Cyber Security: Social Engineering Mid-America Technology Alliance - - PowerPoint PPT Presentation

cyber security social engineering
SMART_READER_LITE
LIVE PREVIEW

Cyber Security: Social Engineering Mid-America Technology Alliance - - PowerPoint PPT Presentation

Apr 02, 2023 203 likes •320 views

Cyber Security: Social Engineering Mid-America Technology Alliance Wednesday June 18th, 2015 What is Social Engineering? Social engineering, in the context of information security, is the art of manipulating people so they give up

slide-1
SLIDE 1

Cyber Security: Social Engineering

Mid-America Technology Alliance Wednesday June 18th, 2015

slide-2
SLIDE 2

What is Social Engineering?

Social engineering, in the context of information security, is the art of manipulating people so they give up confidential information.

slide-3
SLIDE 3

Social Engineering: Pretexting

Use information from prior research to establish legitimacy in the mind of the victim. “This is Joel from IT, calling to install the new backup software on your computer.” “This is John with Customer XYZ, calling to reset my email password.”

slide-4
SLIDE 4

Social Engineering: Phishing

Email appears to come from your bank or credit card company requesting “verification” of information with link to fake website. “Your account has been compromised. Login to your account and change your password.” Avoid links and phone numbers in emails.

slide-5
SLIDE 5

Social Engineering: Phone Phishing

Recreate a legitimate-sounding copy of a phone system on a different phone number. “Thank you for calling Bank of America. Please enter your 16 digit credit card number now.” “We were unable to verify your account. Transferring you to a customer care specialist.”

slide-6
SLIDE 6

Social Engineering: Baiting

Attacker leaves malware-infected flash drive in a location sure to be found and waits for a victim to use the device. Label drive as “Work”, “Personal”, “Home”, etc. Never use unknown discs or flash drives!

slide-7
SLIDE 7

Social Engineering: Quid Pro Quo

Something for something. Call victim claiming to be returning call from tech support. Help “solve” problem, and in process, have user type commands that give access or launch malware. Always verify incoming callers or call them back at known phone number!

slide-8
SLIDE 8

Social Engineering: Tailgating

Attacker seeking entry to a restricted area secured by unattended electronic access control simply walks in behind a person who has legitimate access. Avoid being “too nice”. Holding doors for unknown people carrying large boxes, not questioning people who are on the phone, etc.

slide-9
SLIDE 9

Social Engineering: Countermeasures

  • Think twice before providing sensitive info or

access to unknown people.

  • Verify incoming callers or call them back at a

known phone number.

  • Verify incoming emails or reply to a known

email address.

  • Avoid using unknown discs or flash drives.
slide-10
SLIDE 10

Social Engineering: Contact Info

Jason Klein, CEO Datility Networks, Inc. 316-282-0774 x3400 jason.klein@datility.net