social engineering © 2014 project lead the way, inc.computer science and software engineering
TRANSCRIPT
Social Engineering
© 2014 Project Lead The Way, Inc.Computer Science and Software Engineering
• Attackers use social engineering to trick people
• Used to gather information or install malware
Social Engineering
• Attackers send millions of emails, text messages, or phone calls
• Not tailored to recipient• From random email:
–Do not follow a link–Do not open an attachment–Do not respond to a message
• Start in a browser to go to a site, retrieve a document, or initiate a transaction
Phishing
• Message tailored to you, using your hobbies, your contact names, imposter look-alikes of web sites you visit
• From unexpected email, beware:– following a link–opening an attachment
• Start in a browser to go to a site, retrieve a document, or initiate a transaction
• Confirm with sender
Targeted Attacks
• Do not be tricked by warnings that "Your computer may be infected"
• Use known software and beware imitations
Beware: Rogue Security Software
• Beware URL spoofs in links –1 and l –O and 0– international characters like i and í
• Use bookmarks or type a URL to ensure a true site when using passwords and money
Beware: Malicious Websites
• Can clog Internet traffic and spread malware
• Urban Legends – http://www.snopes.com/– http://www.truthorfiction.com/
• Anti-virus Hoaxes – http://www.symantec.com/avcenter/hoax.html– http://home.mcafee.com/VirusInfo/VirusHoaxes.aspx
Hoaxes and Chain Letters