SlideShare a Scribd company logo

Spam as social engineering presentation.

Download as PPT, PDF
F
fificoco

Spam and spam related statistics

Software
1 of 28
SPAM as social engineering Prof. Dr. Ing. Remus BRAD Lucian Blaga University of Sibiu Computer Science Dept.
Spam as social engineering What is Social Engineering ? Is the unauthorized acquisition of sensitive information or inappropriate access privileges by a potential threat source, based upon the building of an inappropriate trust relationship with a legitimate user of an information technology system. The goal of social engineering is to trick someone – providing valuable information – access to that information
Spam as social engineering What is Social Engineering ? Preys on qualities of human nature: • the desire to be helpful • the tendency to trust people • the fear of getting into trouble The sign of a truly successful social engineer is they receive information without raising any suspicion as to what they are doing.
Spam as social engineering What is Social Engineering ? People are usually the weakest link in the security chain Social engineering is still the most effective method getting around security obstacles A skilled social engineer will often try to exploit this weakness before spending time and effort on other methods to crack passwords
Spam as social engineering Social Engineering In attempting to persuade someone to do something, there are two methods a persuader can employ: • A direct request from the attacker uses systematic, logical arguments to stimulate a favorable response and prompting the recipient to action • An indirect request from the attacker uses mental shortcuts, misrepresent their objectives to trigger acceptance without thinking
Spam as social engineering Social Engineering Make prospective victims more susceptible to persuasion by making some statement at the outset that triggers a strong emotion such as: Excitement “The Dean is writing up an award nomination for you and needs some additional information!” “You’re a winner of our lottery” Fear “The Dean is waiting for this!”
Spam as social engineering Social Engineering Social engineering can be broken into: • Human based refers to person-to-person interactions to retrieve the desired information • Computer based refers to having computer software that attempts to retrieve the desired information
Spam as social engineering Human-based Social Engineering Impersonation - help desks are the most frequent targets of social engineering attacks – A Social Engineer calls the help desk – Help desk is helpful – Social engineer will often know names of employees Important User - to pretend to be a senior executive – Help desk is less likely to turn down a request coming from a high-level official – Social engineer may threaten to report the employee to their supervisor
Spam as social engineering Human-based Social Engineering Third-party Authorization - obtaining the name of someone in the organization who has the authority to grant access to information – Mr. John DOE says its OK – Before he went on vacation, Mr. John DOE said I should call you to get this information Tech Support - pretends to be someone from the infrastructure support – System is having a problem – Needs them to log on to test the connection
Spam as social engineering Human-based Social Engineering In Person - enter the building and pretend to be an employee, guest or service personnel – May be dressed in a uniform – Allowed to roam – Becomes part of the cleaning crew Shoulder Surfing - looking over a shoulder to see what someone is typing – Passwords – Card numbers – PIN
Human Based Social Engineering • Kevin Mitnick Spam as social engineering
Spam as social engineering Computer-based Social Engineering Popup Windows - appearing on the screen, telling the user they have lost their network connection and needs to reenter their user name and password A program will then e-mail the intruder the information. Mail attachments - programs can and are frequently hidden in e-mail attachments – Viruses – Worms – Trojans
Spam as social engineering Computer-based Social Engineering Spam, Phishing and Hoaxes – Rely on social engineering to be spread. – While they do not usually cause damage, they do cause a loss of productivity. – Frequently used by entrepreneurs in African countries (e.g., Nigerian scams) – They use valuable network resources. Websites – Offer something free or a chance to win on a Website – To register requires an e-mail address and password
Spam as social engineering What is SPAM ? Unsolicited Commercial Email (UCE), also known as "spam" or "junk email" Spam is advertising wonder products for cheap prices 55 billion spam messages are sent per day It may comprise 95% of a person or company’s incoming email load It represents an ongoing arms race as users seek to stop it and spammers find ways to bypass new filters It is a delivery vehicle for email based scams
The end goal of SPAM Spam as social engineering
