🔒

Understanding Social Engineering Threats

Apr 23, 2025

View transcript

Lecture on Social Engineering and Security Threats

Introduction to Phishing

  • Definition: Phishing involves social engineering with spoofing, where someone pretends to be someone else to steal personal information.
  • Indicators of Phishing Emails:
    • Discrepancies in sender email addresses (e.g., using unfamiliar domains like icloud.com instead of expected company domains).
    • Odd graphics, spelling mistakes, and grammar errors.
    • Example: A phishing email mimicking Rackspace Webmail login page; differences in graphics and URL can be detected upon closer examination.
  • Safety Measures:
    • Never click on links within suspicious emails.
    • Verify URLs and sender information.
    • Use isolated virtual machines for investigation.

Social Engineering Techniques

Shoulder Surfing

  • Definition: Observing someone’s screen to gather sensitive information.
  • Common Scenarios: Occurs in public spaces like airports, coffee shops, or restaurants.
  • Advanced Techniques: Use of malware to activate cameras remotely.
  • Preventive Measures:
    • Awareness of surroundings; position screens away from public view.
    • Use privacy filters on screens to limit visibility.

Unauthorized Building Access

Tailgating

  • Definition: Entering a building by following someone with authorized access without their knowledge.
  • Example: Walking through a door without badging in after someone else.

Piggybacking

  • Definition: Gaining entry to a building with the knowledge and assistance of someone authorized.
  • Example: Asking someone to hold the door open while carrying items.

Preventive Measures

  • Monitor for unbadged individuals inside buildings.
  • Strict badge-in policies, where each person must badge in separately.
  • Use of access control vestibules to physically limit entry to one person at a time.
  • Employee training to recognize and challenge unauthorized access attempts.

Dumpster Diving

  • Definition: Searching through trash to find sensitive information.
  • Content Found: Names, contact information, and data useful for impersonation or phishing.
  • Legal Concerns: Legal in some areas if garbage is considered abandoned; restrictions may apply on private property.
  • Preventive Measures:
    • Secure trash areas with fences or locks.
    • Use shredding services or on-site shredders for sensitive documents.
    • In extreme cases, incinerate sensitive information to prevent access.

Conclusion

  • Security Practices: Regularly review and update security policies to prevent unauthorized data access through phishing, social engineering, and physical breaches.
  • Personal Vigilance: Stay aware of potential vulnerabilities and take proactive steps to secure information.

Full transcript