This is a relatively new term for me (I'd never heard of it before!) but it is one that I was aware of, just didn't know that there was a term for it. Social engineering is essentially hacking with someone's permission; they just don't know that they have given it, or necessarily want to give it. These attackers use a person's desire to be helpful against them. A victim of social engineering would be someone that replies to a suspicious email or gives information over the phone, or in person, that would leave them vulnerable to a cyber attack. I found three resources to give more information about this topic:
1. The 7 Best Social Engineering Attacks Ever
http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411?image_number=4
This article contains information about famous Social Engineering attacks beginning with the Trojan Horse and ending with the 2013 Target attack of credit card numbers. Each attack is detailed with how the attackers got their information and the lessons learned.
2. 5 Social Engineering Attacks to Watch Out For
http://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/
This article explains the five most common types of attack that social engineers will use and they include: phishing, pretexting, baiting, quid pro quo and tailgating. It also gives specific examples of each type and what to watch for on your own computer.
3. Social Engineering: Don't Trust Fancy Ties & Polished Lies
https://www.youtube.com/watch?v=1byRtf2r-B8
This video explains social engineering and gives an example that relates to a business situation, but could easily be applied to any situation that a data breach could be detrimental. There is a lot of sensitive information in our schools that could be accidentally given away in a scenario similar to this one.
No comments:
Post a Comment