Social Engineering

What is Social Engineering?

The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

Two categories of Social Engineering attacks

Technical (Computer or technology based deception)

Deceive the user into believing they are interacting with a “real” application / system

Manipulate you into providing confidential information through:

• Pop-up Windows 
• Phishing emails 
• Malware
• Interesting software
• USB Keys

Non Technical (Human based deception)

Perpetrated purely through human deception.

Common Non-Technical Attacks

• Pretexting / Impersonation, 

     Attack rely on building a false sense of trust with the victim

     e.g. Impersonating an Auditor or IT Employee.

• Dumpster diving

     Looking for “treasure” in someone else's trash

     E.g. phone lists, bank statements, organisation policies, letterheads, old computers, etc. 

• Acting as a Technical Expert

     Pretend to be an IT Support technician from Microsoft

     Manipulate the user to enable access to their computers to “fix” problems

What can you do?

• What can you do?
• Slow down and research the facts
• Delete any request for financial information or passwords
• Reject requests for help or offers of help
• Don’t let a link control where you land
• Do not post your personal data, photos, etc. on social media 
• Do not reveal sensitive data, e.g. passwords
• Do not avoid policies and procedures
• Report any suspicious activity