Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our social engineering module. In this module, we will discuss social engineering. We will define it, discuss its effectiveness, review some attack methods, and also discuss some counter measures. Social engineering is a very effective attack on our access controls. In this method, an attacker uses deception and trickery to try to convince your employees to either provide sensitive data, or violate some type of security policy.
This type of method exploits the weakness in human judgment and also the fact that humans generally do not wanna be involved in confrontation, and have a desire to be helpful. Attackers can use any type of one to one communication method, including email messages, phone calls, or even arriving at your place of business and speaking with employees face to face.
There are several different types of social engineering attacks. One of the types is impersonating another person, so the attacker could pretend to be a repair man. Maybe they tell your employees that they're there to recharge your fire extinguishers or something like that. They can also pretend to be a high level manager or a help desk employee, in either a phone call or an instant messaging conversation, trying to get your employee to divulge a password or provide other sensitive information.
Spoofing and phishing emails are also very common. A spoofed email is one where the attacker pretends to be someone else and sends the email to a user, impersonating another person perhaps that works for the company and trying to get them to perform some type of task. A phishing email is generally sent to a large number of users and attempts to get the users to either provide information or click a malicious link.
Spear phishing is a type of phishing where a specific user or group of users is targeted. The targeted users are usually higher level executives who have access to very sensitive resources. Another attack method is vishing or voice phishing used to call individuals on the phone and attempt to gain information from them.
Piggy-backing is another common attack method. Here, the attacker will follow one of your authorized users into the building and attempt to gain access, even though they do not have authorization to enter. With shoulder surfing, the attacker will look over your user's shoulder and attempt to gain information, such as their password as they enter it on the keyboard, or they could just look at the users screen and view sensitive data, or photograph the screen and take that sensitive data out of the facility.
Eavesdropping is a method where the attacker places themself near other users that are discussing potentially sensitive information and is able to overhear that information and then use it for malicious purposes. It is important to put countermeasures in place to combat social engineering attacks. The best method to fight social engineering attacks is to provide training to your users.
Your user should be familiar with the different methods used by adversaries to access information or resources that they should not have access to. You need to have clearly defined security policies and procedures. And the user should be aware that they need to follow those procedures even if it's uncomfortable to tell someone no.
Penetration testing is a nice way to test your system to make sure that it's functioning properly and that your employees will react appropriately. You can also have internal fishing campaigns where your IT staff will send out fishing emails to see how many of your users will click the link in the email or perform any other undesirable action.
A security awareness program is also important to let your users know the types of threats that they might face so that they can combat them. Also, a clear desk policy or clean desk policy is very important in case someone does gain physical access to your facility. With this policy, users are not permitted to leave any information on their desks at the end of their shift.
All of the information needs to be secured in locked desk drawers or filing cabinets. This way, if an intruder is able to enter the building they will not be able to obtain any sensitive records. You will most likely see a question on the CISSP exam about the clean desk or clear desk policy and you should be familiar with it.
This concludes our social engineering module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!