Spam as social engineering Social Engineering SPAM Dear Friend. As you read this, I don't want you to feel sorry for me, because, I believe everyone will die someday. My name is Peter Lawson,a merchant in Dubai, in the U.A.E.I have been diagnosed with Esophageal Cancer which was discovered very late,due to my laxity in carrying for my health. It has defiled all forms of medicine, and right now I have only about a few months to live, according to medical experts. I have not particularly lived my life so well, as I never really cared for anyone not even myself but my business. Though I am very rich, I was never generous, I was always hostile to people and only focus on my business as that was the only thing I cared for. But now I regret all this as I now know that there is more to life than just wanting to have or make all the money in the world. I believe when God gives me a second chance to come to this world I would live my life a different way from how I have lived it. Now that God ! has called me, I have willed and given most of my properties and assets to my immediate and extended family members and as well as a few close friends. I want God to be merciful to me and accept my soul and so, I have decided to give arms to charity organizations and give succour and confort to the less priviledged in our societies, as I want this to be one of the last good deeds I do on earth. The last of my money which no one knows of is the huge cash deposit of twenty four million dollars that I have with a Security Company in Europe for safe keeping. I will want you to help me collect this deposit and disburse it to some charity organizations and to the less priviledged. Please send me a mail to indicate if you will assist me in this disbursement. I have set aside 10% for you for your time and patience. You can e-mail me at:plawson@hknetmail.com While I await to hear from you, may God be with you and your entire family. Remain blessed. Mr.Peter Lawson
Spam as social engineering Social Engineering Email Example Return-Path: <remus.brad@ulbsibiu.ro> From: <remus.brad@ulbsibiu.ro> To: <remus.brad@ulbsibiu.ro> Subject: Read carefully! Date: Wed, 24 Apr 2019 08:17:20 +0300 Message-ID: <687038.762826@68703.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Hello! At first, look at the sender adress "(Mail From:)" Do you know what that means? I got full access to your email account and sent it from there! Few months ago I infected your computer with mine private malware ( RAT, Remote Administration Tool ), your browser wasn't patched. My tool gave me full control over your computer, even your microphone and webcam. I collected all the interested things I have found on your computer, your pictures, your whole privacy you dirty pervert! I even recorded some video of you, over your webcam, you know what I mean!!! I give you the chance to pay me, exactly: 700$ in bitcoin ( BTC ), or I will publish all I got from you, on social network, messenger, and I will everyone else know about everything I got from you!!! Compared to the damage and hell it will bring into your life, I think its a very good price! You can register your bitcoin wallet here: login.blockchain.com/en/#/signup To get bitcoin, search on google "Where to buy bitcoins?". My bitcoin adress is: 15w8KYwC76vDRiSZD2LK6dEbHvs7N38mh6 I give you 3 days time to pay and don't forget, I got access to your email, and I will know if it was already read, so the time is running. Don't share this email with anyone, this is our little secret! MsgID: 7628263412
Spam as social engineering What is Phishing? “Fishing for personal information” Use “spoofed” e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc.
Phishing Examples • Credit Card Phishing Spam as social engineering
Spam as social engineering Phishing Email Example Delivered-To: rbrad@ulbsibiu.ro Received: by 2002:ac2:5586:0:0:0:0:0 with SMTP id v6csp1939062lfg; Fri, 10 May 2019 02:04:10 -0700 (PDT) ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender) smtp.mailfrom=msvp_cnmch@wbhealth.gov.in Received: from mail.wbhealth.gov.in (mail.wbhealth.gov.in. [125.22.76.8]) by mx.google.com with ESMTP id 16si6460882pfh.244.2019.05.10.02.04.09 for <rbrad@ulbsibiu.ro>; Fri, 10 May 2019 02:04:10 -0700 (PDT) Received-SPF: pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender) client-ip=125.22.76.8; Authentication-Results: mx.google.com; spf=pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender) smtp.mailfrom=msvp_cnmch@wbhealth.gov.in Received: from localhost (localhost [127.0.0.1]) by mail.wbhealth.gov.in (Postfix) with ESMTP id E0D03704D1AD; Fri, 10 May 2019 14:33:55 +0530 (IST) Received: from mail.wbhealth.gov.in ([127.0.0.1]) by localhost (mail.wbhealth.gov.in [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id DzNVdHTdibzY; Fri, 10 May 2019 14:33:54 +0530 (IST) Date: Fri, 10 May 2019 14:32:03 +0530 (IST) From: SUPORT <msvp_cnmch@wbhealth.gov.in> X-Originating-IP: [207.189.24.165] X-Mailer: Zimbra 8.0.5_GA_5839 (ZimbraWebClient - GC74 (Mac)/8.0.5_GA_5839) Înștiințare!!! , Contul contului dvs. de e-mail este datorat pentru validare și e-mailurile dvs. sunt în așteptare. Veți fi dezactivat din mesajele de expediere / primire până când veți revalida căsuța poștală a contului. :MAILBOX VALIDAT: <https://www.formpl.us/form/281946001> SUPORT SISTEM. 001.77 ##
SPAM in numbers Spam as social engineering Lucian Blaga University of Sibiu E-Mail Server - Study Case
Statistics of our mail service (Spam Assassin): Range: April - May Increase of received Spam / 15 minutes: ~ 290% Increase of received Ham / 15 minutes: ~ 50% Spam as social engineering SPAM in numbers
Statistics of our mail service: Range: April - May Increase of rejected mail / 15 minutes: ~ 230% Increase of accepted mail / 15 minutes: ~ 150% Spam as social engineering SPAM in numbers
Statistics of our mail service: Range: April - May Spam as social engineering Viruses vs. SPAM +4% +290%
Statistics of our mail service: Range: April - May Spam as social engineering Server Loads
Spam as social engineering SPAM in numbers Statistics of our mail service: Range: April
Spam as social engineering Legitimate e-mail in % 4,01%
Spam as social engineering The End Thank you

