What is Social n Information Engineering? n Access to computer - - PDF document

what is social
SMART_READER_LITE
LIVE PREVIEW

What is Social n Information Engineering? n Access to computer - - PDF document

Dec 23, 2023 267 likes •340 views

Thompson Consulting Group, LLC Disclaimer WWW.TgroupOnline.Com This course provides a basic overview of Social Engineering, and is not legal advice. There is no warranty, expressed or implied, in connection with making this program

slide-1
SLIDE 1

Tennessee Bankers Association 1

1 2/15/12

Thompson Consulting Group, LLC WWW.TgroupOnline.Com

Social Engineering

Thompson Consulting Group, LLC

This course provides a basic overview of “Social Engineering,” and is not legal advice. There is no warranty, expressed or implied, in connection with making this program available.

Disclaimer

2/15/12 3

What is Social Engineering?

4 2/15/12

Why?

n Financial Gain n Information n Access to computer system n Revenge

5 2/15/12

Passwords

n What is your favorite password! n What question are you most often asked

for lost passwords?

6 2/15/12

Information Needed to Steal Your Identity:

  • 1. Name
  • 2. Address
  • 3. Social Security Number
  • 4. Telephone Number
  • 5. Mother’s Maiden Name
  • 6. Employment
slide-2
SLIDE 2

Tennessee Bankers Association 2

7 2/15/12

Effective For Social Engineering

  • 7. Past addresses
  • 8. Financial account numbers
  • 9. Children’s names
  • 10. Family information

8 2/15/12

Value (buy) Identity Information

n Credit card account number $_____ n Basic information $____to $_____ n Documents $80.00

9 2/15/12

Value (sell) Identity Information

n Green Card $80.00 n Basic Information $250.00 n Documents up to $500.00

10 2/15/12

Three Basic Ways

  • 1. In person
  • 2. Telephone (Vishing)
  • 3. Computer

11 2/15/12

Criminal Call Centers

n New job title “confirmer” n Criminal Call Center can spoof any state

  • r telephone numbers

n Language skills a must spanish/english

12 2/15/12

Technique is Simple! Takes Advantage of Human Flaws

n Trust n Helpfulness n Nonconfrontational

slide-3
SLIDE 3

Tennessee Bankers Association 3

13 2/15/12

Social Engineering Against You

n Jury Duty Scam n FedEx Delivery – Zeus Virus n E-mail Attacks

14 2/15/12

Social Engineering as a Visitor

n Entering facility through smokers door n Lost and looking for the bathroom

15 2/15/12

Social Engineering in Person

n Fire Inspector n Insurance Review n Delivery Person n Law Enforcement n Regulator n Computer Repair

16 2/15/12

Social Engineering Against You

n I am writing a college paper n I am a reporter n I am a writer checking facts n A family tragedy n A bad day story n Limited time

17 2/15/12

Fals alse e Ident dentif ifica ication ion

18 2/15/12

slide-4
SLIDE 4

Tennessee Bankers Association 4

19 2/15/12 20 2/15/12

The Perpetrators

n Gangs – Russian, Nigerians, YAKS, Youth n Confidence People n Terrorist Groups n Opportunists n Common Thieves n Information Brokers- Private Detectives n Possibly a member of our staff

21 2/15/12

Book on Social Engineering

n The Art of Deception by Kevin D. Mitnick

22 2/15/12

Books on Body Language

n Strictly Business Body

Language: Using Nonverbal Communication for Power and Success by Jan Latiolais Hargrave

n Let Me See Your

Body Talk by Jan Latiolais Hargrave

23 2/15/12

Internet Abuse

n Spoofing Websites n Surveys n Spam mail, unsolicited E-mail n Personal Webpages n Social Networking Sites

Statistic: There are over 400 ways the internet can be used to obtain personal information. Source FTC

24 2/15/12

Password statistics from Information Week

n 16% match a persons first name n 14% were patterns on a keyboard n 5% based on pop culture n 4% variations on the word “Password” n 4% reference thing in the persons view n 1% are sports related

slide-5
SLIDE 5

Tennessee Bankers Association 5

25 2/15/12

What are we looking for?

n Children’s names n Parents names n Hobbies n Pet names n Birthdays n Any favorite numbers listed

26 2/15/12

Stealing the “Password”?

n Google the name n Facebook account n Myspace account n Do they you use twitter n Do they have a webpage n Do they blog n Set a Google alert

27 2/15/12

Block name on face book Block all the way

28 2/15/12 29 2/15/12 30 2/15/12

slide-6
SLIDE 6

Tennessee Bankers Association 6

31 2/15/12

Review a persons area for passwords?

n Clip boards n Sticky notes n Look under keyboard n Look in top desk drawer

2/15/12 32

Did we guess your “Password”

33 2/15/12

Key Loggers Services I provide:

n Programs on ¨ Ethics ¨ Identity Theft ¨ Internal Fraud ¨ Dysfunctional Management Practices ¨ Social Engineering

34 2/15/12 35 2/15/12

Questions?

36 2/15/12

For More Information

Barry Thompson C.R.C.M. Thompson Consulting Group, LLC (315) 342-5931 tgroup@twcny.rr.com

Please call or email: