Social Engineering

How to protect against attacks that target people not technology

Who is the material made for?

The target group for this course is diverse, encompassing professionals from different backgrounds, basically everyone with access to information in the company.

Here are some of the key target groups that would benefit from this course:

Employees, including managers, will understand how to detect social engineering attacks and defend against them. They will gain a comprehensive introduction to the tricks used by traditional con people, how and why these work, and which situations might be most problematic.

Additionally, they will gain insights into open–source intelligence work and how the publicly available information about them and the company can be used for malicious purposes against them.

Security professionals will learn how to create policies to mitigate risks of social engineering attacksand guide employees to secure behaviour.

Introduction

People are most commonly referred to as the weakest link in the security chain. Often attackers use this human element to gain access to actions and resources that are otherwise well protected by technical measures.

7

Using a combination of century–old tricks of the typical con people and the modern technology available today, attackers can use these tricks on an unprecedented scale. No individual or company with access to the Internet is out of their reach.

In this course, we will introduce the key principles, tools, and techniques used by attackers to conduct social engineering attacks. From century–old tricks to the newest techniques, a wide range of attacks will be covered, such as spear phishing, CEO fraud, or modern variations of the age–old grandparent scam.

Thereby, you will get an overview of the important terminology of social engineering and the tricks used by modern social engineering attackers. You will learn about the psychology behind these tricks and why they are so powerful that they can be used to penetrate even the strongest defences. The use of these tricks will be demonstrated by example in the form of phishing messages, the most common form of social engineering today.

Additionally, open–source intelligence techniques will be described and showcased to explain how the information available online about individuals or companies can be used to make social engineering attacks more effective.