Recommended

Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Digital Citizenship
Digital CitizenshipDigital Citizenship
Digital Citizenshipjleverett
 
Social groups for awareness
Social groups for awarenessSocial groups for awareness
Social groups for awarenessKaran Veer Singh
 
protecting your digital personal life
protecting your digital personal lifeprotecting your digital personal life
protecting your digital personal lifeNathan Lesser
 
Why Do Some People Fall for Phishing Scams and What Do I Do About it?
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Why Do Some People Fall for Phishing Scams and What Do I Do About it?
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Beth Sallay
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About itAleksandr Yampolskiy
 
Cybersecurity additional activities
Cybersecurity additional activitiesCybersecurity additional activities
Cybersecurity additional activitiesYumonomics
 
11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe online11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe onlineScott Schober
 

Recommended

Email phishing and countermeasures
Email phishing and countermeasuresEmail phishing and countermeasures
Email phishing and countermeasuresJorge Sebastiao
 
Digital Citizenship
Digital CitizenshipDigital Citizenship
Digital Citizenshipjleverett
 
Social groups for awareness
Social groups for awarenessSocial groups for awareness
Social groups for awarenessKaran Veer Singh
 
protecting your digital personal life
protecting your digital personal lifeprotecting your digital personal life
protecting your digital personal lifeNathan Lesser
 
Why Do Some People Fall for Phishing Scams and What Do I Do About it?
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Why Do Some People Fall for Phishing Scams and What Do I Do About it?
Why Do Some People Fall for Phishing Scams and What Do I Do About it?Beth Sallay
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About itAleksandr Yampolskiy
 
Cybersecurity additional activities
Cybersecurity additional activitiesCybersecurity additional activities
Cybersecurity additional activitiesYumonomics
 
11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe online11 Cybersecurity Tips to stay safe online
11 Cybersecurity Tips to stay safe onlineScott Schober
 
Lecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxLecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxDominicCaling
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineeringVi Tính Hoàng Nam
 
How Do Social Media Accounts Get Hacked ?
How Do Social Media Accounts Get Hacked ?How Do Social Media Accounts Get Hacked ?
How Do Social Media Accounts Get Hacked ?HusseinMuhaisen
 
Cyber safety.pptx
Cyber safety.pptxCyber safety.pptx
Cyber safety.pptxAchu69
 
EMPOWERMENT TECHNOLOGY - GRADE 11 POWERPOINT
EMPOWERMENT TECHNOLOGY - GRADE 11 POWERPOINTEMPOWERMENT TECHNOLOGY - GRADE 11 POWERPOINT
EMPOWERMENT TECHNOLOGY - GRADE 11 POWERPOINTTeacherNicaPrintable
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringVinay Bhargav
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Cyber Crime and Social Media Security
Cyber Crime and Social Media SecurityCyber Crime and Social Media Security
Cyber Crime and Social Media SecurityHem Pokhrel
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerSteve Poole
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxKevinRiley83
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker SideCybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker SideSteve Poole
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Cyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicCyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicKate Barney
 
Internet safety
Internet safetyInternet safety
Internet safetyjonathancallcott-efc
 
Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringPrem Lamsal
 
Issues with computers
Issues with computersIssues with computers
Issues with computersayerssaa
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Digital literacy 2
Digital literacy 2Digital literacy 2
Digital literacy 2mj_jamal
 
Dangers Of Internet - Parents Beware
Dangers Of Internet - Parents BewareDangers Of Internet - Parents Beware
Dangers Of Internet - Parents BewareNurizcka
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 

More Related Content

Similar to Spam as social engineering presentation.

Lecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxLecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxDominicCaling
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineeringVi Tính Hoàng Nam
 
How Do Social Media Accounts Get Hacked ?
How Do Social Media Accounts Get Hacked ?How Do Social Media Accounts Get Hacked ?
How Do Social Media Accounts Get Hacked ?HusseinMuhaisen
 
Cyber safety.pptx
Cyber safety.pptxCyber safety.pptx
Cyber safety.pptxAchu69
 
EMPOWERMENT TECHNOLOGY - GRADE 11 POWERPOINT
EMPOWERMENT TECHNOLOGY - GRADE 11 POWERPOINTEMPOWERMENT TECHNOLOGY - GRADE 11 POWERPOINT
EMPOWERMENT TECHNOLOGY - GRADE 11 POWERPOINTTeacherNicaPrintable
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Cyber Crime and Social Media Security
Cyber Crime and Social Media SecurityCyber Crime and Social Media Security
Cyber Crime and Social Media SecurityHem Pokhrel
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerSteve Poole
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxKevinRiley83
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker SideCybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker SideSteve Poole
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Cyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicCyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicKate Barney
 
Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringPrem Lamsal
 
Issues with computers
Issues with computersIssues with computers
Issues with computersayerssaa
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationJamie Proctor-Brassard
 
Digital literacy 2
Digital literacy 2Digital literacy 2
Digital literacy 2mj_jamal
 
Dangers Of Internet - Parents Beware
Dangers Of Internet - Parents BewareDangers Of Internet - Parents Beware
Dangers Of Internet - Parents BewareNurizcka
 

Similar to Spam as social engineering presentation. (20)

Lecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptxLecture in Empowerment Technologies week 2.pptx
Lecture in Empowerment Technologies week 2.pptx
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
How Do Social Media Accounts Get Hacked ?
How Do Social Media Accounts Get Hacked ?How Do Social Media Accounts Get Hacked ?
How Do Social Media Accounts Get Hacked ?
 
