hacking the person: social engineering and phishing · pdf file5 social engineering • the...
TRANSCRIPT
![Page 1: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/1.jpg)
1
© 2014 Solutionary, Inc. November 18, 2014ActiveGuard® U.S. Patent Nos 6,988,208; 7,168,093; 7,370,359; 7,424,743; 7,673,049: 7,954,159; 8,261,347
Hacking the Person: Social Engineering and Phishing Attacks
Jon-Louis Heimerl
What do I know?
2
![Page 2: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/2.jpg)
2
3
Hello. Help Desk. Jim Stanton speaking.
Ray? You sound like crap, man.
No problem. What do you want for a temporary password?
4
![Page 3: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/3.jpg)
3
5
6
![Page 4: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/4.jpg)
4
7
8
![Page 5: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/5.jpg)
5
Social Engineering
• The art of social deception and manipulation.
9
Most important skill forSocial Engineering
10
![Page 6: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/6.jpg)
6
11
12
![Page 7: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/7.jpg)
7
13
What do you want to attack?
14
Vs.
![Page 8: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/8.jpg)
8
15
16
![Page 9: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/9.jpg)
9
17
18
![Page 10: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/10.jpg)
10
How Successful?
19
Social Engineering Success Rate
Success
Failed
How Often?
20
SE & Phishing
SE&P
SE&P
NONE
![Page 11: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/11.jpg)
11
21
Advanced Persistent Threat?
22
ReconnaissanceSocial Engineering – malicious intelligence
Phishing – email with malicious links – CLICK ME!
Active Attacks
Remote Control
Attack Expansion/Elevation
Define Target
Exfiltrate Data
Per
sist
ent
Co
mp
rom
ise
![Page 12: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/12.jpg)
12
23
+ =Social Media BMW
Gary
24
![Page 13: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/13.jpg)
13
25
Gary
26
![Page 14: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/14.jpg)
14
27
28
![Page 15: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/15.jpg)
15
29
30
![Page 16: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/16.jpg)
16
31
Which Subject Line is More Intriguing?
General Specific
Ebola Warning! Health Alert: Ebola Quarantine issued in Pittsburgh!
Go Back to School Now! NOTICE: Lynn Heimerl Academic Suspension
Lower Health Insurance Rates Final Notice: Solutionary Open Enrollment ending for JonHeimerl
Dangerous Drug Side Effects WARNING: Aventis warns of fatal LASIX side effects
Refinance Now – Lower HARP rates!
WellsFargo offering specialrefinance rates in Pittsburgh
32
![Page 17: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/17.jpg)
17
Phishing Email?
33
34
![Page 18: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/18.jpg)
18
35 http://chase.com.ealertsonline.com/update/3393328410575c1867da2dfde44ce78a/Home.php?login.psp?
36
http://chase.com.ealertsonline.com/update/3393328410575c1867d
a2dfde44ce78a/Home.php?login.psp?
http://chase.com.ealertsonline.com
![Page 19: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/19.jpg)
19
37
38
![Page 20: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/20.jpg)
20
39
40
www.urlvoid.com www.ipvoid.com
![Page 21: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/21.jpg)
21
TANSTAAFL
41
• You are not related to a Nigerian Prince.
• No one is sending you money (or gold, etc.)
• Your bank/credit card did not send you a link to “login here”.
• You did not win a jackpot/sweepstakes, et al.
• You are not getting a car at 50% off MSRP.
• The IRS did not send an audit notice by email.
• You do not have outstanding warrants.
42
![Page 22: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/22.jpg)
22
- TRAIN -
Don’t think “Awareness”
Think “Change Habits”
43
44
![Page 23: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/23.jpg)
23
Being a Little Paranoid is Good
45
What is your security posture?
46
![Page 24: Hacking the Person: Social Engineering and Phishing · PDF file5 Social Engineering • The art of social deception and manipulation. 9 Most important skill for Social Engineering](https://reader037.vdocuments.mx/reader037/viewer/2022100301/5a7600e77f8b9a1b688ce210/html5/thumbnails/24.jpg)
24
47
Hacking the Person: Social Engineering and Phishing Attacks
Jon HeimerlSenior Security [email protected]
www.solutionary.com
@solutionary@jonheimerl
© 2014 Solutionary, Inc. November 18, 2014ActiveGuard® U.S. Patent Nos 6,988,208; 7,168,093; 7,370,359; 7,424,743; 7,673,049: 7,954,159; 8,261,347
Thank You!