Social Engineering
Objectives
Overview of social engineering concepts, understanding various social engineering techniques, understanding insider threats, understanding impersonation on social networking sites, understanding identity theft, social engineering countermeasures, identify theft countermeasures, overview of social engineering pen testing
Social Engineering Concepts
- Social engineering is the art of convincing people to reveal confidential information
- Depends on the fact people are unaware of their valuable info and careless about protecting it
Social Engineering Techniques
- Human-based social engineering, Computer-Based social engineering, Mobile-based social engineering
- Human Based Social Engineering
- Reverse social engineering (attacker presents as authority)
- Piggybacking (“I forgot my ID badge, please help)
- Tailgating (walking directly behind someone for entrance)
- Computer Based Social Engineering
- Hoax Letters, free gifts, etc
- Mobile-based social engineering
- Repackaging legitimate apps
- Fake security applications
- Insider attack
- Disgruntled employee
- Prevention: separation and rotation of duties, least privilege, controlled access, logging and auditing, legal policies, archive critical data
Impersonation on Social Networking Sites
- Social engineering on facebook, twitter, linkedin etc
Identify Theft
- When someone steals your PI
Social Engineering countermeasures
- Periodic password change, good policies, etc.