Social Engineering How the bad guys really get what they want

Similar documents
The Introvert s Guide to Building Rapport With Anyone, Anywhere

Colorado

The Common European Framework of Reference for Languages p. 58 to p. 82

Alabama

AGENDA LEARNING THEORIES LEARNING THEORIES. Advanced Learning Theories 2/22/2016

PREP S SPEAKER LISTENER TECHNIQUE COACHING MANUAL

Candidates must achieve a grade of at least C2 level in each examination in order to achieve the overall qualification at C2 Level.

Science Olympiad Competition Model This! Event Guidelines

Using Rhetoric Technique in Persuasive Speech

Effectively Resolving Conflict in the Workplace

Exclusions Policy. Policy reviewed: May 2016 Policy review date: May OAT Model Policy

Cognitive Thinking Style Sample Report

White Paper. The Art of Learning

Every curriculum policy starts from this policy and expands the detail in relation to the specific requirements of each policy s field.

Why Pay Attention to Race?

Effective Team Resource Management. Danielle Marciniak, M.S. ASDA Vice President

Classify: by elimination Road signs

Lower and Upper Secondary

The Success Principles How to Get from Where You Are to Where You Want to Be

GPI Partner Training Manual. Giving a student the opportunity to study in another country is the best investment you can make in their future

Speak Up 2012 Grades 9 12

WORK OF LEADERS GROUP REPORT

PUBLIC SPEAKING: Some Thoughts

On Human Computer Interaction, HCI. Dr. Saif al Zahir Electrical and Computer Engineering Department UBC

EdX Learner s Guide. Release

To the Student: ABOUT THE EXAM

Fundraising 101 Introduction to Autism Speaks. An Orientation for New Hires

What is an internship?

Speak with Confidence The Art of Developing Presentations & Impromptu Speaking

A BOOK IN A SLIDESHOW. The Dragonfly Effect JENNIFER AAKER & ANDY SMITH

Critical Thinking in the Workplace. for City of Tallahassee Gabrielle K. Gabrielli, Ph.D.

SOFTWARE EVALUATION TOOL

The lasting impact of the Great Depression

ALL-IN-ONE MEETING GUIDE THE ECONOMICS OF WELL-BEING

MENTORING. Tips, Techniques, and Best Practices

Outreach Connect User Manual

University of Florida ADV 3502, Section 1B21 Advertising Sales Fall 2017

Train The Trainer(SAMPLE PAGES)

F O C U S Challenge? Reaction? Insight? Action Chapter Three Learning About Learning

Leader as Coach. Preview of the Online Course Igniting the Fire for learning

Beveridge Primary School. One to one laptop computer program for 2018

What Teachers Are Saying

Importance of a Good Questionnaire. Developing a Questionnaire for Field Work. Developing a Questionnaire. Who Should Fill These Questionnaires?

JFK Middle College. Summer & Fall 2014

5. UPPER INTERMEDIATE

Introduction 1 MBTI Basics 2 Decision-Making Applications 44 How to Get the Most out of This Booklet 6

What s in Your Communication Toolbox? COMMUNICATION TOOLBOX. verse clinical scenarios to bolster clinical outcomes: 1

Arizona GEAR UP hiring for Summer Leadership Academy 2017

BEING MORTAL. Community Screening & Discussion Toolkit

Short inspection of Maria Fidelis Roman Catholic Convent School FCJ

Decision Making Lesson Review

TotalLMS. Getting Started with SumTotal: Learner Mode

Fearless Change -- Patterns for Introducing New Ideas

DIOCESE OF PLYMOUTH VICARIATE FOR EVANGELISATION CATECHESIS AND SCHOOLS

Naviance / Family Connection

Teachers: Use this checklist periodically to keep track of the progress indicators that your learners have displayed.

Major Milestones, Team Activities, and Individual Deliverables

Welcome to The National Training Institute for Child Care Health Consultants

PEDAGOGY AND PROFESSIONAL RESPONSIBILITIES STANDARDS (EC-GRADE 12)

Procedia - Social and Behavioral Sciences 51 ( 2012 ) ARTSEDU Mustafa Capar * Çukurova University, Adana, Turkey

Sample Letter Of Teamwork Recommendation

WiggleWorks Software Manual PDF0049 (PDF) Houghton Mifflin Harcourt Publishing Company

Illinois WIC Program Nutrition Practice Standards (NPS) Effective Secondary Education May 2013

Presented by The Solutions Group

Department of Social Work Master of Social Work Program

9.2.2 Lesson 5. Introduction. Standards D R A F T

Age Effects on Syntactic Control in. Second Language Learning

Language Acquisition Chart

E C C. American Heart Association. Basic Life Support Instructor Course. Updated Written Exams. February 2016

University of Cambridge: Programme Specifications POSTGRADUATE ADVANCED CERTIFICATE IN EDUCATIONAL STUDIES. June 2012

Are You a Left- or Right-Brain Thinker?

