This paper goes over the process of social engineering. Social engineers are essentially actors that try to exfiltrate data or gain entry to a building by deceiving people. There are 4 phases in a social engineering attack, Information gathering, developing relationships, execution, and exploitation. Once the proper intel is gathered on a target, the attacker can assume a myriad of roles to achieve his/her goal. The attacker can pretend to be an important user such as a senior manager or a helpless user that requires assistance to gain access to the organizations systems. The most popular attack seems to be embedding an email with malicious code that can trigger a virus or a remote shell to the victims computer.
Questions for the class:
What are some preventative measures used in combating Social Engineering?
Hi Anthony, a great way to combat social engineering is by offering new employee training on the concepts and how to spot out an attack. Also performing yearly reviews and even trying to simulate an attack internally to see how alert employees are will be extremely helpful in combatting social engineering.