SlideShare ist ein Scribd-Unternehmen logo

Social engineering-Sandy Suhling

S
suhlingse

Social engineering: Case Study & attack implications

Technologie
1 von 10
Downloaden Sie, um offline zu lesen
Social Engineering Attacks: Case Studies & Security Implications By Sandy Suhling INFO 644--Fall 2013
What is social engineering? ● “gaining of information from legitimate users for illegitimate access (Dhillon, 2013).” ● generally involves manipulating someone to take action or give information that may or may not be in the target’s best interests (Hadnagy, 2010).
Social Engineering techniques ● dumpster diving (Brody, Brizzee, & Cano, 2012) ● shoulder surfing ● tailgating/piggybacking ● phishing ● pretexting ● intimidation (Orlando, 2007) ● bribery
Case Study: Wayland Fruit Company http://world-beautifulwallpapers.blogspot.com/2013/02/beautiful-fruits-wallpapers.html
Case Study: Holes in Security ● company policy violations ○ vulnerable to blackmail, coercion ● hacker use of pretexting to get information ○ pretended to be EW IT Technician ○ knew information about the company & Mr. Farmer ● Lack of awareness/education ● use of same login ID and password for multiple accounts
Social & Technical Vulnerabilities ● Walmart: good customer service vs. giving out business information (Cowley, 2012). ● Human tendencies = vulnerabilities: ○ want to be helpful ○ make assumptions ○ reluctance to question authorities ○ people take shortcuts, security vs. usabilitiy (Hadnagy, 2010). ○ overconfidence
Implications for attacks ● can have high costs ○ financial costs $25,000-$100,000/incident ○ loss of trust in employees ○ loss of business ● difficult to prevent because of natural human tendencies
Preventing social engineering attacks ● include 4th generation security measures (Dhillon, 2013). ● education and awareness about social engineering for all employees ● use a combination of informal, formal, and technical controls/security measures ● make use of penetration testing ● don’t make it easy! ○ ex: proper disposal of trash/important documents (Brody, Brizzee, & Cano, 2012)
Class Question What other security measures can businesses use to prevent social engineering attacks? How are these security measures different from those instituted to protect from other types of attacks?
References ● Brody, R.G., Brizzee, W.B., and Cano, L. (2012). Flying under the radar: Social engineering. International Journal of Accounting and Information Management, 20(4). Retrieved from http://www.emeraldinsight.com.proxy.library.vcu.edu/ journals.htm?articleid=17058136&show=abstract. ● Cowley, S. (2012). How a lying 'social engineer' hacked Wal-Mart. CNN. Retrieved from http://money.cnn.com/2012/08/07/technology/walmart-hack-defcon/index.htm. ● Dhillon, G. (2013). Enterprise Cyber Security: Principles and Practice. Washington, DC: Paradigm Books. ● Hadnagy, C. (2010). Social Engineering: The Art of Human Hacking. Indianapolis, IN: John Wiley & Sons. Retrieved from http://proquest.safaribooksonline.com.proxy.library.vcu.edu/9780470639535 ● Orlando, J. (2007). Social engineering in penetration testing: Cases. Security Strategies Alert. Retrieved from http://www.networkworld.com/newsletters/2007/1022sec2.html?page=1

Empfohlen

Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenshipJonah Howard
 
„The four most-used passwords are love, sex, secret, and God“: password secur...
„The four most-used passwords are love, sex, secret, and God“: password secur...„The four most-used passwords are love, sex, secret, and God“: password secur...
„The four most-used passwords are love, sex, secret, and God“: password secur...Kaido Kikkas
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Social engineering
Social engineeringSocial engineering
Social engineeringNicholas Davis
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark ArtsSocial Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Artsn|u - The Open Security Community
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 

Empfohlen

Digital citizenship
Digital citizenshipDigital citizenship
Digital citizenshipJonah Howard
 