END TIMES Series Overview for Leaders

The Foundations of Interpersonal Communication

Reducing Spoon-Feeding to Promote Independent Thinking

COMPETENCY-BASED STATISTICS COURSES WITH FLEXIBLE LEARNING MATERIALS

PRESENTED BY EDLY: FOR THE LOVE OF ABILITY

1 Use complex features of a word processing application to a given brief. 2 Create a complex document. 3 Collaborate on a complex document.

WELCOME PATIENT CHAMPIONS!

Final Teach For America Interim Certification Program

Feedback, Marking and Presentation Policy

SPAN 2311: Spanish IV DC Department of Modern Languages Angelo State University Fall 2017

Questions to Consider for Small Parent Groups/Parent Cafés

CPD FOR A BUSY PHARMACIST

MYCIN. The MYCIN Task

GRE Test Preparation Workshop

The context of using TESSA OERs in Egerton University s teacher education programmes

Preparing for Medical School

I N T E R P R E T H O G A N D E V E L O P HOGAN BUSINESS REASONING INVENTORY. Report for: Martina Mustermann ID: HC Date: May 02, 2017

Explorer Promoter. Controller Inspector. The Margerison-McCann Team Management Wheel. Andre Anonymous

Introduction to the Common European Framework (CEF)

Garfield High School

Multiple Intelligence Teaching Strategy Response Groups

Participant Application & Information

Introduction to Moodle

PreReading. Lateral Leadership. provided by MDI Management Development International

Oakland Unified School District English/ Language Arts Course Syllabus

Planet estream Supporting your Digital Learning Strategy

Time Management. To receive regular updates kindly send test to : 1

Merry-Go-Round. Science and Technology Grade 4: Understanding Structures and Mechanisms Pulleys and Gears. Language Grades 4-5: Oral Communication

Study Guide for Right of Way Equipment Operator 1

Transcription:

Social Engineering How the bad guys really get what they want 25 October 2013

Agenda Who am I Summary What is Social Engineering The problem How Social Engineering is performed Who is at risk Preventive measures Page 2

Who am I Dad, husband, son & brother Studied medicine & computer science Computer security for 12 or so years (Secunia, CSIS, nsense) FX trading Hypno therapist (Milton E.) NLP Psychology Study fear & greed based decision making via FX trading Page 3

Summary The purpose of this talk is to present some of the techniques well organised, criminal groups employ in an attempt to exploit human nature, to get what they want The psychology behind Social Engineering Page 4

What is Social Engineering Psychological manipulation Encouraging your target to do something they probably should not Techniques typically have their roots in social sciences Helping your target to help you Page 5

So what s the problem? People are configuring all of these super secure devices People are answering the telephones People are greeting new visitors at the reception People are reading and responding to the email they receive People are opening the envelope and deciding what to do with the contents People are the front line of defense Don t necessarily need to know e.g. C++, PHP, ASM This is a people problem Page 6

How is this relevant? IT is not longer the only target Thinking this way turns people into doors But we use state-of-the-art security technology! Here is a little human Page 7

The subconscious mind is the super computer The concsious mind is the firewall, the ruleset our belief system (generalisation, distortion, deletion) Page 8

How can the firewall be bypassed? E.g. Linguistics, physiology, & Psychology Page 9

Know thy self What are they doing and how? A quick look Page 10

How Social Engineering is performed Target Interaction Physical (in person) Auditory (on the phone) Written (via email) Page 11

How Social Engineering is performed Target Interaction - Physical (1/2) Face-to-face The ultimate test of your coolness Confidence is absolutely everything Rapport, make them feel comfortable Initial impressions (non verbal communication) Look confident but not cocky Hands Page 12

How Social Engineering is performed Target Interaction - Physical (2/2) Grooming Frames (pre-, re-, de-framing) Prepping (e.g. keyboard story) Laws of persuasion (discussed later) Actual words spoken: 7% How they re spoken: 38% Expressions when spoken: 55% E.g. 20 second theory Page 13

How Social Engineering is performed Target Interaction - Auditory Phone calls What is said * Physiology = state (how) ** Tonality (how) ** Speed (how) ** * 7% ** 38% Page 14

How Social Engineering is performed Target Interaction - Written Spear-phishing emails Physical media Written word * Our words must resonate with the reader it helps to know who you are communicating with You aren t there to cheer them on * 7% Page 15

How Social Engineering is performed Representational Systems Visual Auditory Kinesthetic Auditory Digital Page 16

How Social Engineering is performed Representational Systems - visual Speak quickly Move their hands whilst communicating Use visual language (e.g. see, appear, get the picture) Hobbies (e.g. photography, films) Value aesthetics Page 17

How Social Engineering is performed Representational Systems - auditory Speak with a medium pace Use auditory language (e.g. hear, speak, listen) Hobbies (e.g. music, singing) Remember things they have spoken about you said x Page 18

