes Help Net Security's ZeljkaZorz."Armed with the name of the bank where Catholic Healthcare West had the account and the name and signature of the chain's CFO, the fraudster put the plan in motion in December 2011, Forbes reports," Zorz writes.
- #8: An unidentified scammer managed to convince Well Fargo Bank to transfer $2.1 million to him from Catholic Healthcare West's bank account."The brazen theft was pulled off ingeniously, but the biggest responsibility for its successful realization seems to lay with the Wells Fargo escrow agent who authorized the transfer without thoroughly checking on the legitimacy of the requests," writes Help Net Security's ZeljkaZorz."Armed with the name of the bank where Catholic Healthcare West had the account and the name and signature of the chain's CFO, the fraudster put the plan in motion in December 2011, Forbes reports," Zorz writes.
- #17: CryptoDefense