„The four most-used passwords are love, sex, secret, and God“: password secur...
„The four most-used passwords are love, sex, secret, and God“: password secur...„The four most-used passwords are love, sex, secret, and God“: password secur...
„The four most-used passwords are love, sex, secret, and God“: password secur...Kaido Kikkas
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Social engineering
Social engineeringSocial engineering
Social engineeringNicholas Davis
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark ArtsSocial Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Artsn|u - The Open Security Community
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social EngineeringNutan Kumar Panda
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit frameworkPrashanth Sivarajan
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxRunning head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxtodd271
 
Designing for Usable Security and Privacy
Designing for Usable Security and PrivacyDesigning for Usable Security and Privacy
Designing for Usable Security and PrivacyCori Faklaris
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfSaraJayneTerp
 
CanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfCanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfSaraJayneTerp
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technohoney690131
 
Project Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxProject Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxbriancrawford30935
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxtodd581
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxglendar3
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...The University of Texas (UTRGV)
 
CSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfCSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfSaraJayneTerp
 
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxChapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxbartholomeocoombs
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxnormanibarber20063
 

Weitere ähnliche Inhalte

Andere mochten auch

Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social EngineeringNutan Kumar Panda
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 

Andere mochten auch (8)

Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit framework
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 

Ähnlich wie Social engineering-Sandy Suhling

Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxRunning head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxtodd271
 
Designing for Usable Security and Privacy
Designing for Usable Security and PrivacyDesigning for Usable Security and Privacy
Designing for Usable Security and PrivacyCori Faklaris
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfSaraJayneTerp
 
CanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfCanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfSaraJayneTerp
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessKory Edwards
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technohoney690131
 
Project Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxProject Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxbriancrawford30935
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxtodd581
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxglendar3
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...The University of Texas (UTRGV)
 
CSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfCSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfSaraJayneTerp
 
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxChapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxbartholomeocoombs
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxnormanibarber20063
 
Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)SaraJayneTerp
 
MITIGATING SOCIAL ENGINEERING ATTACKS.pptx
MITIGATING SOCIAL ENGINEERING ATTACKS.pptxMITIGATING SOCIAL ENGINEERING ATTACKS.pptx
MITIGATING SOCIAL ENGINEERING ATTACKS.pptxzeeguy4lyf
 
Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyCSCJournals
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
 
Target Data Security Breach Case Study
Target Data Security Breach Case StudyTarget Data Security Breach Case Study
Target Data Security Breach Case StudyAngilina Jones
 

Ähnlich wie Social engineering-Sandy Suhling (20)

Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docxRunning head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
Running head DEPRESSION AMONG MILLENIALS1DEPRESSION AMONG M.docx
 
Designing for Usable Security and Privacy
Designing for Usable Security and PrivacyDesigning for Usable Security and Privacy
Designing for Usable Security and Privacy
 
CSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdfCSW2022_01_introduction.pptx.pdf
CSW2022_01_introduction.pptx.pdf
 
CanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdfCanSecWest_cogsec_course_01_introduction.pdf
CanSecWest_cogsec_course_01_introduction.pdf
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
 
Project Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docxProject Plan CreationInclude the following components in an M.docx
Project Plan CreationInclude the following components in an M.docx
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
 
Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...Information Security and Privacy - Public Sector actions, policies and regula...
Information Security and Privacy - Public Sector actions, policies and regula...
 
CSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdfCSW2022_07_narratives.pptx.pdf
CSW2022_07_narratives.pptx.pdf
 
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docxChapter 14Ethical Risks and Responsibilities of IT Innovations.docx
Chapter 14Ethical Risks and Responsibilities of IT Innovations.docx
 
Introduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docxIntroduction Over the past years, there have been increasing ca.docx
Introduction Over the past years, there have been increasing ca.docx
 
Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)Disarm vanguards 2022-02-25 (3)
Disarm vanguards 2022-02-25 (3)
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
MITIGATING SOCIAL ENGINEERING ATTACKS.pptx
MITIGATING SOCIAL ENGINEERING ATTACKS.pptxMITIGATING SOCIAL ENGINEERING ATTACKS.pptx
MITIGATING SOCIAL ENGINEERING ATTACKS.pptx
 
Dealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In TechnologyDealing with Data Breaches Amidst Changes In Technology
Dealing with Data Breaches Amidst Changes In Technology
 
Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm Data loss prevention by using MRSH-v2 algorithm
Data loss prevention by using MRSH-v2 algorithm
 
Target Data Security Breach Case Study
Target Data Security Breach Case StudyTarget Data Security Breach Case Study
Target Data Security Breach Case Study
 

Kürzlich hochgeladen

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Kürzlich hochgeladen (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Social engineering-Sandy Suhling

  • 1. Social Engineering Attacks: Case Studies & Security Implications By Sandy Suhling INFO 644--Fall 2013
  • 2. What is social engineering? ● “gaining of information from legitimate users for illegitimate access (Dhillon, 2013).” ● generally involves manipulating someone to take action or give information that may or may not be in the target’s best interests (Hadnagy, 2010).
  • 3. Social Engineering techniques ● dumpster diving (Brody, Brizzee, & Cano, 2012) ● shoulder surfing ● tailgating/piggybacking ● phishing ● pretexting ● intimidation (Orlando, 2007) ● bribery
  • 4. Case Study: Wayland Fruit Company http://world-beautifulwallpapers.blogspot.com/2013/02/beautiful-fruits-wallpapers.html
  • 5. Case Study: Holes in Security ● company policy violations ○ vulnerable to blackmail, coercion ● hacker use of pretexting to get information ○ pretended to be EW IT Technician ○ knew information about the company & Mr. Farmer ● Lack of awareness/education ● use of same login ID and password for multiple accounts
  • 6. Social & Technical Vulnerabilities ● Walmart: good customer service vs. giving out business information (Cowley, 2012). ● Human tendencies = vulnerabilities: ○ want to be helpful ○ make assumptions ○ reluctance to question authorities ○ people take shortcuts, security vs. usabilitiy (Hadnagy, 2010). ○ overconfidence
  • 7. Implications for attacks ● can have high costs ○ financial costs $25,000-$100,000/incident ○ loss of trust in employees ○ loss of business ● difficult to prevent because of natural human tendencies
  • 8. Preventing social engineering attacks ● include 4th generation security measures (Dhillon, 2013). ● education and awareness about social engineering for all employees ● use a combination of informal, formal, and technical controls/security measures ● make use of penetration testing ● don’t make it easy! ○ ex: proper disposal of trash/important documents (Brody, Brizzee, & Cano, 2012)
  • 9. Class Question What other security measures can businesses use to prevent social engineering attacks? How are these security measures different from those instituted to protect from other types of attacks?
  • 10. References ● Brody, R.G., Brizzee, W.B., and Cano, L. (2012). Flying under the radar: Social engineering. International Journal of Accounting and Information Management, 20(4). Retrieved from http://www.emeraldinsight.com.proxy.library.vcu.edu/ journals.htm?articleid=17058136&show=abstract. ● Cowley, S. (2012). How a lying 'social engineer' hacked Wal-Mart. CNN. Retrieved from http://money.cnn.com/2012/08/07/technology/walmart-hack-defcon/index.htm. ● Dhillon, G. (2013). Enterprise Cyber Security: Principles and Practice. Washington, DC: Paradigm Books. ● Hadnagy, C. (2010). Social Engineering: The Art of Human Hacking. Indianapolis, IN: John Wiley & Sons. Retrieved from http://proquest.safaribooksonline.com.proxy.library.vcu.edu/9780470639535 ● Orlando, J. (2007). Social engineering in penetration testing: Cases. Security Strategies Alert. Retrieved from http://www.networkworld.com/newsletters/2007/1022sec2.html?page=1