Академический Документы
Профессиональный Документы
Культура Документы
Psychological manipulation
Most employees are utterly unaware that they are being manipulated, says Colin
Greenlees, security and counter-fraud consultant at Siemens.
Watch this video
Types of Attacks
Phishing
Impersonation on help desk calls
Quid Pro Quo - Something for something
Baiting
Pretexting
Invented Scenario
Diversion Theft - A con
Physical access (such as tailgating)
Shoulder surfing
Dumpster diving
Stealing important documents
Fake software
Trojans
Phishing
Use of deceptive mass mailing
Can target specific entities (spear phishing)
Prevention:
Honeypot email addresses
Education
Awareness of network and website changes
Impersonation on help desk calls
Calling the help desk pretending to be someone else
Usually an employee or someone with authority
Prevention:
Assign pins for calling the help desk
Dont do anything on someones order
Stick to the scope of the help desk
Quid Pro Quo
Something for Something
o Call random numbers at a company, claiming to be
from technical support.
o The attacker will "help" the user, but will really have
the victim type commands that will allow the attacker
to install malware
Baiting
o Uses physical media
o Ex: LawEnforcement
Threat of alleged infraction to detain suspect
and hold for questioning
Pretexting Real Example:
Signed up for Free Credit Report
Policies
Employees are not allowed to divulge private
information
Prevents employees from being socially pressured
or tricked
Ways to Prevent Social Engineering (con)
3rd Party test - Ethical Hacker
o Have a third party come to your company and attempted to
hack into your network
o 3rd party will attempt to glean information from
employees using social engineering
o Helps detect problems people have with security
Website: security.uthsc.edu