How Social Engineering is performed Representational Systems - kinesthetic Speak slowly Remember things how they experienced them Slow learners but good retention Language (e.g. feel, gut feeling) Hobbies (e.g. sports) Emotional Page 19

How Social Engineering is performed Representational Systems auditory digital Want to understand ideas Language (e.g. this makes sense, is logical) Want things to make sense Tend to be spontaneous Memorize by steps, procedures Page 20

How Social Engineering is performed Representational Systems - statistics Visual 60% Kinesthetic 25% Auditory 10% Auditory digital 5% Page 21

How Social Engineering is performed Motivational Factors People are typically motivated in the following two ways To get pleasure (toward) To avoid pain (away from) Page 22

How Social Engineering is performed Motivational Factors - toward Enjoy the prospect of possibility Act out of desire They like having the choice If I do this then (x) Page 23

How Social Engineering is performed Motivational Factors away from Often fear driven Act out of necessity Often forced to make decisions due to unfavourable circumstances If I don t do this then (x) Page 24

How Social Engineering is performed What other methods exist? Let s have a look at some very powerful techniques, typically used for e.g. hypno-therapy Page 25

How Social Engineering is performed Embedded Commands Truisms Assumptions Double binds Page 26

How Social Engineering is performed Embedded Commands - truism Make a statement your subject can only agree with, and then deliver your suggestion As you (truism), you (suggestion) Every time you (truism), you (suggestion) (Truism) means (suggestion) Because (truism) you can (suggestion) Page 27

How Social Engineering is performed Embedded Commands - assumptions Make an assumption that will get your subject to follow your lead You may be wondering (suggestion) You may notice yourself (suggestion) I don t know when (suggestion) (Negations) Page 28

How Social Engineering is performed Embedded Commands - double bindings Force your subject into making a decision by giving them options via an either or clause and let them choose Would you like to (suggestion) before or after my meeting? Does A or B suit you better? (can be combined with the law of contrast) Page 29

How Social Engineering is performed Resolving conflicts - Interrupting automatic responses If you get stopped and are questioned Destroy the road from suspicion to confirmation Asking questions keeps you in control What were you going to say? Page 30

How Social Engineering is performed Encourage them to help you Imagine, consider Involve their senses with your language Yes sets Anchoring Page 31

Example Dear Mr. Harper, I am very pleased to inform you that you, and some carefully selected colleagues in your department, have been chosen by Wouter De Boer, to participate in an exclusive communication workshop. Imagine what it would be like if you could learn new methods, which would enable you to literally increase the effectiveness of your communication skills exponentially. In today s world, one simply can t afford to leave prospects second guessing what you re trying to say. Can you see how useful this would be for you? Please view the attached PDF file for more information about the workshop. As there are a limited number of seats, please confirm your desire to participate by completing the attendee confirmation form below: http://all-good.net/workshop.php We look forward to receiving your confirmation. On behalf of Mr. De Boer, Martin Garland Page 32

Example Dear Mr. Harper, I am very pleased to inform you that you, and some carefully selected colleagues in your department, have been chosen by Wouter De Boer, to participate in an exclusive communication workshop. Imagine what it would be like if you could learn new methods, which would enable you to literally increase the effectiveness of your communication skills exponentially. In today s world, one simply can t afford to leave prospects second guessing what you re trying to say. Can you see how useful this would be for you? Please view the attached PDF file for more information about the workshop. As there are a limited number of seats, please confirm your desire to participate by completing the attendee confirmation form below: http://all-good.net/workshop.php Social Proof Scarcity We look forward to receiving your confirmation. Embedded Commands On behalf of Mr. De Boer, Martin Garland Leading Authority Away from Towards Page 33

Who is at Risk Some are more susceptible than others Understand who is most at risk (e.g. personality profiles, DISC) Some people aren't gate-keeper material, don't force them to be The first line of defense should receive training so they understand the risks and know what to do The C-Guy Page 34

Preventive Measures Be careful with your rubbish Hard disks Computers Notes Source code Documentation Page 35

Preventive Measures Be careful with your personal information Page 36

Preventive Measures Never provide personal information over the phone Do you know who you're speaking with? Can you be certain that it is them? Is the line secure? Are people listening? Page 37

Preventive Measures Never respond to requests of unknown origin This can initiate a dialog with someone you may not know Tells the sender that he there is a potential fish Page 38

Preventive Measures Be careful when handling sensitive information in public spaces Usernames Password Pincodes Documentation Etc. Page 39

Preventive Measures Social media Be careful with what you choose to share about yourself Facebook, LinkedIn, pinterest can be used for profiling Ensure that access to your social profiles is limited to those who you trust Page 40

Preventive Measures Begin developing your critical sense Question situations & people you are uncertain of Keep asking until you get a quality answer Don't allow their charm to sway you A lesson in assertiveness Be friendly about it Page 41

Thank you for listening Your donations are welcome Page 42

Gear Page 43

2024 © educationdocbox.com Privacy Policy | Terms of Service | Feedback