In a few minutes you'll learn the most important things about social engineering.
What and Why?
Social engineering relies on human errors and occurs wherever people are involved.
There are many different types of social engineering, all of which, to varying degrees, depend on exploiting human relationships to manipulate victims into performing specific actions.
What and Why?
Most people are helpful and friendly; these are largely good qualities. Unfortunately, social engineering often exploits people's helpfulness and kindness.
Holding a door open for a seemingly stressed stranger in a secure area where access cards are required can sometimes have dire consequences...
What and Why?
As social engineering attacks grow more common, it's crucial to recognize warning signs and understand the purpose behind seemingly strict organizational policies.
What and Why?
With today's antivirus software, firewalls, and other safety precautions, it requires extensive knowledge to access protected information. For criminals, it's usually easier to trick victims into disclosing sensitive information.
True or False?
Anti-virus software does not help defend against social engineering
No, try again!
Correct!
Right, it's true - antivirus software does not help defend against social engineering.
What and Why?
By studying their victims on social media and other public platforms, fraudsters can obtain detailed information about them.
It's relatively easy to find out your employer's name or where you've been on vacation. This information is then used in social engineering attacks, to make them seem more plausible.
Fake Profiles
Criminals often create meticulous fake identities to hide their real selves and appear more interesting. These fake identities are often supported by accounts on multiple social media platforms.
Fake Facebook profiles may display both photos and contacts to appear trustworthy and make background checks more difficult. Think twice before accepting a social media contact request from someone you don't know.
Custom Attacks in Several Steps
Social engineering attacks are often carried out in steps:
The following is a description of how these steps may unfold:
First Step
The first step for fraudsters is to gather information about you, your business, and your relationships. More ambitious fraudsters go even further, often contacting their victims under a custom-made cover to access even more information.
First Step
You or your organization may receive phone calls or emails from someone claiming to be, for example, a real estate agent or a potential customer. In reality, it's a fraudster trying to gather information about you, your organization, and your security measures.
First Step
It can be extremely difficult to determine whether it's appropriate to answer questions or provide information. Stay calm and verify who is asking for the information and for what purpose.
Seemingly insignificant details can, in some contexts, help a fraudster carry out a social engineering attack.
Second Step
In step two, more ambitious fraudsters try to build trust with their victims. For example, they may send false information about themselves or pretend to be interested in hiring your organization.
By initiating a seemingly harmless conversation, they hope to lower the victim's guard before the final stage of the attack.
Third Step
In the third and final step, the social engineering attack is executed. At this stage, the fraudster attempts to get you to reveal sensitive information, transfer money, or perform actions that could harm you or your organization.
The attack often becomes technical at this point, such as having you click a link or open a file that contains malicious program code.
Are You Following?
How can you protect yourself against social engineering attacks?
No, try again!
No, try again!
No, try again!
Correct!
Correct! You can protect yourself from social engineering attacks by being careful with whom you share information.
Real-Life Examples
Posing as a young female photographer, hackers were able, after a period of social media contact, to persuade a male IT engineer at a global company to help "her" build a website.
Shortly thereafter, "she" convinced "her" victim to open a file that installed spyware, giving the hackers access to the victim's computer.
Real-Life Examples
Using voice distortion during a phone call, fraudsters convinced a British energy company to transfer nearly £200,000 to a bank account in Hungary.
With the help of new technology, the fraudsters were able to mimic the voice and dialect of a senior company executive. The person receiving the call believed they recognized the manager's voice and completed the transaction.
Stay Vigilant
Fraudsters are creative and continually evolve their tactics. They combine different media and communication methods to find new ways of gathering information about their victims.
Emails, phone calls, text messages, and other forms of communication, may be part of a scam intended to harm or steal from you and your organization.
Stay Vigilant
While it may seem complicated and unnecessary, it's crucial to know and follow the procedures and guidelines of your organization. Stay vigilant, and always verify the recipient's identity before disclosing any information about yourself or your organization.
Congratulations!
Well done! You've now completed the course.
We'll contact you when it's time for the next course. You may now close this window.
