Time
1 hour 51 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

Social Engineering Now that we've discuss the various types of security attacks there are, we take a deeper look at Social Engineering attacks. We look at a broad range of Social Engineering attacks such as Shoulder Surfing, tailgating and then explains what happens during those attacks and how they can be prevented. [toggle_content title="Transcript"] Welcome to Cybrary IT my name is John Oyeleke. I'm your subject matter expert for the security plus exam that is a CAMPTIA security plus S-Y-0-4-0-1. Today I will be discussing social engineering. We have social engineering; this is the type of attack against humans. Malicious individuals will seek to trick, confuse or manipulate users or customers or clients such that they do what they are not supposed to do or say what they are not supposed to say. We have several forms of social engineering one of which is called shoulder surfing. Shoulder surfing is a type of attack in which another: is looking over someone else's shoulder. The objective is to see what they're typing on the screen, what they're reading on the machine or gain unauthorized knowledge of certain information. Another type of attack is tale-gating. In the tale-gating attack, malicious individual follows very closely behind an authorized user into the facility. This is without entotic ting or identifying themselves properly we also have a social engineering attack called a hoax. A hoax is a false story you give to individuals such that they perform: activities they're not meant to perform. You give them a false story, untrue story and make them act on that story that is a hoax. If you have a social engineering attack, via e-mail--we call it a fishing attack-- malicious individuals seek to obtain credentials; may be credentials to the web account, credentials to the website or credentials to some sort of account with which they could later on gain access. An email is sent to the user to deceive the user as if they were logging onto a real website. in that attempt the credentials are obtained. That is what we call efficient attack. This is a social engineering attack the email. Another social engineer attack, we have that telephone or voice. Voice over Internet Protocol is something called Vision. Malicious persons will attempt to call you or view your I.P. void to intimidate you, to influence you, to confuse or deceive you to carry out an activity. Please bear in mind for the exam, they might not say they want phone, they could just say call. When you hear the word call in a social engineering attack, the Word call using the social engineering attack means your vision. Next we look at something called warring. If your target in the social engineering attack is a V.I.P or executives C.E.Os, we call it a warring attack. In the warring attack your target is C.E.Os, V.I.P.'s executives. Bear in mind if it's an official attack but the target is a V.I.P. It's also called a warring attack. You could be making a call and the target is a V.I.P. it's still a warring attack as long as the target is a V.I.P., executive, it's a warring attack. We could also look at something called spear fishing. This is another social engineering attack in which one person or a group of people that have something in common are selectively attacked. Say one malicious person were to attack, single mothers with the aim of railing them online to give their Social Security numbers, bank account numbers that will be regarded as the Spearfish in attack. We also have something called dumpster diving. Individuals will go into your dumpster looking for any information that will give them knowledge, knowledge about your organization, knowledge about who is servicing your company, knowledge about the facility maybe how to access the facility blueprint, maps, plans, directories, drives, storage drives, dumpster diving. Another type social engineering attack we have is impersonation. In this type of attack, malicious individual pretends to be someone they're not. So it could also follow on from a dumpster diving attack. I could gather so much information about you either online, social media or your dumpster and impersonate a staff of the company essentially in an impersonation attack malicious person seek to gain entry into a facility or over the phone have an IT person changing information on the system usually a password. This is it for social engineering. I hope you've had a nice time with us today. We look forward to seeing you in our next video. [/toggle_content]

Video Transcription

00:03
Welcome to cyber I t. My name is John Relay Kay. I'm your subject matter expert for the security plus exam that is the country's security plus x y +0401 Today I will be discussing social engineering.
00:18
We have social engineering. This is a type of attack against humans.
00:23
Militias. Individuals will seek to
00:26
trick, confused or manipulate users
00:29
or customers or clients such that they do what they know supposed to do or say what they know supposed to say. We have several forms of social engineering,
00:39
one of which is called shoulder surfing.
00:42
Shoulder soffin
00:44
is a type of attack in which another person is looking over someone else's shoulder. The objective is to see what they're typing on your screen,
00:54
what they're reading on the machine
00:56
or gain unauthorized knowledge offsetting information.
01:00
Another type of attack is tailgating in the till getting attack.
01:04
Malicious individual follows very closely behind
01:10
unauthorized user into the facility. This is without authenticating. Oh, I didn't define themselves properly. We also have
01:19
the social engineering attack called hoax. Hoax is a false story. You give two individuals such that day perform
01:26
activities they're not meant to perform. So you give them a four story on on true story on Make them at on that story that is a hoax. If you have a social engineering attack, their email,
01:42
we call it a phishing attack.
01:44
Militias. Individuals seek to obtain credentials, maybe credentials, the Web account credentials to a website or credentials to some sort of account with which they could now let our own gain access. So an email is sent to the user
02:01
to deceive the user. I see if they were logging on to a real website
02:07
in that attempt,
02:08
the credentials are obtained. So that is what we call efficient attack. This is a social engineering attack. Their email, another social engineering attack. We have their telephone or VoIP. Voiceover. Internet protocol is something called
02:25
vision. Malicious persons will attempt tow call. You view I p.
02:31
Boy
02:34
to intimidate you,
02:36
doing influence you
02:38
toe confuse or to deceive you carry out an activity.
02:43
Please bear in mind for the exam. They might not say they want phone the could use a call
02:49
when you hear the word call Social engineering attack. The would call using the social engineering attack means your vision. Next we look at something called Willing. If your target in the social engineering attack is a V I, P
03:06
or executives CEO, we call it a whaling attack
03:10
in the willing attack. Your target in CEOs V. I. P s executives bear in mind if it sufficient attack. But the target is a V i. P.
03:22
It's also called a winning the tack
03:25
you could be making a call on the target is a V I. P.
03:30
It's still a willing attack. As long as the target is a V I. P executive.
03:36
It's a willing attack.
03:37
We could also look at something called spearfishing.
03:40
This is another social engineering attack in which one person or a group of people that have something in common are selectively attacked.
03:52
So say one malicious person where to attack
03:55
single mothers with the aim off, luring them online to give the Social Security numbers bank account numbers that will be regarded as a spear phishing attack. We also have
04:10
something called dumpster diving.
04:13
Individuals will go through your dumpster looking for any information that could give them knowledge, knowledge about your organization, knowledge about who is servicing your company, knowledge about the
04:28
facility, maybe how to access the facility. Blueprints, maps, plants, directories,
04:34
drives, story drives,
04:39
Dumpster diving.
04:42
I'm not a type of social engineering. Attack we have is impersonation
04:46
in this type of attack militias. Individual pretends to be someone they're not.
04:53
So it could also follow on from it. Dumpster diving attack.
04:58
I could get us so much information about you. Either online their social media or your dumpster on. Impersonate
05:05
a stuff off the company.
05:08
Essentially in an impersonation attack. Malicious person. Seek to gain entry into a facility or over the phone. Have a nightie person change information on the system. Usually a password. This is it for social engineering.
05:25
I hope you've had a nice time with us today.
05:28
We look forward to seeing you in our next videos.

Up Next

Fundamental Vulnerability Management

Vulnerability Management is a continuous information security risk process that requires management oversight and includes a 4-tier approach of: discovery, reporting, prioritization, and response

Instructed By

Instructor Profile Image
John Oyeleke
Lead IT Security Instructor
Instructor