Social engineers must have a variety of skills and tools that are used to obtain information. Lisa Bock explains how social engineering has a strong overtone of psychology with a mix of theatrical skills, rehearsed and perfected to achieve a goal. The key is knowing which method will work on the victim.
- [Voiceover] Social Engineering can involve direct…interaction with the victim or use technology.…Either way, social engineers must have a variety…of skills and tools that are used…in order to obtain information.…The key is knowing which method will work on the victim.…Although there are different methods,…the social engineer, many times will use Pretexting…which is lying in order to obtain information.…The social engineer will use different approaches…depending on a situation and the victim.…
With a direct approach the social engineer simply…asks the target for the information.…Most likely the social engineer may have taken the time…to build a relationship with the victim,…and then rehearsed possible arguments for his or her…case in order to get the victim to act.…With an indirect approach,…the social engineer will concoct a believable story.…They will try to trigger a reaction…such as excitement or fear to fuel the con.…
They may try impersonation of someone who needs…help in another department.…In this approach, it's important to have an understanding…
In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks.
Note: This course maps to the Social Engineering competency of the Certified Ethical Hacking exam. Review the exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Visualizing the victim
- Recognizing an attack
- Using charm, power, and influence
- Manipulating with social media
- Preventing insider attacks
- Stealing identities
- Pen testing with social engineering
- Taking countermeasures