Research and identify social engineering attacks
Background / Scenario
Social engineering is an attack with the goal of getting a victim to enter personal or sensitive information, this type of attack can be performed by an attacker utilizing a keylogger, phishing email, or an in-person method. This lab requires the research of social engineering and the identification of ways to recognize and prevent it.
- PC or mobile device with Internet access
Step 1: Read the following article.
Navigate to the following website and read it thoroughly to answer the following questions in step 2.
Step 2: Answer the following questions.
a. What are the three methods used in social engineering to gain access to information?
Answers should include electronic access, physical access, and social media.
b. What are three examples of social engineering attacks from the first two methods in step 2a?
Answers will vary but may include spear phishing via email, baiting with desired content, or tailgating.
c. Why is social networking a social engineering threat?
Answers should include that social networking usually encourages people to share personal information along with interests and habits. (Full name, date of birth (DOB) home town, etc…).
d. How can an organization defend itself from social engineering attacks?
Answers should include the creation and utilization of security awareness training.
e. What is the SANS Institute, which authored this article?
Answers will vary based on the website https://www.sans.org and the content displayed. Answer should include that they are a provider of information security training and certification.