What is Social n Information Engineering? n Access to computer - PDF document

Thompson Consulting Group, LLC Disclaimer WWW.TgroupOnline.Com This course provides a basic overview of “ Social Engineering, ” and is not legal advice. There is no warranty, expressed or implied, in connection with making this program available. Social Engineering 1 Thompson Consulting Group, LLC 2/15/12 Why? n Financial Gain What is Social n Information Engineering? n Access to computer system n Revenge 2/15/12 3 4 2/15/12 Information Needed to Steal Passwords Your Identity: n What is your favorite password! 1. Name n What question are you most often asked 2. Address for lost passwords? 3. Social Security Number 4. Telephone Number 5. Mother ’ s Maiden Name 6. Employment 5 6 2/15/12 2/15/12 Tennessee Bankers Association 1

Effective For Social Engineering Value (buy) Identity Information 7. Past addresses n Credit card account number $_____ 8. Financial account numbers n Basic information $____to $_____ 9. Children ’ s names n Documents $80.00 10. Family information 7 8 2/15/12 2/15/12 Value (sell) Identity Information Three Basic Ways n Green Card $80.00 1. In person n Basic Information $250.00 2. Telephone (Vishing) n Documents up to $500.00 3. Computer 9 10 2/15/12 2/15/12 Technique is Simple! Criminal Call Centers Takes Advantage of Human Flaws n New job title “ confirmer ” n Trust n Criminal Call Center can spoof any state n Helpfulness or telephone numbers n Nonconfrontational n Language skills a must spanish/english 11 12 2/15/12 2/15/12 Tennessee Bankers Association 2

Social Engineering Against You Social Engineering as a Visitor n Jury Duty Scam n Entering facility through smokers door n FedEx Delivery – Zeus Virus n Lost and looking for the bathroom n E-mail Attacks 13 14 2/15/12 2/15/12 Social Engineering in Person Social Engineering Against You n Fire Inspector n I am writing a college paper n Insurance Review n I am a reporter n Delivery Person n I am a writer checking facts n Law Enforcement n A family tragedy n Regulator n A bad day story n Computer Repair n Limited time 15 16 2/15/12 2/15/12 Fals alse e Ident dentif ifica ication ion 17 18 2/15/12 2/15/12 Tennessee Bankers Association 3

The Perpetrators n Gangs – Russian, Nigerians, YAKS, Youth n Confidence People n Terrorist Groups n Opportunists n Common Thieves n Information Brokers- Private Detectives n Possibly a member of our staff 19 20 2/15/12 2/15/12 Book on Social Engineering Books on Body Language n The Art of Deception by Kevin D. Mitnick n Strictly Business Body Language: Using Nonverbal Communication for Power and Success by Jan Latiolais Hargrave n Let Me See Your Body Talk by Jan Latiolais 21 22 2/15/12 2/15/12 Hargrave Password statistics from Internet Abuse Information Week n Spoofing Websites n 16% match a persons first name n Surveys n 14% were patterns on a keyboard n Spam mail, unsolicited E-mail n 5% based on pop culture n Personal Webpages n Social Networking Sites n 4% variations on the word “ Password ” n 4% reference thing in the persons view Statistic: There are over 400 ways the internet can be used n 1% are sports related to obtain personal information. Source FTC 23 24 2/15/12 2/15/12 Tennessee Bankers Association 4

What are we looking for? Stealing the “ Password ” ? n Google the name n Children ’ s names n Facebook account n Parents names n Myspace account n Hobbies n Do they you use twitter n Pet names n Do they have a webpage n Birthdays n Do they blog n Any favorite numbers listed n Set a Google alert 25 26 2/15/12 2/15/12 Block name on face book Block all the way 27 28 2/15/12 2/15/12 29 30 2/15/12 2/15/12 Tennessee Bankers Association 5

Review a persons area for passwords? n Clip boards Did we guess your n Sticky notes “ Password ” n Look under keyboard n Look in top desk drawer 31 2/15/12 32 2/15/12 Key Loggers Services I provide: n Programs on ¨ Ethics ¨ Identity Theft ¨ Internal Fraud ¨ Dysfunctional Management Practices ¨ Social Engineering 33 34 2/15/12 2/15/12 Questions? For More Information Please call or email: Barry Thompson C.R.C.M. Thompson Consulting Group, LLC (315) 342-5931 tgroup@twcny.rr.com 35 36 2/15/12 2/15/12 Tennessee Bankers Association 6