Social Media: How you make yourself a target and help obstruct corporate security

Recordings

https://www.youtube.com/watch?v=kb3WM_BtxcA

View Recording

Abstract

Online presence is undeniably important. But despite the benefits social networking can create, a strong online presence can also become a vulnerability. Christina will explain how the online presence of a company’s employees on social media can attract social engineers to target them and victimize them into “open doors” through the organizational security. The talk covers the topic of information gathering through social media and explains how even seemingly innocent information can be exploited and used to manipulate targets. A two-part demonstration is included on how a hacker’s mind works when harvesting information on social media; The first part includes real examples of posts that expose vulnerabilities, attract attackers and ultimately lead to security breaches. The second part includes a demonstration on how personal information provided online are gathered, categorized, analyzed and then used to craft an attack, as well as how one ends up revealing online more than he intends to. The talk closes with practical recommendations and best practices. The purpose on this talk is not to make everyone delete their online presence but rather, to urge them to use it responsibly. Training and awareness is often a catalytic factor between a successful or an unsuccessful attack attempt.

Christina Lekati

Christina Lekati is a Social Engineering expert and ethical human hacker. With a background in Psychology, she learned the mechanisms of behavior, motivation, decision making, as well as manipulation and deceit. She became particularly interested in human dynamics and passionate about social engineering. Her writings on social engineering strategies earned her a distinction during her master studies. Christina has participated among other things, in forensic investigations within companies, and in needs and vulnerabilities assessments. She is currently working with Cyber Risk GmbH, a provider of cyber security training programs, as a social engineering expert and trainer.