Social Engineering

  • Define the term social engineering
  • Describe what social engineering is
  • Describe how to protect against it
  • Explain the following:
    • blagging
    • phishing
    • shouldering

Social Engineering

  • Social engineering is manipulating people into doing something they would not normally do, by taking advantage of their trust.

Blagging

  • Blagging (pretexting), usually done on the phone, but can be done face to face.
  • The criminal invents a scenario to persuade people to hand over information they would not normally do.
We think your bank account has been hacked, to prevent your money being lost we need to reset your login details urgently.
What is your username?
What is your insecure password, we will reset for you?"

Phishing

  • Phishing uses fake emails, SMS (short message service), or websites to trick people into handing over sensitive data.
  • Usually made to look like the message/site has come from a bank, e-commerce site or email provider.
  • Clicking on a link will usually take you to a fake version of the website and capture your login details.

Shouldering

  • Shouldering (shoulder surfing) is where someone watches you entering login details, passwords, PINs
  • This could be by looking over your shoulder, or even using recording equipment (i.e. cameras)
  • This is why people are encouraged to enter PINs whilst covering their hand with their other hand.
  • This is also why passwords appear on screen as ************

Preventing Social Engineering

  1. Education, making users aware of the methods of social engineering and how to reduce the risks.
  2. Checking emails are genuine, checking the email address.
  3. Looking out for typing errors or poor grammar, this might indicate the email is not authentic.
  4. If possible, verify the email is legitimate using another communication method.

Preventing Social Engineering

  1. Avoid clicking on a link to a website, go to the website directly using a separate browser.
  2. Never download from a source you don't know or trust.
  3. Cover your hand when typing a PIN.
  4. Never give out your PIN/password to another person.

Questions

  1. Define social engineering.
  2. Identify three different social engineering techniques.
  3. Explain how shouldering is carried out.
  4. Blagging is a form of social engineering. Describe how it is used to gain personal data.

Answers

The process of tricking or manipulating people into giving away confidential information or access details.

  1. Define social engineering.

Answers

  • Blagging
  • Phishing
  • Shouldering
  1. Identify three different social engineering techniques.

Answers

Shouldering involves watching people as they enter their login details or PINs.

  1. Explain how shouldering is carried out.

Answers

A criminal inventing a scenario to trick a victim into divulging information that they wouldn't normally do otherwise.

  1. Blagging is a form of social engineering. Describe how it is used to gain personal data.

6b Social Engineering

By David James

6b Social Engineering

Computer Science - Cyber Security - Social Engineering

  • 519