Social Engineering

Objectives: overview of social engineering concepts, understanding various social engineering techniques, understanding insider threats, understanding impersonation on social networking sites, understanding identity theft, social engineering countermeasures, identify theft countermeasures, overview of social engineering pen testing

Social Engineering Concepts

  • Social engineering is the art of convincing people to reveal confidential information

  • Depends on the fact people are unaware of their valuable info and careless about protecting it

Social Engineering Techniques

  • Human-based social engineering, Computer-Based social engineering, Mobile-based social engineering

  • Human Based Social Engineering

  • Reverse social engineering (attacker presents as authority)

  • Piggybacking (“I forgot my ID badge, please help)

  • Tailgating (walking directly behind someone for entrance)

  • Computer Based Social Engineering

  • Hoax Letters, free gifts, etc

  • Mobile-based social engineering

  • Repackaging legitimate apps

  • Fake security applications

  • Insider attack

  • Disgruntled employee

  • Prevention: separation and rotation of duties, least privilege, controlled access, logging and auditing, legal policies, archive critical data

Impersonation on Social Networking Sites

  • Social engineering on facebook, twitter, linkedin etc

Identify Theft

  • When someone steals your PI

Social Engineering countermeasures

  • Periodic password change, good policies, etc.