Cyber safety.pptx
Cyber safety.pptxCyber safety.pptx
Cyber safety.pptx
 
EMPOWERMENT TECHNOLOGY - GRADE 11 POWERPOINT
EMPOWERMENT TECHNOLOGY - GRADE 11 POWERPOINTEMPOWERMENT TECHNOLOGY - GRADE 11 POWERPOINT
EMPOWERMENT TECHNOLOGY - GRADE 11 POWERPOINT
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cyber Crime and Social Media Security
Cyber Crime and Social Media SecurityCyber Crime and Social Media Security
Cyber Crime and Social Media Security
 
Jax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developerJax london2016 cybercrime-and-the-developer
Jax london2016 cybercrime-and-the-developer
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
 
Cybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker SideCybercrime and the Developer: How to Start Defending Against the Darker Side
Cybercrime and the Developer: How to Start Defending Against the Darker Side
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
 
Cyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemicCyberattacks the-next-healthcare-epidemic
Cyberattacks the-next-healthcare-epidemic
 
Internet safety
Internet safetyInternet safety
Internet safety
 
Introduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineeringIntroduction to Social engineering | Techniques of Social engineering
Introduction to Social engineering | Techniques of Social engineering
 
Issues with computers
Issues with computersIssues with computers
Issues with computers
 
National Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness PresentationNational Life IT Department's Cyber Security Awareness Presentation
National Life IT Department's Cyber Security Awareness Presentation
 
Digital literacy 2
Digital literacy 2Digital literacy 2
Digital literacy 2
 
Dangers Of Internet - Parents Beware
Dangers Of Internet - Parents BewareDangers Of Internet - Parents Beware
Dangers Of Internet - Parents Beware
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 

Recently uploaded

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 

Recently uploaded (20)

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 

Spam as social engineering presentation.

