Explore some common techniques used by social engineers—who attempt to trick their victims into casually revealing sensitive internal information—and learn what end users can do to protect themselves from these attacks.
- [Tom Tobiassen] Greetings, this is Tom Tobiassen, your instructor for this course. In this course, we will be talking about the security threat called social engineering. Social engineering is where a hacker, or criminal, is a con artist that is good enough to convince you to give them your information outright, or manipulate you into thinking their access is legitimate. The internet, for many, has changed our lives in many ways that humanity has not seen since the start of the industrial revolution.
Today, just about every aspect of our lives is touched or touches the internet. Education, shopping, entertainment, our jobs, and much more now involve the internet in some way. Our introduction with the internet has increased dramatically with the introduction of smartphones and tablets just a few years ago. With a world's population of over seven billion people, it is expected that five billion of those people will be connected to the internet by 2020.
We now have the ability to connect directly with most of the world's population. The internet also connects devices in ways that were once not imaginable. Everything in our homes, office, and even our cars, can soon, or will be soon, connected. It is expected that over 50 billion devices will be connected to the internet within the next few short years. If you think about it, at your home, your furnace, your lighting, the doorbell, the garage door, the security system, either today or soon will be connected to the internet, giving you the ability to monitor and control every aspect of your living environment.
So what does that mean for you in terms of your protection? Since the beginning of society, unsavory individuals have worked hard to find ways to steal your property and money. These hucksters and charlatans have devised tricks and cons that prey on your good nature to create hoaxes and illusions that make you believe that they are something they are not. It was not unusual, a century ago, that a snake oil salesman would venture into a community and convince the residents that some fearful event will soon be consuming their lives, and the purchase of a magic formula will protect them from this plague.
Time after time, we watch classic movies like The Sting, where elaborate cons are created to present the illusion of a get-rich-quick scheme, tricking the greedy into investing millions only to see that they have been conned. In times past, these cons and tricks needed to be done either in person, or through the mail. Today, these cons can be performed from anywhere, by anyone in the world, and you can fall prey to these deceptions. The internet has created tremendous numbers of ways for you to be attacked by these hucksters and con artists of the world.
And it does not take a lot of time, effort or money on their part to take advantage of you. You need to constantly be on your guard. Look for suspicious activity or messages, and do not respond to anything that you cannot verify as being legitimate. One of the easiest forms of deception and theft is achieved through techniques that are generally called social engineering. These forms of deliberate attacks are done by devious individuals that are specifically working to steal your money.
This is not a lot different than holding you up on the street. But in most cases, the victim gives up their money, and personal information, and account numbers, voluntarily. By the time the victim figures out that they have been had, the money is gone and too often not retrievable. The worst part is that the crook will never be held accountable or be punished for the theft. It is important that you are aware of these social engineering techniques, and know what to do to avoid becoming a victim.
In social engineering, the attacker uses human psychology, curiosity, and your goodwill to entice you to give up personal information to use for the attacker's benefit. Make no mistake about it. Using social engineering is an attack against you, your family, and your company to steal money, credit, intellectual property that is no different than a bank robber walking into a bank to steal a bag of money from the teller. It's up to you as a computer user, as an employee, as a family member, to be aware of the social engineering attacks, and take the necessary precautions to protect yourself, and your assets, from the attacks of these well-trained and practiced threat actors using social engineering techniques.
So we just talked about charlatans and hucksters using tricks called social engineering to go after your money, your personal information, your credit, your property. And the social engineering techniques are very effective because they prey on your goodwill and use psychological tricks to go after you. So from here, we're going to go into detail about what is social engineering? What are some of the concepts of social engineering? And what are some ways to avoid being caught in the trap of the social engineering expert?
Note: This course was recorded and produced by Mentor Source, Inc. We're pleased to host this training in our library.
- Shoulder surfing
- RFID theft