Social Engineering

Lucas Carpio

Jumil Ortiz

Social Engineering

Refers to psychological manipulation of people for the purpose of information gathering, fraud or system access.

Techniques

  • Pretexting
  • Diversion theft
  • Phishing
  • IVR or phone phishing
  • Baiting
  • Quid pro quo
  • Tailgating

Pretexting

Involves some prior research or setup and the use of this information for impersonation to establish legitimacy in the mind of the target.

Diversion theft

The objective of this technique is to persuade the person responsible for a legitimate delivery that the consignment is requested elsewhere.

Phishing

Is a technique of fradulently obtaining private information.

IVR or phone phishing

Uses a rogue IVR(Interactive Voice Response) system to recreate a legitimate-sounding copy of a bank or other institution's IVR system.

Baiting

The attacker leaves a malware infected USB in a location sure to be found, gives it a legitimate looking and curiosity-piquing label, and simply waits for the victim to use  the device.

Quid pro quo

An attacker calls random numbers at a company, claiming to be calling from technical support. Eventually this person will hit someone with a legitimate problem, grateful that someone is calling back to help them.

Tailgating

Seeking entry to a restricted area secured by unattended, electronic access control.

Countermeasures

Organizations reduce their security risks by:

  • Establishing frameworks of trust

  • Identifying which information is sensitive

  • Establishing security protocols, policies, and procedures for handling sensitive information.

  • Training employees

  • Performing unannounced, periodic tests of the security framework.

  • Using a secure waste management service 

Made with Slides.com