Information Security Social Engineering Why are we here
- Slides: 22
Information Security Social Engineering
Why are we here? • To make you more aware of threats regarding information security • Give you examples of real life threats • Show you a hacking scenario • Let you know what you can do to prevent.
What is Social Media & Engineering? Social Media • Any method of social interaction where people create, share, or exchange ideas and information. Social Engineering • Process of using social skills to convince people to reveal access credentials or other valuable information to the attacker. • Social media is a tool hackers use to build social engineering. We give them that.
Why care? • Survey Results • Primary use of internet is for social media and then school work • Group is aware of cyber security and cyber attacks • About 50% have answered personal questions online • Group uses smartphones, tablets, and computers to access internet • Hackers always find new ways and with advancement in technology it is becoming easier to exploit people • STAY INFORMED!!!!
Misconception about Phone Security • 57% of adult smartphone users are unaware that there are security solutions for smartphones • 52% of users store sensitive files on their phones • Last year, 38% of smartphone users were victims of cybercrime • This number is expected to grow as the smartphone user base continues to grow • Smartphones can become infected with many different variations of malware, just as computers can
Cell Phone Attacks • NFC – Near Field Communication • Radio-frequency identification • Activate within 3 centimeters – Debuted in 2010 • Samsung Nexus S – Used for • Mobile Payments • Device Pairing • Data transfers • Eavesdropping • Antenna to intercept radio communication • Steal/corrupt data being transmitted
Cell Phone Attacks • Gyroscope – Detect devices orientation in space – Android • Frequencies from 80 Hz – 250 Hz – i. OS • Frequencies 0 Hz – 100 Hz – Consequence • Record human voices (80 Hz – 250 Hz) • No explicit permissions required • No microphone necessary
Cell Phone Attacks • Bluetooth – Ultra High Frequency Radio Waves – Short distance (~30 ft) – Used for • Data transfers • Device communication – Bluesnarfing • Connect without authentication • CRUD data – i. e. Calendar or contacts data – Bluebugging • Connect by posing as headset or previously authenticated device • Listen to phone calls • Interact with text messages
Social Engineering Scams 419 Fraud Purchase Order Scam • • • Scams retailers and universities • Sends money overseas • Uses victims from Romance Scam to facilitate money wiring Employment Scam Lottery Scam Online sales and rentals Romance Scam
Local Scams “Peg” Romance Victim Papageorgiu • Used online dating • Fell in love with an “antic dealer” Mike Perry • Helped wire money for her “boyfriend” from “antic sales” • Money laundering scheme • Also a victim of online dating • “girlfriend” was a woman living in Albuquerque • Sold his condo to help his “girlfriend”
Social Engineering Tactics Nontechnical Technical • • • Pretexting Diversion theft Tailgaiting Shoulder Surfing Techie Talk Neuro-linguistic programming Phishing Baiting Social Networking Social Engineering in reverse
Social Network Scam Example Offender Victim • Creates fake facebook with full content (pictures, hobbies, etc. ) • Pretend to be someone you should know (transfer student, fellow employee, etc. ) • Sends friend request • Has security options enabled to only allow friends to see information • Is that enough?
Art of BS • • • How to invade personal space and gain credibility Use of same language/ slang Humor Build trust 3 layers of space http: //youtu. be/1 kk. OKv. Prd. Z 4? t=31 m 55 s Demonstration
Prevention Never give out: Be aware of who is asking • Personal information • Medical Information • Financial Information • Doctor, Employer, friend? • Should they already have the information? • Do they need this information? • Why do they need this?
Prevention Be aware what they ask via phone Be aware what they ask via internet • • • Watch out for any attachments in e-mail they want you to run • Avoid any requests to enter account information if you don’t know the sender or site. • When in doubt, you can contact sender or send a new email to address with same subject. Ask for full name of caller Correct spelling A call back number Why they need information • When in doubt, put caller on hold and see if they wait. Most scammers will not. Log the strange call
Short Video and Live Demo • https: //www. youtube. com/watch? v=1 kk. OKv. Prd. Z 4 • 16: 58 • Live Demo of Hacking
Q&A Can you find a difference between the secured session and insecure session?
Q&A True or false: Social Engineering scams need your trust to happen True
Q&A True or false: Social attacks can only happen online False- there are more online and is increasing, but can happen in person or over the phone.
Q&A How many layers of protection are there? Three
QUESTIONS? ?