Lisa Bock offers some suggestions on how to recognize a social engineering attack such as watching out for unscheduled service calls. Viewers will first observe a successful attack, and then view a scene that is not as successful because a well-trained receptionist is able to recognize a social engineering attack.
- [Voiceover] A trust relationship is important…when conducting a social engineering attack.…Someone with the appearance of a uniform…has an easier chance of gaining access.…Obtaining an official shirt from…a local utility company is not difficult.…Anyone can purchase a uniform online for a reasonable price.…In this scenario, we see two different outcomes.…- Hi, welcome to Connetico.…- Hi, my name's Carl.…I'm here with the cable company,…here to check a possible network node issue.…
- Oh, where is it?…- It says here it's in the server room.…- Okay, let me get Ricky, our intern, to let you in.…- Great. Thank you.…- Hey, Ricky, there's a guy here who needs…to be let in to the server room.…Okay.…Great.…You can head into the back and wait for him.…- Great. Thank you so much.…- [Woman] You're welcome.…- [Voiceover] Many times, employees are not being trained…to challenge or question strangers.…In this case, the receptionist offered the hacker assistance…and Ricky might even hold the door open for him…while they are making off with company property.…
In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks.
Note: This course maps to the Social Engineering competency of the Certified Ethical Hacking exam. Review the exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Visualizing the victim
- Recognizing an attack
- Using charm, power, and influence
- Manipulating with social media
- Preventing insider attacks
- Stealing identities
- Pen testing with social engineering
- Taking countermeasures