Social engineering uses various methods to trick people. Using charm, power, and influence are ways to achieve the goal of obtaining information, money, or both. Lisa Bock illustrates catfishing, a newer form of social engineering, whereby a cybercriminal poses as a love interest on a dating website and lures you into a relationship.
- [Voiceover] Catfishing is a newer form…of social engineering whereby a cyber criminal…poses as a love interest on a dating website…to try to lure a victim in to a relationship.…This is a dangerous hoax,…as it crosses over to the personal side…that is normally protected from the corporate oversight.…Even though it is a personal social engineering attack,…the goal is still the same.…The cyber criminal wants information,…money, or both.…
The cyber actor will create a believable online persona…with a job that requires travel,…and an attractive picture…that they most likely have stolen.…As part of the romance scam,…they sometimes target a specific individual…because of their position,…or possibly, affluent lifestyle.…Jenny is a vice president…in charge of research and development…in a major pharmaceutical company.…She divorced her husband of 25 years 14 months ago,…and is now ready to dip her toe…in to the dating pool.…
With the help of her friend,…she set up a profile on an online dating site,…and let the rest happen.…
In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks.
Note: This course maps to the Social Engineering competency of the Certified Ethical Hacking exam. Review the exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Visualizing the victim
- Recognizing an attack
- Using charm, power, and influence
- Manipulating with social media
- Preventing insider attacks
- Stealing identities
- Pen testing with social engineering
- Taking countermeasures