Click me
Transcript

Hacking the Mind: Why Social Engineering Works

HACKING THE MIND A look inside how and why social engineering works. WHAT EXACTIY THE ART OF MANIPULATING PEOPLE INTO PERFORMING ACTIONS OR DIVULGING CONFIDENTIAL INFORMATION. WHY IS SOCIAL BOTHER DEVELOPING AND PLANNING A SOPHISTICATED TECHNICAL HACK WHEN YOU COULD JUST TRICK SOMEONE ENGINEERING? INTO GIVING YOU ACCESS TO ANYTHING YOU WANT? Human Hacking CAUTIONARY TALES A POWERFUL CEO WAS MANIPULATED THROUGH A CHARITY SCAM. SOCIAL A SEEMINGLY HARMLESS FAMILY ENTERED A LUCKILY, THESE WERE ALL JUST TESTS RUN BY CHRIS HADNAGY, AUTHOR OF THEME PARK ONLY TO DISCOVER THAT THEY HAD LEFT THEIR PRINT-OUT COUPON BEHIND AT HOME. THEY ASKED THE ENGINEERS FOUND OUT THROUGH HIS SOOCIAL ENGINEERING: THE ART OF FACEBOOK PAGE THAT HE HAD A FAMILY MEMBER WHO WAS BATTLING CANCER. HUMAN HACKING. THE ACTORS WERE WORKERS IF THEY COULD BRING UP THE HIRED TO SHOW HOW EASILY USING THAT EMOTIONAL ATTACHMENT, EMAIL FILE AND PRINT THE COUPON. CRIMINALS CAN ACCESS INFORMATION. UNFORTUNATELY, THAT HARMLESS FAMILY WAS A GROUP OF MALICIOUS ACTORS LOOKING TO GET IN THE PARK'S SYSTEM BY THEY TUGGED AT HIS HEARTSTRINGS AND ASKED HIM TO DONATE MONEY TO BOTH OF THESE STORIES ARE PERFECT A CANCER RESEARCH FUND. THE PDE EXAMPLES OF SOCIAL ENGINEERING: THAT WAS SENT, HOWEVER, WAS MALWARE THAT TOOK CONTROL OF HIS OPENING A HARMFUL FILE ON THEIR HACKING PEOPLE RATHER THAN COMPUTERS. SOFTWARE. COMPUTER. In Security How social engineers trick us into divulging sensitive security information via media IN ADS AND EMAILS "SOMEONE HAS A SECRET CRUSH ON YOU! DOWNLOAD THIS "THIS IS CHRIS FROM TECH "DID YOU SEE THIS VIDEO/PICTURE OF YOU? CHECK OUT THIS LINK!" SERVICES. I'vE BEEN NOTIFIED OF AN INFECTION ON YOUR COMPUTER." APPLICATION TO FIND WHO IT IS!" 47% PHISHING POSING AS A TRUSTED ENTITY IN PHISHING EMAILS ACCOUNT FOR 47% OF ORDER TO EXTRACT SENSITIVE SOCIAL ENGINEERING ATTACKS INFORMATION THROUGH EMAIL TARGETING BUSINESSES. IN 2009, $1.5 million haul PEOPLE WERE JAILED IN THE 100 LARGEST INTERNATIONAL PHISHING CASE RESULTING IN A 419 SCAMS: A RELATIVE OF A RECENTLY- DEPOSED RULER ASKS FOR MONEY IN ORDER TO PAY FEES OR BRIBES TO REACH A HUGE BANK HOAXES ACCOUNT AND FLEE THE COUNTRY. OF COURSE, THE VICTIM WOULD BE COMPENSATED BEYOND THEIR WILDEST DREAMS. IN 2008, A $400,000 THROUGH A 419 SCAM THAT WOMAN FROM CLAIMED SHE HAD INHERITED OREGON MILLIONS FROM A DECEASED SHELLED OUT RELATIVE IN NIGERIA. SIMPLY LOOKING OVER SHOULDER SURFING SOMEONE'S SHOULDER, XXXX XXXX WRITING DOWN LOGINS, OR STEALING PINS FROM ATMS. "PLEASE ENTER YOUR PIN." PHYSICALLY FOLLOWING TAILGATING SOMEONE INTO A LIMITED ACCESS AREA "CAN YOU PLEASE HOLD THE DOOR? MY HANDS ARE FULL." THE TRUST FACTOR Social Engineers collect personal information from public forums and tailer malware links resemble "breaking news" from victims' locations, "messages" from