  • 1. SPAM as social engineering Prof. Dr. Ing. Remus BRAD Lucian Blaga University of Sibiu Computer Science Dept.
  • 2. Spam as social engineering What is Social Engineering ? Is the unauthorized acquisition of sensitive information or inappropriate access privileges by a potential threat source, based upon the building of an inappropriate trust relationship with a legitimate user of an information technology system. The goal of social engineering is to trick someone – providing valuable information – access to that information
  • 3. Spam as social engineering What is Social Engineering ? Preys on qualities of human nature: • the desire to be helpful • the tendency to trust people • the fear of getting into trouble The sign of a truly successful social engineer is they receive information without raising any suspicion as to what they are doing.
  • 4. Spam as social engineering What is Social Engineering ? People are usually the weakest link in the security chain Social engineering is still the most effective method getting around security obstacles A skilled social engineer will often try to exploit this weakness before spending time and effort on other methods to crack passwords
  • 5. Spam as social engineering Social Engineering In attempting to persuade someone to do something, there are two methods a persuader can employ: • A direct request from the attacker uses systematic, logical arguments to stimulate a favorable response and prompting the recipient to action • An indirect request from the attacker uses mental shortcuts, misrepresent their objectives to trigger acceptance without thinking
  • 6. Spam as social engineering Social Engineering Make prospective victims more susceptible to persuasion by making some statement at the outset that triggers a strong emotion such as: Excitement “The Dean is writing up an award nomination for you and needs some additional information!” “You’re a winner of our lottery” Fear “The Dean is waiting for this!”
  • 7. Spam as social engineering Social Engineering Social engineering can be broken into: • Human based refers to person-to-person interactions to retrieve the desired information • Computer based refers to having computer software that attempts to retrieve the desired information
  • 8. Spam as social engineering Human-based Social Engineering Impersonation - help desks are the most frequent targets of social engineering attacks – A Social Engineer calls the help desk – Help desk is helpful – Social engineer will often know names of employees Important User - to pretend to be a senior executive – Help desk is less likely to turn down a request coming from a high-level official – Social engineer may threaten to report the employee to their supervisor
  • 9. Spam as social engineering Human-based Social Engineering Third-party Authorization - obtaining the name of someone in the organization who has the authority to grant access to information – Mr. John DOE says its OK – Before he went on vacation, Mr. John DOE said I should call you to get this information Tech Support - pretends to be someone from the infrastructure support – System is having a problem – Needs them to log on to test the connection
  • 10. Spam as social engineering Human-based Social Engineering In Person - enter the building and pretend to be an employee, guest or service personnel – May be dressed in a uniform – Allowed to roam – Becomes part of the cleaning crew Shoulder Surfing - looking over a shoulder to see what someone is typing – Passwords – Card numbers – PIN
  • 11. Human Based Social Engineering • Kevin Mitnick Spam as social engineering
  • 12. Spam as social engineering Computer-based Social Engineering Popup Windows - appearing on the screen, telling the user they have lost their network connection and needs to reenter their user name and password A program will then e-mail the intruder the information. Mail attachments - programs can and are frequently hidden in e-mail attachments – Viruses – Worms – Trojans
  • 13. Spam as social engineering Computer-based Social Engineering Spam, Phishing and Hoaxes – Rely on social engineering to be spread. – While they do not usually cause damage, they do cause a loss of productivity. – Frequently used by entrepreneurs in African countries (e.g., Nigerian scams) – They use valuable network resources. Websites – Offer something free or a chance to win on a Website – To register requires an e-mail address and password
  • 14. Spam as social engineering What is SPAM ? Unsolicited Commercial Email (UCE), also known as "spam" or "junk email" Spam is advertising wonder products for cheap prices 55 billion spam messages are sent per day It may comprise 95% of a person or company’s incoming email load It represents an ongoing arms race as users seek to stop it and spammers find ways to bypass new filters It is a delivery vehicle for email based scams
  • 15. The end goal of SPAM Spam as social engineering
