Social Engineering
Lucas Carpio
Jumil Ortiz
Social Engineering
Refers to psychological manipulation of people for the purpose of information gathering, fraud or system access.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/362339/images/1634005/social_engineering.jpg)
Techniques
- Pretexting
- Diversion theft
- Phishing
- IVR or phone phishing
- Baiting
- Quid pro quo
- Tailgating
![](https://s3.amazonaws.com/media-p.slid.es/uploads/362339/images/1634043/download.png)
Pretexting
Involves some prior research or setup and the use of this information for impersonation to establish legitimacy in the mind of the target.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/362339/images/1634614/download__1_.jpg)
Diversion theft
The objective of this technique is to persuade the person responsible for a legitimate delivery that the consignment is requested elsewhere.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/362339/images/1634066/social_theft.jpg)
Phishing
Is a technique of fradulently obtaining private information.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/362339/images/1634070/phishing-attack.png)
IVR or phone phishing
Uses a rogue IVR(Interactive Voice Response) system to recreate a legitimate-sounding copy of a bank or other institution's IVR system.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/362339/images/1634053/social-engineering.jpg)
Baiting
The attacker leaves a malware infected USB in a location sure to be found, gives it a legitimate looking and curiosity-piquing label, and simply waits for the victim to use the device.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/362339/images/1634095/social_baiting.jpg)
Quid pro quo
An attacker calls random numbers at a company, claiming to be calling from technical support. Eventually this person will hit someone with a legitimate problem, grateful that someone is calling back to help them.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/362339/images/1634106/social_pro.jpg)
Tailgating
Seeking entry to a restricted area secured by unattended, electronic access control.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/362339/images/1634114/01-tailgating.png)
Countermeasures
Organizations reduce their security risks by:
-
Establishing frameworks of trust
-
Identifying which information is sensitive
-
Establishing security protocols, policies, and procedures for handling sensitive information.
-
Training employees
-
Performing unannounced, periodic tests of the security framework.
-
Using a secure waste management service
![](https://s3.amazonaws.com/media-p.slid.es/uploads/362339/images/1634821/security.jpg)
Social Engineering
By Lucas Carpio
Social Engineering
- 1,082