Social Engineering Tactics

SOCIAL SOCIAL ENGINEERING TACTICS ТАСТICS YOUR DATA IS AT RISK EVERYDAY THROUGH SOCIAL ENGINEERING ATTACKS, WHY SOCIAL 7 HACKING A HUMAN IS MUCH EASIER ENGINEERING I THAN HACKING A BUSINESS. laziness carelessness ATTACKERS sympathy ignorance haste PREY ON fear ability ego YOUR HUMAN greed desire attitude WEAKNESS trust 28% $3.8 M Likelihood your business will experience a data breach in the next 2 years The average cost of a single data breach in 2015 Hacking is a growing problem and these insanely easy social engineering tactics can result in a major security breach. Show these tips to your users so your business doesn't become the victim of a hacker. 3 BASIC TYPES OF TACTICS IN-PERSON PHONE DIGITAL • IN-PERSON SOCIAL ENGINEERING TACTICS HERE ARE A FEW COMMON TACTICS USED TO GAIN ACCESS, GATHER SECURE INFORMATION AND PLANT DEVICES THAT YOU SHOULD BE AWARE OF: Open Door - When you leave a door open at your company and someone slips through. The Cable Guy - When someone pretends to be a service technician of some kind (cable, phone, electrician, etc.) to gain access to your business. Bar Hopping - When someone buys you drinks to extract information from you as you become drunk. Some people tend to talk more when drinking. Neuro-Linguistic Programming (NLP) - When someone mirrors your body language, voice and vocabulary to build a connection on a subconscious level. Usually touchy-feely. Six Degrees of Separation - When someone learns about your social practices and uses social relationships to gain your trust. 63% Device Leave Behind - When someone leaves a device laying around that tempts others to plug-in and open. Like a music CD, flash drive, or another common storage device. of data breaches come from internal sources O Open Access - When someone uses or requests to use your computer for whatever reason and they're left unmonitored. This often comes as a troubleshooting request for support. Rogue Employee - When a malicious employee is hired with the purpose of gaining on-site access. PHONE SOCIAL ENGINEERING ТАСТICS HERE ARE A FEW COMMON TACTICS USED BY HACKERS TO DECEIVE, GAIN TRUST AND GET INFORMATION OVER THE PHONE: Panic - When someone calls you pretending to be support and provides a frantic scenario that compromises your safety (like resetting your password or allowing remote access) Anger - When someone calls you pretending they are in a position of authority (like an executive or manager) and uses anger to intimidate. 4.600,000 Donations - When someone calls you pretending they are someone from a known organization you might be interested in (political, university, disaster relief, etc.). estimated phone attacks in 2013 O Vishing - When someone calls you with a pre-recorded message pretending to be your bank and asks you to call a number to confirm your account and transactions. DIGITAL SOCIAL ENGINEERING TACTICS HERE ARE A FEW COMMON TACTICS USED THROUGH EMAIL, WEBSITES AND SOCIAL MEDIA: Pretexting - When someone sends you an email with a domain that looks trustworthy and addresses it from a known contact from that domain. Often there is an attachment that contains malware. Phishing - When someone publishes a fake website that mimics a brand and service to gain your trust. These websites will request information through forms and offer downloads containing malware. Social Media Phishing - When someone builds a social media page that mimics a trusted brand. The account will try to publish relevant content that persuades you to click and download a malicious file. 77% Reverse Engineering - When someone executes a minor attack on your company to expose a vulnerability, then contacts you to inform you and offer to "fix" the problem. of attacks are phishing Typosquatting - When someone uses common typos for brand URLS and mimics the brand to gain trust. The fake website can easily collect form information if the typo is not noticed. Friendly Emails - When someone sends you an email either from a hacked friend's account or creates a similar account and uses your friend's name. Often there is an attachment that contains malware. THE GOOD NEWS THERE ARE FACTORS THAT CAN DECREASE THE PROBABILITY OF A SOCIAL ENGINEERING ATTACK. 90% Creating an Incident Response Team Extensive Use of Encryption Employee Training Business Continuity Management (BCM) Involvement Chief Information Security Officer (CIO/CSO) Appointment Board-Level Involvement of data breaches could have been prevented Insurance Protection References SmartFile http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation-report-2015_en_xg.pdf http://social-engineer.org http://isyourdatasafe.com To get more information on these social http://public.dhe.ibm.com/common/ssi/ecm/se/en/sew03074usen/SEW03074USEN.PDF? engineering tactics visit smartfile.com/social-engineering https://otalliance.org/system/files/files/resource/documents/dpd_2015_guide.pdf http://www.csoonline.com/article/2133877/social-engineering/social-engineering-study-finds-americans-wi lingly-open-malicious-emails.html?nsdr=true&page=2 000000O