  • 16. Spam as social engineering Social Engineering SPAM Dear Friend. As you read this, I don't want you to feel sorry for me, because, I believe everyone will die someday. My name is Peter Lawson,a merchant in Dubai, in the U.A.E.I have been diagnosed with Esophageal Cancer which was discovered very late,due to my laxity in carrying for my health. It has defiled all forms of medicine, and right now I have only about a few months to live, according to medical experts. I have not particularly lived my life so well, as I never really cared for anyone not even myself but my business. Though I am very rich, I was never generous, I was always hostile to people and only focus on my business as that was the only thing I cared for. But now I regret all this as I now know that there is more to life than just wanting to have or make all the money in the world. I believe when God gives me a second chance to come to this world I would live my life a different way from how I have lived it. Now that God ! has called me, I have willed and given most of my properties and assets to my immediate and extended family members and as well as a few close friends. I want God to be merciful to me and accept my soul and so, I have decided to give arms to charity organizations and give succour and confort to the less priviledged in our societies, as I want this to be one of the last good deeds I do on earth. The last of my money which no one knows of is the huge cash deposit of twenty four million dollars that I have with a Security Company in Europe for safe keeping. I will want you to help me collect this deposit and disburse it to some charity organizations and to the less priviledged. Please send me a mail to indicate if you will assist me in this disbursement. I have set aside 10% for you for your time and patience. You can e-mail me at:plawson@hknetmail.com While I await to hear from you, may God be with you and your entire family. Remain blessed. Mr.Peter Lawson
  • 17. Spam as social engineering Social Engineering Email Example Return-Path: <remus.brad@ulbsibiu.ro> From: <remus.brad@ulbsibiu.ro> To: <remus.brad@ulbsibiu.ro> Subject: Read carefully! Date: Wed, 24 Apr 2019 08:17:20 +0300 Message-ID: <687038.762826@68703.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Hello! At first, look at the sender adress "(Mail From:)" Do you know what that means? I got full access to your email account and sent it from there! Few months ago I infected your computer with mine private malware ( RAT, Remote Administration Tool ), your browser wasn't patched. My tool gave me full control over your computer, even your microphone and webcam. I collected all the interested things I have found on your computer, your pictures, your whole privacy you dirty pervert! I even recorded some video of you, over your webcam, you know what I mean!!! I give you the chance to pay me, exactly: 700$ in bitcoin ( BTC ), or I will publish all I got from you, on social network, messenger, and I will everyone else know about everything I got from you!!! Compared to the damage and hell it will bring into your life, I think its a very good price! You can register your bitcoin wallet here: login.blockchain.com/en/#/signup To get bitcoin, search on google "Where to buy bitcoins?". My bitcoin adress is: 15w8KYwC76vDRiSZD2LK6dEbHvs7N38mh6 I give you 3 days time to pay and don't forget, I got access to your email, and I will know if it was already read, so the time is running. Don't share this email with anyone, this is our little secret! MsgID: 7628263412
  • 18. Spam as social engineering What is Phishing? “Fishing for personal information” Use “spoofed” e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc.
  • 19. Phishing Examples • Credit Card Phishing Spam as social engineering
  • 20. Spam as social engineering Phishing Email Example Delivered-To: rbrad@ulbsibiu.ro Received: by 2002:ac2:5586:0:0:0:0:0 with SMTP id v6csp1939062lfg; Fri, 10 May 2019 02:04:10 -0700 (PDT) ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender) smtp.mailfrom=msvp_cnmch@wbhealth.gov.in Received: from mail.wbhealth.gov.in (mail.wbhealth.gov.in. [125.22.76.8]) by mx.google.com with ESMTP id 16si6460882pfh.244.2019.05.10.02.04.09 for <rbrad@ulbsibiu.ro>; Fri, 10 May 2019 02:04:10 -0700 (PDT) Received-SPF: pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender) client-ip=125.22.76.8; Authentication-Results: mx.google.com; spf=pass (google.com: domain of msvp_cnmch@wbhealth.gov.in designates 125.22.76.8 as permitted sender) smtp.mailfrom=msvp_cnmch@wbhealth.gov.in Received: from localhost (localhost [127.0.0.1]) by mail.wbhealth.gov.in (Postfix) with ESMTP id E0D03704D1AD; Fri, 10 May 2019 14:33:55 +0530 (IST) Received: from mail.wbhealth.gov.in ([127.0.0.1]) by localhost (mail.wbhealth.gov.in [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id DzNVdHTdibzY; Fri, 10 May 2019 14:33:54 +0530 (IST) Date: Fri, 10 May 2019 14:32:03 +0530 (IST) From: SUPORT <msvp_cnmch@wbhealth.gov.in> X-Originating-IP: [207.189.24.165] X-Mailer: Zimbra 8.0.5_GA_5839 (ZimbraWebClient - GC74 (Mac)/8.0.5_GA_5839) Înștiințare!!! , Contul contului dvs. de e-mail este datorat pentru validare și e-mailurile dvs. sunt în așteptare. Veți fi dezactivat din mesajele de expediere / primire până când veți revalida căsuța poștală a contului. :MAILBOX VALIDAT: <https://www.formpl.us/form/281946001> SUPORT SISTEM. 001.77 ##
  • 21. SPAM in numbers Spam as social engineering Lucian Blaga University of Sibiu E-Mail Server - Study Case
  • 22. Statistics of our mail service (Spam Assassin): Range: April - May Increase of received Spam / 15 minutes: ~ 290% Increase of received Ham / 15 minutes: ~ 50% Spam as social engineering SPAM in numbers
  • 23. Statistics of our mail service: Range: April - May Increase of rejected mail / 15 minutes: ~ 230% Increase of accepted mail / 15 minutes: ~ 150% Spam as social engineering SPAM in numbers
  • 24. Statistics of our mail service: Range: April - May Spam as social engineering Viruses vs. SPAM +4% +290%
  • 25. Statistics of our mail service: Range: April - May Spam as social engineering Server Loads
  • 26. Spam as social engineering SPAM in numbers Statistics of our mail service: Range: April
  • 27. Spam as social engineering Legitimate e-mail in % 4,01%
  • 28. Spam as social engineering The End Thank you