Social Engineering

© 2014 Project Lead The Way, Inc.Computer Science and Software Engineering

• Attackers use social engineering to trick people

• Used to gather information or install malware

Social Engineering

• Attackers send millions of emails, text messages, or phone calls

• Not tailored to recipient• From random email:

–Do not follow a link–Do not open an attachment–Do not respond to a message

• Start in a browser to go to a site, retrieve a document, or initiate a transaction

Phishing

• Message tailored to you, using your hobbies, your contact names, imposter look-alikes of web sites you visit

• From unexpected email, beware:– following a link–opening an attachment

• Start in a browser to go to a site, retrieve a document, or initiate a transaction

• Confirm with sender

Targeted Attacks

• Do not be tricked by warnings that "Your computer may be infected"

• Use known software and beware imitations

Beware: Rogue Security Software

• Beware URL spoofs in links –1 and l –O and 0– international characters like i and í

• Use bookmarks or type a URL to ensure a true site when using passwords and money

Beware: Malicious Websites

• Can clog Internet traffic and spread malware

• Urban Legends – http://www.snopes.com/– http://www.truthorfiction.com/

• Anti-virus Hoaxes – http://www.symantec.com/avcenter/hoax.html– http://home.mcafee.com/VirusInfo/VirusHoaxes.aspx

Hoaxes and Chain Letters