Objectives: overview of social engineering concepts, understanding various social engineering techniques, understanding insider threats, understanding impersonation on social networking sites, understanding identity theft, social engineering countermeasures, identify theft countermeasures, overview of social engineering pen testing
- Social engineering is the art of convincing people to reveal confidential information
- Depends on the fact people are unaware of their valuable info and careless about protecting it
- Human-based social engineering, Computer-Based social engineering, Mobile-based social engineering
- Human Based Social Engineering
- Reverse social engineering (attacker presents as authority)
- Piggybacking (“I forgot my ID badge, please help)
- Tailgating (walking directly behind someone for entrance)
- Computer Based Social Engineering
- Hoax Letters, free gifts, etc
- Mobile-based social engineering
- Repackaging legitimate apps
- Fake security applications
- Insider attack
- Disgruntled employee
- Prevention: separation and rotation of duties, least privilege, controlled access, logging and auditing, legal policies, archive critical data
- Social engineering on facebook, twitter, linkedin etc
- When someone steals your PI
- Periodic password change, good policies, etc.