Social engineering

<< Previous: Penetration testingNext: Malicious code >>

About social engineering

Social engineering is the art of manipulating people so they give up confidential information. There are 3 types of social engineering you should be familiar with: blagging, phishing and shouldering.

Blagging

Blagging, sometimes called pretexting, is the act of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.

You may have seen an ad warning of receiving a text from a relative who is travelling saying they are in hospital lost their cards and need cash. In reality their email has been compromised and people are trying to defraud their friends and family.

CEO fraud has cost huge amounts for business. This is where employees are tricked into sending large sums of money to fraudsters who appear to be from a bosses email and request urgent payments.

The best way to avoid blagging is to be aware of it and be wary of any unusual requests you receive. For firms, employees should receive training to help avoid falling victim to blagging and the firm should have solid guidelines for identifying people and knowing what data can and can't be given.

Phishing

As the name implies phishing is about casting a wide net and trying to see who you can catch. They do this by sending the same email or text message to thousands of people. These messages often contain either a link which if clicked may download malicious software or take you to a pharmed site or they have a request for you to enter your personal details.

Many phishing emails will use recent news stories to try to fool victims. During covid scammers would send fake details for tests and collect users data.

The best way to avoid phishing is to be very mindful of its existence and wary of any emails from unknown sources, particularly with suspicious links or requests for information. There are also a number of things you can look for that are common in many phishing scams. These are things such as: it comes from a strange email address; there are many spelling and or grammar mistakes; there is a sense of urgency compelling you to reply quickly; or it is not addressed to you personally. Spam filters will often also catch a lot of these messages.

Shouldering

Shouldering, sometimes called shoulder surfing, is when a hacker observes a person enter their password or PIN so they can use it later.

You may have seen an ad warning of people who observe people enter their PIN at an ATM and use distraction to swap their card for another and take money out.

The use of long range lenses on cameras and tiny cameras that can be concealed near machines makes this problem worse.

The best way to avoid shouldering is to cover up as you enter your PIN or password.

Knowledge check


Questions:
Correct:

Question text


<< Previous: Penetration testingNext: Malicious code >>

© All materials created by and copyright S.Goff