Itet2 its social engineering

Embed Size (px)

Citation preview

  • 1. Social engineering

2. Old school It's all about the money

  • Hustling

3. Scams 4. Example 5. Psychology of scams cognitive and motivational processes

  • trust and authority

6. visceraltriggers

  • human desires and needs

7. greed, fear, avoidance of physical pain, or the desire to be liked Go here for full story 8. Inducing judgement errors

  • Scarcity cues
  • Unique opportunity

Induction of behavioural commitment

  • Start small and get them rolling

Extreme cost/benefit 9. Lack of emotional control

  • A psychological trait of victims

10. Examples Who needs spam, when we have this link http://www.urbanmillionaires.com/ Question:

  • Is it true? Is it trustworthy?

11. Puts words on it from the previous slides.

  • Still think it is trust worthy?

12. Examples Emotional distress steal a womans hand bag Question:

  • Is this possible?

13. Is she gullible? 14. Still old school

  • Gaining access to places you are not allowed
  • http://www.youtube.com/watch?v=kOEWd_M5m44

The secret:

  • Look as if you belong.

15. Relation to security

  • No security with physical access

16. Why go through the firewall, if you may walk past? 17. People on the move Steal the laptop (covertly) http://www.youtube.com/watch?v=Gb3ZiTJkCaA&feature=related 18. People on the move Use their telephones against them

  • for profit

19. reading the calendar, mails, SMS 20. As a bug 21. People on the move Wifi design vulnerabilitiesfor profit Is this possible? 22. People on the move

  • Mobile IT
  • A security nightmare

23. Too many variables Is this ok to use? Could it be fake? 24. People at the office

  • Make them tell you their passwords.
  • Teachers recurring story this time with an external reference....

25. from the BBC Question:

  • Is this realistic? In Denmark?

26. People at the office Listen in on their keyboards please type something secret. Question

  • Is this realistic?

27. Why is this more difficult than it seems? What has been left out? 28. People at the office

  • Spam
  • Check your mailbox

29. People at the office

  • Receptionists are a crucial part of security

30. Educate people

  • Like this?

31. Closing word Which on to use?Technical vs. social Answer: Both To read more, seethis