Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Social Engineering_Example v0.3

No description
by

Faham Usman

on 22 May 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Social Engineering_Example v0.3

Information Security
Social Engineering
Awareness Campaign
Agenda
Salim is your Cyber Security Advisor.
About aeCERT
One of the initiatives of the UAE Telecommunications Regulatory Authority.
aeCERT is the United Arab Emirates Computer Emergency Response Team.
About aeCERT
Online Scams
What is Social Engineering
Who is Targeted
Social Engineering Techniques
Social Network Scams
Countermeasures
aeCERT
Salim (aeCERT)
@salim_aecert
For more information
www.aecert.ae
info@aecert.ae
Questions
Social Engineering is the art of manipulating people into performing actions that lead to breach of
confidential data & give access to personal sensitive information.


What is Social Engineering ?

Development of
Relationship

The Social Engineering Cycle

Execution to
Achieve the
Objective

Information
Gathering

Exploiting
Relationship

Internet
Firewall
Back Office
Social engineering principally involves the manipulation of people rather than technology to breach security.
Social Engineering
Attacker
Employee
Social Engineering Techniques
Some Common Social Engineering Techniques
Shoulder Surfing
Dumpster Diving
Phishing & Online Scams
Baiting
Tailgating
Shoulder Surfing
Shoulder surfing is watching someone’s login credentials, social security number, POS terminal PIN, ATM PIN or any other personal secret credentials by looking over their shoulder while they are using it.
Dumpster Diving
It is a method of stealing personal information by digging through a company’s dumpster or trash.
Login:
john
Password:
wombat55
Dumpster Diving
When dumpster diving, hackers are usually looking for:
IP Addresses
Passwords
Policy Manuals
Calendars for Events
Memos
Tapes, CD ROMs, Disks, etc.
Phishing
It is a kind of email fraud where the fraudster sends out a legitimate looking email posing as a trusted entity which is designed to extract sensitive information.
Phishing emails account for 47% of social engineering attacks targeting businesses.
Did You Know?
Phone call
Calls user impersonating as bank manager
Calls user impersonating as bank manager
User shares personal account (account number, credit card information, etc.) information

Shops online
Recent Phishing Scam Target
“Hello. This is Alex calling from
Verizon Wireless.
You have a refund due which I would like to remind you of, but first can you please provide your credit card number for verification before we proceed ? “
Online Scams
The Social Engineering Cycle
According to the recent attacks and research, social networking sites have been a major platform for a lot of social engineering attacks.
Users encounter wall posts, shares on Facebook or repins on pinterest that contain a link to a news item, promo or any other content
Users are redirected to ad tracking sites and then to the scam webpage
Users are lead to survey pages that ask information. Cybercriminals would then use stolen data for future threats
Examples of Online Scams
Examples of Online Scams
Examples of Online Scams
Dubizzle Scam in UAE
Attacker creates a fake property ad with lucrative offer.
The ad is published by attacker on www.dubizzle.com
The user sends email to the mentioned email address
@
The attacker asks for money to lock down the offer
User sends 2,000 AED.
Social Network Scams
Other Sneaky Online Scams
Plenty of people fall for such tricks, after all, if they didn’t work, social engineers wouldn’t put in so much effort in creating them
Did You Know?
Baiting
With the use of physical media like a USB or a CD, the attacker tries to capture the attention of the victim by giving it a mysterious label and deliberately placing it where it can be easily found (washroom, elevator etc).
Tailgating
Can you please hold the door?
My hands are full..
Physically following someone into a limited access area
Who is Targeted?
(Everyone)
Of IT and Security professionals are aware of the risks of social engineering.
86%
Success rate with social engineering phone calls to businesses.
75%
Of enterprises have been victims of social engineering attacks.
48%
Social Engineering Malware Attacks on the Rise in the UAE
According to Kaspersky, 3,496,847 internet-borne malware incidents have been detected in UAE between January and June last year.
Overall, 38.3% of users from UAE were attacked by web-borne threats during this period.
This ranks the UAE 31st worldwide for malware threats of this type.
More then
3.4M
38.8%
31
Another Recent Target
SCDoR – South Carolina Department of Revenue
The initial penetration into South Carolina’s databases was through a social engineering attack. 
Multiple employees were targeted with malicious emails that urged the targets to click on a link embedded in the email.
Did You Know ?
One user’s mistake launched malware that compromised the SCDoR’s system.
Information pertaining to nearly 700,000 businesses
5000 credit card numbers
3.6 Million social security numbers
Countermeasures
Information Security Awareness Trainings
Establish Policies & Procedures to recognize and respond to social engineering threats
Build a security-aware culture
Be aware of providing personal information to avoid being a victim of an online scam or a phishing attack
01
02
03
04
If you are an organization, perform unannounced periodic
tests of the network
05
Have a proper waste management system to avoid dumpster diving
06
Respectfully refuse to lend your identity token / security pass to avoid tailgaters access the building
07
Do not use a device on your computer unless it belongs to you or is given to you for a purpose from a trustworthy person
08
Review the above steps periodically
09
Aims at promoting, building and ensuring a safer & secure cyber environment and culture in the UAE.
3.3 million bank accounts
Countermeasures
Full transcript