Facebook friends, from interest groups. PLAUSIBLE WORD OF MOUTH PERSONALIZED MESSAGES CATCH PEOPLE'S ATTENTION. USING RELEVANT NAMES, LOCATIONS, or "updates" AND PERSONAL INFO LEGITIMIZES THE SCAM. Emergency Update from household brand! Asks a victim to print out a form (doc or pdf) and bring/mail it to their nearest location. However, the "printable" form is a zipped .exe malware file disguised as a doc of pdf. SPOOFED BRANDING SOCIAL ENGINEERS DISGUISE SCAMS BY MIMICKING TRUSTED BRAND LOGOS, COLORS, AND AN URGENT MESSAGING TONE TO INDUCE THE CLICK REFLEX IN USERS. SOCIAL YELLOW JOURNALISM Secret details about Michael Jackson's death! See how they got Bin Laden, soldier shoulder cam! SOCIAL ENGINEERS FALSIFY THEMSELVES AS TRUSTED NEWS OUTLETS OR GOSSIP Scarlett Johansson sex tape revealed! Once "liked" or "retweeted" the malware shows up in friends' newsfeeds. COLUMNS WITH JUICY FAKE HEADLINES THAT APPEAL TO THE MASSES. SECURITY FEAR TACTICS Downloading the "latest version of flash" to view a video; there is no way of knowing if it's actually Flash. CRIMINALS KNOW THAT MANY PEOPLE TAKE SECURITY MEASURES FOR GRANTED AND THEY FEED OFF OF THIS TENDENCY. WHO IS TARGETED? EVERYONE 48% of enterprises have been victims of social engineering attacks. 86% of IT and security professionals are aware of the risks of social engineering. 75% success rate with social engineering phone calls to businesses. LEARN MORE ABOUT HOW YOU CAN https://info.veracode.com/ebook-download.html PROTECT YOUR PRIVACY AND SECURITY WITH OUR FREE E-BOOK: WHY SHOULD I CARE: MOBILE SECURITY FOR THE REST OF Us. Sources PRESENTED BY http://www.trainsignal.com/blog/what-is-social-engineering http://www.csoonline.com/article/497836/mind-games-how-social-engineers-win-your-confidence?page-4 http://www.katu.com/news/local/34292654.html http://www.radicati.com/wp/wp-content/uploads/2011/05/Email-Statistics-Report-2011-2015-Executive-Summary.pdf http://www.networkworld.com/news/2008/010308-facebook-secret-crush.html http://mashable.com/2012/07/18/facebook-photo-notifications-malware/ http://www.trainsignal.com/blog/what-is-social-engineering http://www.csoonline.com/article/663329/social-engineering-3-examples-of-human-hacking?page=2 http://www.net-security.org/secworld.php?id-1665 http://www.net-security.org/secworld.php?id-9668 http://www.net-security.org/article.php?id-no9&p-3 VERACODE DEVELOPED BY N NOWSOURCING

Hacking the Mind: Why Social Engineering Works

shared by NowSourcing on Mar 10
1,964 views
11 shares
0 comments
Why is it so easy for hackers to get malicious viruses on our computers and steal our information?

Publisher

Veracode

Source

Unknown. Add a source

Category

Social Media
Did you work on this visual? Claim credit!

Get a Quote

Embed Code

For hosted site:

Click the code to copy

For wordpress.com:

Click the code to copy
Customize size