I recently gave a low-tech security and social engineering talk at my company to help raise awareness of better password practices and scenarios to be on the lookout for. The deck is 36 slides, and you can download it in PDF, .key or as images.
I will warn you that a few slides are not appropriate for all corporate environments – or any corporate environments, really. But you’re welcome to use the bits that may be helpful to you.
My company is small, so I omitted the scenarios that are really more appropriate for large companies with IT departments they do not know personally. My office is open (everyone can see each other), so someone calling and claiming to be from IT would stand out as someone who is full of shit pretty quickly.
This isn’t meant to be all-encompassing, and the audience is not meant to be a technical one. It seemed to go over well though, and enough people laughed that I think it kept their attention. More importantly perhaps, more than half of them left looking a little alarmed, which was really the whole point. Also note that the slides don’t reflect the entire content of the presentations, since I would be a shitty speaker if I were just reading from slides.
If the topic of social engineering is of interest to you and you’d like to learn more, I strongly recommend picking up the following books – they are outstanding and worth every penny (and then some):
- The Art of Deception: Controlling the Human Element of Security [paperback] [kindle]
by Kevin Mitnick
- Social Engineering: The Art of Human Hacking [paperback] [kindle]
by Christopher Hadnagy
Both of these books are really exceptional, and even if you’re not in the information security field, they’re damned interesting to read. Some of the case studies in this presentation were taken directly from these books, as both have extensive detailed examples that may be more suitable for the type of company you work for.