Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Social Engineering: How to Rob a Bank with a Phone

Social Engineering: How to Rob a Bank with a Phone

A talk on some of the social engineering techniques employed by hackers to obtain confidential information, and why they work so well. Making users aware of these helps them spot an attack taking place.

Presented at Barcamp Canterbury on the 28th Apr 2013.
http://barcampcanterbury.com/

Chris Cooper

April 28, 2013
Tweet

More Decks by Chris Cooper

Other Decks in Technology

Transcript

  1. SOCIAL
    ENGINEERING
    HOW TO ROB A BANK WITH A PHONE

    View Slide

  2. Scene # 1 Pumpkin & Honey Bunny

    View Slide

  3. Scene # 1 Pumpkin & Honey Bunny
    I heard about this
    one bloke who walks
    into a bank with a
    portable phone...

    View Slide

  4. @itscooperful

    View Slide

  5. PHYSICAL
    DATA SOCIAL

    View Slide

  6. SOCIAL TESTING
    Remote
    Onsite
    emails/phone calls
    physical
    infiltration

    View Slide

  7. OBJECTIVE:
    Convince the target to do
    something they wouldn’t
    usually do.

    View Slide

  8. HOW?
    Trigger the desired
    behaviour as an emotional
    response.

    View Slide

  9. invented scenario
    PRETEXTING
    blagging
    AKA
    legitimacy & emotion
    RESEARCH + IMPERSONATION

    View Slide

  10. Phishing
    include a pretext
    EMAIL / PHONE
    passwords
    credential
    ask / change
    harvesting

    View Slide

  11. BAITING
    Trojan Horse
    curiosity
    helpfulness
    greed

    View Slide

  12. RESTRICTED
    PHYSICAL
    ACCESS
    tailgating
    lunch breaks
    smokers’ door
    heavy boxes

    View Slide

  13. Robbing a Bank?

    View Slide

  14. @itscooperful
    THE
    END

    View Slide