Social Engineering
Social Engineering
Social Engineering
Engineering
Cum ne protejam?
Ce este Social Engineering?
Arta de a manipula oamenii astfel încât să renunțe la
informații confidențiale sau să încalce practicile standard
de securitate.
What Info is Confidential?
Despre Social Engineering
Toați suntem o țintă potențială!
Este adesea mai ușor pentru infractorii
cibernetici să manipuleze un om decât o
rețea sau un sistem de calculatoare.
Atacurile pot fi relativ low-tech, low-cost și
ușor de executat.
Tehnologia se accelerează rapid odată cu
sofisticarea atacurilor.
Social Engineering Attack
Pregatirea unui atac Stabilirea unei relații
Phishing/Spear
Pretexting Vishing
Phishing
Dumpster Shoulder
Ransomware
Diving Surfing
Pretexting
What is Pretexting?
Pretexting Techniques & Goals
Why is it Done?
Sense of Urgency
• Act fast because the super deals are only for a limited time.
• Your account will be suspended unless you update your personal details
immediately.
Hyperlinks
• Click here to claim your offer.
• Click here to change your login credentials.
Attachments
• Often contain ransomware, malware or other viruses.
Phishing Email
Phishing Email
Other Forms of Phishing
Spear Phishing
Involves offering
something physically
or digitally enticing to
a target in exchange
for login information
or private data.
Baiting Techniques
Free Media Download
• Attackers publish download links on the web, mostly
containing malicious software, offering free music, movie, or
video games if the target surrenders their login credentials to a
certain site.
Unusually Low-Priced Product
• Attackers advertise extremely low priced products in an
online store they created hoping individuals will attempt to
purchase the product and give up their credit or debit card
details.
Compromised USB Drive
• Infected USB drive used to inject malware, redirect you to
phishing websites, or give a hacker access to your computer.
Scareware?
Ce este Scareware?
Malicious computer
programs designed to trick
a user into buying and
downloading unnecessary
and potentially dangerous
software, such as fake
antivirus protection.
How Does Scareware Work?
Commonly generates pop-ups
that imitate Windows system An offer to obtain downloadable
messages often pretending to be software to fix the problem is
antivirus software. The message made or the user is advised to call
usually states that infected files a telephone number displayed in
have been found on the users the message for technical support.
computer.
Malicious software
(malware) that prevents
users from accessing their
system or personal files
and demands a ransom
payment from the user in
order to regain access.
Ransomware - WannaCry
Scramble Engineering
Class
Activit
y2
Dumpster Diving