Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Social Engineering Now that we've discuss the various types of security attacks there are, we take a deeper look at Social Engineering attacks. We look at a broad range of Social Engineering attacks such as Shoulder Surfing, tailgating and then explains what happens during those attacks and how they can be prevented. [toggle_content title="Transcript"] Welcome to Cybrary IT my name is John Oyeleke. I'm your subject matter expert for the security plus exam that is a CAMPTIA security plus S-Y-0-4-0-1. Today I will be discussing social engineering. We have social engineering; this is the type of attack against humans. Malicious individuals will seek to trick, confuse or manipulate users or customers or clients such that they do what they are not supposed to do or say what they are not supposed to say. We have several forms of social engineering one of which is called shoulder surfing. Shoulder surfing is a type of attack in which another: is looking over someone else's shoulder. The objective is to see what they're typing on the screen, what they're reading on the machine or gain unauthorized knowledge of certain information. Another type of attack is tale-gating. In the tale-gating attack, malicious individual follows very closely behind an authorized user into the facility. This is without entotic ting or identifying themselves properly we also have a social engineering attack called a hoax. A hoax is a false story you give to individuals such that they perform: activities they're not meant to perform. You give them a false story, untrue story and make them act on that story that is a hoax. If you have a social engineering attack, via e-mail--we call it a fishing attack-- malicious individuals seek to obtain credentials; may be credentials to the web account, credentials to the website or credentials to some sort of account with which they could later on gain access. An email is sent to the user to deceive the user as if they were logging onto a real website. in that attempt the credentials are obtained. That is what we call efficient attack. This is a social engineering attack the email. Another social engineer attack, we have that telephone or voice. Voice over Internet Protocol is something called Vision. Malicious persons will attempt to call you or view your I.P. void to intimidate you, to influence you, to confuse or deceive you to carry out an activity. Please bear in mind for the exam, they might not say they want phone, they could just say call. When you hear the word call in a social engineering attack, the Word call using the social engineering attack means your vision. Next we look at something called warring. If your target in the social engineering attack is a V.I.P or executives C.E.Os, we call it a warring attack. In the warring attack your target is C.E.Os, V.I.P.'s executives. Bear in mind if it's an official attack but the target is a V.I.P. It's also called a warring attack. You could be making a call and the target is a V.I.P. it's still a warring attack as long as the target is a V.I.P., executive, it's a warring attack. We could also look at something called spear fishing. This is another social engineering attack in which one person or a group of people that have something in common are selectively attacked. Say one malicious person were to attack, single mothers with the aim of railing them online to give their Social Security numbers, bank account numbers that will be regarded as the Spearfish in attack. We also have something called dumpster diving. Individuals will go into your dumpster looking for any information that will give them knowledge, knowledge about your organization, knowledge about who is servicing your company, knowledge about the facility maybe how to access the facility blueprint, maps, plans, directories, drives, storage drives, dumpster diving. Another type social engineering attack we have is impersonation. In this type of attack, malicious individual pretends to be someone they're not. So it could also follow on from a dumpster diving attack. I could gather so much information about you either online, social media or your dumpster and impersonate a staff of the company essentially in an impersonation attack malicious person seek to gain entry into a facility or over the phone have an IT person changing information on the system usually a password. This is it for social engineering. I hope you've had a nice time with us today. We look forward to seeing you in our next video. [/toggle_content]