Community Platform
Interests
  • Cyber-law
  • Cyber-security
  • Data analytics
  • E-commerce
  • more...
This Year
No Points
Total
415 Points
MIS Badge

Click here
to validate the recipient

How to Prevent Social Engineering Attacks In 40 Minutes

Sponsoring Organization: NetCom Learning

Social Engineering Attacks are also known as Human Firewall Attacks. Social engineering is the art of convincing people to reveal confidential information. Human behavior is the susceptible factor to these attacks as there is no hardware or software to protect against these attacks. Attackers research the target company, select a victim, develop a relationship with them, and then exploit the relationship.

  • Human-Based Social Engineering
    • impersonation
    • vishing
      • voice changing during calls
    • eavesdropping
    • shoulder surfing
    • dumpster diving
    • piggybacking
      • authorized personnel lets unauthorized person into secure areas because they lied about losing their id or forgetting it
    • tailgating
      • enter secure area by following an authorized personnel
      • wear  fake id
    • honey trap
  •  Computer-Based Social Engineering
    • popup windows
    • instant chat messenger
    • spam mail
    • phishing
  • Mobile-Based Social Engineering
    • publishing malicious apps
    • repackaging legitimate app
    • smishing (SMS phishing)
  • Social Engineering Countermeasures
    • password policies
      • length and types
    • Physical security Policies
    • Defense Strategy
    • Train Individuals on security policies
    • Implement proper access privileges
    • Proper incident response
    • Resources available to authorized users only
    • Background verification and proper termination of employees
    • Antivirus/Anti-phishing defense
    • Multifactor authentication
    • change management
    • regular software updates

The best policy is to train individuals on security policies. Anyone can be attacked but what matters is how the attack is dealt with. Using multiple methods of verification and authentication will help with security. Double and triple-checking messages and emails to make sure that the logos and addresses are legitimate is also important. OhPhish is a web-based portal that simulates phishing on employees to see how susceptible the organization is.

Skip to toolbar