Socia

l En

gin

eeri

ng

Kevin Mitnick defines it as “the act of gaining sensitive information or unauthorized access privileges by building inappropriate trust relationships with insiders.”In most cases the hacker never comes face-to-face with the victim.

3

2

1Phishing

Vishing

SMiShing

Social

Engineering

Techniques

Identity information

Ph

ish

ing •Usually done by creating fake e-

mail, instant messaging and websites to lure unsuspecting people to enter in their personel information such as usernames, password, and credit card information

•Anytime someone asks you for any personel information without you initiating the contact, you should question the validity of that request

•They represent themselves as trustworthy entities that you know of such as popular social websites, auction sites, online payment processors or even IT administrators

I’m senior manager. I need your password authorize a transaction for a client. It’s urgent. The client is waiting, I will hold.

I’m senior manager. I need your password authorize a transaction for a client. It’s urgent. The client is waiting, I will hold.

Hacker pretending to be Senior Manager

Victim

My password is p@ssw0rd

Vis

hin

g •A combination of voice and phishing• Software engineers use a telephone system that uses a Voice over IP (VoIP)•Vishing is used for financial gain to steal credit card number or other personal information used in identity thief schemes from around the world.

SM

iSh

ing •A combination of SMs and

phiSHING• Scammers are targeting mobile devices to get you to reveal your personal information.•Send text messages to you and ask to validate or respond to the request. •Once responded, scammer just got you and launched a worm or a malware on your mobile device.•Once downloaded on your mobile devices, spyware can eavesdrop on all your conversations gathering information about you.

Socia

l En

gin

eeri

ng