Professional Documents
Culture Documents
Social Engineering: The Art of Social Hacking
Social Engineering: The Art of Social Hacking
Social Engineering: The Art of Social Hacking
Engineering
The Art of Social Hacking
Christopher Stowe
Introduction
o The attacker will "help" the user, but will really have the
victim type commands that will allow the attacker to
install malware
Phishing
• Spear Fishing
o Specific phishing
Ex: email that makes claims using your name
• Vishing
o Phone phishing
o Rogue interactive voice system
Ex:call bank to verify information
Baiting
• Real world Trojan horse
o Uses physical media
• User Awareness
o User knows that giving out certain information is bad
• Policies
o Employees are not allowed to divulge private
information
o Prevents employees from being socially pressured or
tricked
Ways to Prevent Social Engineering
Cont..
• 3rd Party test - Ethical Hacker
o Have a third party come to your company and attempted
to hack into your network
o 3rd party will attempt to glean information from
employees using social engineering
o Helps detect problems people have with security
Animation:
http://www.youtube.com/watch?v=Y6tbUNjL0No
Live Action:
http://www.youtube.com/watch?v=8TJ4XOvY7II&feature=relate
d