When conducting social engineering, testing can be in person or on the phone. Lisa Bock explains how the social engineer must select the victim or target very carefully, as a suspicious or hesitant victim might set off an alarm. Watch as someone takes advantage of an overworked employee to get what he wants.
- [Voiceover] When conducting social engineering tests,…we have a number of attacks we can try.…Testing in person and on the phone…will require more acting skills,…as the victim may notice subtle clues or nervousness.…When setting up the attack, choose the victim carefully,…as a suspicious or hesitant victim might set off an alarm.…Any successful social engineering attack begins…by gathering information on your target.…Once gathered, the social engineer will use…the information to approach the target.…
When talking about attacks, we can still use the phone,…and there are a number of different attacks using the phone.…Many people still use a landline…or hard line for their phone service.…A robocall uses a computerized…auto dialer to reach a person.…Once on the phone, a person will pitch something…to the victim and try to get them to buy something…using a credit card, give up personal information,…or get the victim to install something on their computer…so the hacker has remote access.…
Some red flags are classic lines such as,…
In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks.
Note: This course maps to the Social Engineering competency of the Certified Ethical Hacking exam. Review the exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Visualizing the victim
- Recognizing an attack
- Using charm, power, and influence
- Manipulating with social media
- Preventing insider attacks
- Stealing identities
- Pen testing with social engineering
- Taking countermeasures