321 phishing vishing smishing social engineering techniques
TRANSCRIPT
Socia
l En
gin
eeri
ng
Kevin Mitnick defines it as “the act of gaining sensitive information or unauthorized access privileges by building inappropriate trust relationships with insiders.”In most cases the hacker never comes face-to-face with the victim.
3
2
1Phishing
Vishing
SMiShing
Social
Engineering
Techniques
Identity information
Ph
ish
ing •Usually done by creating fake e-
mail, instant messaging and websites to lure unsuspecting people to enter in their personel information such as usernames, password, and credit card information
•Anytime someone asks you for any personel information without you initiating the contact, you should question the validity of that request
•They represent themselves as trustworthy entities that you know of such as popular social websites, auction sites, online payment processors or even IT administrators
I’m senior manager. I need your password authorize a transaction for a client. It’s urgent. The client is waiting, I will hold.
I’m senior manager. I need your password authorize a transaction for a client. It’s urgent. The client is waiting, I will hold.
Hacker pretending to be Senior Manager
Victim
My password is p@ssw0rd
Vis
hin
g •A combination of voice and phishing• Software engineers use a telephone system that uses a Voice over IP (VoIP)•Vishing is used for financial gain to steal credit card number or other personal information used in identity thief schemes from around the world.
SM
iSh
ing •A combination of SMs and
phiSHING• Scammers are targeting mobile devices to get you to reveal your personal information.•Send text messages to you and ask to validate or respond to the request. •Once responded, scammer just got you and launched a worm or a malware on your mobile device.•Once downloaded on your mobile devices, spyware can eavesdrop on all your conversations gathering information about you.
Socia
l En
gin
eeri
ng