Social

Engineerin
g
Stephanie Oboh
Agenda
Social engineering

Forms of social engineering

attack

Impact of social
engineering

Protection strategies

Summary

Tuesday, February 2, 20XX Sample Footer Text 2

Introduction Social engineering is the tactic of manipulating,
influencing, or deceiving a victim to gain control over a
computer system, or to steal personal and financial
information. It is created to play on human
characteristics like curiosity to attack system. This has
become such a concern because many individuals and
Tuesday, February 2, 20XX Sample Footer Text organisation use computers and the thought that their 3
Forms of social engineering attacks
Phishing is a form of social engineering and a scam where
attackers deceive people into revealing sensitive
information or installing malware such as viruses, worms,
adware, or ransomware. Email or message scams that
trick people into revealing personal information.
• PHISIHING
Step-by-step process of how phishing is performed :

• A real-life scenario of phishing:

• An email from PayPal arrives telling the Step 1: Contextualization

victim that their account has been
compromised and will be deactivated Step 2: Impersonation
unless they confirm their credit card
details. The link in the phishing email
Step 3: Communication
takes the victim to a fake PayPal
website, and the stolen credit card
Step 4: Exploitation
information is used to commit further
crimes.
Tuesday, February 2, 20XX Sample Footer Text 4
Tuesday, February 2, 20XX Sample Footer Text 5
VISHING P R E -T E XT

• Vishing, short for voice phishing, refers • Pretexting is the use of a fabricated story, or
to fraudulent phone calls or voice pretext, to gain a victim's trust and trick or
messages designed to trick victims into manipulate them into sharing sensitive
providing sensitive information, like information, downloading malware, sending
login credentials, credit card numbers, money to criminals or otherwise harming
or bank details. themselves or the organization they work
• Step-by-step process of vishing: for.
• Step 1: The disguise • Step by step process of pretexting
• Step 2: The manipulation • Research and information gathering
• Step 3: The request • Scenario development
• A real-life scenario: In this scenario, a visher • Building trust and establishing authority
might impersonate a representative from a • Execution of request
financial institution to convince you to share • Data collection and exit strategy
your bank account or credit card details to
• Ubiquiti networks fraud (2015): Pre-texters
verify your identity so they can resolve a
supposed issue with your account. If the impersonating high-level executives of Ubiquiti
Networks sent employees messages requesting
scammer is successful, they can gain access
they send funds to the threat actor’s bank
to your
Tuesday, Februarybank
2, 20XX account or credit
Sample card.
Footer Text 6
accounts. The outcome of this elaborate social
B AI T IN G
EFFECTS
• Baiting: A type of social engineering • Successful social engineering attacks could lead
attack where a scammer uses a false
promise to lure a victim into a trap which to identity theft, malware attacks, ransomware
may steal personal and financial attacks, reputational damage, data theft, service
information or inflict the system with disruption and unauthorized access
malware
• Identity theft: this will mean people will have thing like their
• Step by step process of baiting: credit cards and other personal information at the mercy of
others, which is caused by others pretending to be them
• creating an attractive offer and this is achieved by the form of attacks of social
engineering that is have listed.
• When the victim takes the bait by
clicking the link and signing up for the • Ransomware attacks : this will have a heavy effect on
courses, malware is installed on their companies and businesses especially those who deal
device
with data. This is basically when hackers illegally
• In 2018, KerbsOnSecurity reported that withhold data and ask for a ransom in return. The
many U.S. state and local government business will now be forced to pay a sum of money.
agencies received strange letters via Again, this can be caused by the attacks I have
snail mail that included malware- explained in this slide.
infected compact discs (CDs) seemingly
sent from China
Tuesday, February 2, 20XX Sample Footer Text 7
Solutions
• Encryption: the process of turning information (e.g. a message) into a form that only the intended
recipient can decrypt and read. This will make the data and information more secure and harder to
access. Protecting your data is one of the ways you can stop attacks. A common method is to use
asymmetric encryption which employs two different keys – a ‘public’ key and a ‘private’ key. A private
key can decrypt messages encrypted with the corresponding public key. The public key is freely
available and is used to encrypt a message

• Firewall: software or hardware devices that protect against unauthorised access to a network. This will
help to create a safe environment and keep your data and private information safe from
intruders(hackers) who will try to gain unauthorized access. They can be configured to prevent
communications from entering the network and to prevent programs and users from accessing the
internet from within the network.
• Authentication is the process of determining whether someone trying to log into the network is who
they declare to be. Methods of authentication:
• Passwords
• Biometric methods
• Magnetic stripes
• Smart cards
• Physical and electrical tokens
•Tuesday,
ZeroFebruary
login 2, 20XX Sample Footer Text 8
Thank You
Stephanie Oboh

Tuesday, February 2, 20XX Sample Footer Text 9