Video Description

In this lesson, Subject Matter Expert Dean Pompilio discusses social engineering techniques that are used to manipulate people into giving out sensitive information or performing in certain ways that allow attackers to be more successful with less effort when hacking computers or stealing information. This lesson covers the following techniques:

  • Dumpster diving
  • Impersonation
  • Shoulder surfing
  • Making malicious copies of legitimate Web sites
  • Phishing
  • Making a malicious copy of an Interactive Voice Response (IVR) system
  • Baiting
  • Quid pro quo
  • Tailgating (also known as Piggybacking)

You will learn where you can legally dumpster dive, how effective impersonation can be, where shoulder surfing can be done, and how malicious copies of Web sites or IVRs can be used to obtain sensitive information. SME Pompilio discusses the differences between phishing, spearfishing, and whaling and how baiting is done with iUSB flash drives infected with malware that runs with the autorun or autoplay function when the flash drive is inserted into a victim's computer. This lesson covers the techniques of quid prop quo – where the attacker convinces the victim that they are each doing a favor for the other person – and tailgating, which is also known as piggybacking. An attacker uses tailgating to enter a building by surreptitiously joining a group that has legitimate entry to the building. This technique also can be carried out by dressing as a technician or delivery person to gain entrance or by impersonating someone who genuinely works in the building.

Course Modules