Scribd
Upload
129 views11 pages

Social Engineering

Social engineering is an attack that tricks people into revealing confidential information or violating security procedures. It involves gaining someone's trust to steal data. Types include baiting (leaving infected devices), phishing (fake emails), spear phishing (targeted emails), pretexting (lying for access), and scareware (tricking users into malware). To prevent it, educate employees, be wary of unsolicited contacts, change passwords regularly, and don't reveal private information in emails. Phishing reports increased from January to March 2016 according to one source.

Uploaded by

api-353521051
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
129 views11 pages

Social Engineering

Social engineering is an attack that tricks people into revealing confidential information or violating security procedures. It involves gaining someone's trust to steal data. Types include baiting (leaving infected devices), phishing (fake emails), spear phishing (targeted emails), pretexting (lying for access), and scareware (tricking users into malware). To prevent it, educate employees, be wary of unsolicited contacts, change passwords regularly, and don't reveal private information in emails. Phishing reports increased from January to March 2016 according to one source.

Uploaded by

api-353521051
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

SocialEngineering

Wudad Shedewa
CIS-221
What is Social Engineering?

Social engineering is an attack vector that relies heavily on


human interaction and often involves tricking people into
breaking normal security procedures. Social engineering
attackers usually attempt to access computer networks or
data stores by gaining the confidence of authorized users to
steal confidential information from a individual or an
organization.
Type of SocialEngineering!

Baiting
Phishing
Spear phishing
Pretexting
Scareware
Baiting
Baiting: When a attacker leaves a malware infected
device such as a UBS devicesomewhere to be found
by someone who would take it and install into his/her
computer to which it willinstall the malware in their
computers infecting it.
Phishing
Phishing:Phishing is when someonesends a
fraudulent email disguised as a legitimate email,
often purporting to be from a trusted source. The
message is meant to trick the recipient into sharing
personal or financial information or clicking on a link
that installs malware
Spear Phishing
Spear phishing:Spear phishing is like phishing, but tailored
for a specific individual or organization, such a company with a
lot of sources that can be used orto reveal confidential
information.
Harder to detect, since spear phishingemails look more
genuine.
Pretexting

Pretexting:Pretexting is when one party lies to


another to gain access to privileged data. It's often a
scam that involves the liar to pretend to need
personal information to confirmthe identity of the
person their talking to.
Creates believable scenarios
Scareware
Scareware:Involvestricking a user into buying and
downloading unnecessary and potentially dangerous
software that lead to a malware,The attacker then
offers the victim a solution that will fix the problem; in
reality, the victim is simply tricked into downloading
and installing the attacker's malware with no solution.
How to Prevent Social Engineering
Educate your employees about social engineering and other threats that could danger
someone or the organization.
Do not reveal personal or financial information in email.
Be suspicious of unsolicited phone calls, visits, or email messages from individuals
asking about employees or other internal information.
Never open unknown emails that ask you to "click here" or have links.
If you believe that your financial accounts may be compromised, contact your financial
institution immediately and close any accounts that may have been compromised.
Change passwords from now and then, never use old passwords and try to put some
numbers or maybe keep some capitalized and never use personal information for your
passcode, such as your social security or birthdays or your last name.
Graph
Phishing Reports Received From January - March 2016
350,000
299,265
300,000

250,000 229,315

200,000
Number of Attacks
150,000
99,384
100,000

50,000

0
January February March

Months

https://docs.apwg.org/reports/apwg_trends_report_q1_201
6.pdf
Sources:

http://searchsecurity.techtarget.com/definition/social-engineer
ing
https://www.us-cert.gov/ncas/tips/ST04-014
https://docs.apwg.org/reports/apwg_trends_report_q1_2016.pd
f

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy