Learn about the impact of social engineering and how to take steps to counter this type of attack.
- [Instructor] Defending against social engineering … in an organization is difficult. … We cannot defend using hardware and software alone. … Therefore a successful defense … requires effective information security policies, … standards, and education. … There are some best practices. … Know who is on the line, … use caller ID for all calls, … and if possible, use a separate ringtone … for inside calls. … Hesitate before transferring an outside call. … Hackers use social engineering to navigate a company … and learn the name of key employees. … Take down the name and the number … and forward the message to the appropriate person. … Create help desk procedures … so employees know how to verify someone … on the other line. … Know who's in your building. … Allow only authorized individuals … to roam freely about the building. … Provide an escort if possible. … Any service people must show appropriate identification. … Train receptionists to make a phone call when unsure, … especially when requesting forbidden information or access. …
In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks.
Note: This course maps to the Social Engineering competency of the Certified Ethical Hacking exam. Review the exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Visualizing the victim
- Recognizing an attack
- Using charm, power, and influence
- Manipulating with social media
- Preventing insider attacks
- Stealing identities
- Pen testing with social engineering
- Taking countermeasures