KEMBAR78
Social Engineering: Tactics & Prevention | PDF | Security | Computer Security
Scribd
Upload
114 views12 pages

Social Engineering: Tactics & Prevention

Uploaded by

Hard Gamer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
114 views12 pages

Social Engineering: Tactics & Prevention

Uploaded by

Hard Gamer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Social Engineering

Ethan Toso
What is Social ●

Involves human interaction
Nontechnical Intrusion
Engineering? ● Involves tricking people to
break normal security
procedures

(Patel, 2013)
Video
“A social engineering attack is a continuous process
that starts with initial research, which is the starting
phase, until its completion, when the social engineer
ends the conversation. The conversation is a brief
coverage of the four phases that the social engineer
follows to perform an attack.” (Patel & R.S., 2013)
Phases of attack (Patel & R.S., 2013)

● Research
○ Learn about target
● Hook
○ Initial conversation/Build Trust
● Play
○ Get Information
● Exit
○ Leave without raising suspicion
Types of Social Engineering Attacks (Patel & R.S.,
2013)

Human Based Computer based

● Piggybacking ● Pop-up windows


● Impersonating ● Insider attack
● Eavesdropping ● Phishing
● Reverse social engineering ● Nigerian 419 scam
● Dumpster diving ● Fake SMS
● Posing as a legitimate user
History of Social Engineering

● Trojan Horse Story


● Greeks created giant wooden horse
● Early use of Social Engineering

(Mitnick Security Consulting, n.d.)


Current Events

2019 Toyota BEC Scam 2011 RSA Phishing Scam

● Attacker manipulated finance/accounting ● Employee clicked attachment in an email


departments ● Ran an exploit through Adobe Flash
● Posed as a business partner ● Attacker stole sensitive information
● Stole $37 million dollars
Current Events cont.

● 2013 Target Data Breach


● 2013 Yahoo Customer Accounts
● 2020 Twitter Bitcoin Scam

(Mitnick Security Consulting, n.d.)


“In most cases, successful social engineers have
strong people skills. They’re charming, polite, and
easy to like – social traits needed for establishing
rapport and trust” (Mitnick & Simon, 2002).
Prevention

● Awareness
● Auditing
● Good Security Policies
References
Kevin D. Mitnick, & William L. Simon. (2002). The Art of Deception : Controlling the Human Element of Security. Wiley.

Mitnick Security Consulting. (n.d.). The History of Social Engineering. Retrieved April 25, 2022, from
https://www.mitnicksecurity.com/the-history-of-social-engineering#chapter-2

Patel, R. (2013). Kali Linux social engineering. Birmingham: Packt Publishing.

What is Social Engineering? | Proofpoint Cybersecurity Education Series. (2019, August 14). [Video]. YouTube.
https://www.youtube.com/watch?v=9U-JgdUkaTQ

You might also like