Social Engineering: How to Rob a Bank with a Phone

Social Engineering: How to Rob a Bank with a Phone

A talk on some of the social engineering techniques employed by hackers to obtain confidential information, and why they work so well. Making users aware of these helps them spot an attack taking place.

Presented at Barcamp Canterbury on the 28th Apr 2013.
http://barcampcanterbury.com/

295de4550871dd9a2fbdb7b8539b7797?s=128

Chris Cooper

April 28, 2013
Tweet

Transcript

  1. SOCIAL ENGINEERING HOW TO ROB A BANK WITH A PHONE

  2. Scene # 1 Pumpkin & Honey Bunny

  3. Scene # 1 Pumpkin & Honey Bunny I heard about

    this one bloke who walks into a bank with a portable phone...
  4. @itscooperful

  5. PHYSICAL DATA SOCIAL

  6. SOCIAL TESTING Remote Onsite emails/phone calls physical infiltration

  7. OBJECTIVE: Convince the target to do something they wouldn’t usually

    do.
  8. HOW? Trigger the desired behaviour as an emotional response.

  9. invented scenario PRETEXTING blagging AKA legitimacy & emotion RESEARCH +

    IMPERSONATION
  10. Phishing include a pretext EMAIL / PHONE passwords credential ask

    / change harvesting
  11. BAITING Trojan Horse curiosity helpfulness greed

  12. RESTRICTED PHYSICAL ACCESS tailgating lunch breaks smokers’ door heavy boxes

  13. Robbing a Bank?

  14. @itscooperful THE END