Scribd
Upload
42 views3 pages

Social Engineering in Information Security

Social engineering is a technique used by hackers to trick people into revealing confidential information. Hackers prey on human trust and willingness to help others. They may impersonate authoritative figures from IT support, HR, or management to get people to reveal passwords, personal details, or install malware. Some common social engineering techniques include claiming to have an emergency and needing to borrow a phone, or offering a prize in exchange for entering credentials into a fake survey. However, people can protect themselves by thinking critically about unsolicited requests, verifying identities, and not feeling pressured to help without proper verification.

Uploaded by

Yussa Asasina
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
42 views3 pages

Social Engineering in Information Security

Social engineering is a technique used by hackers to trick people into revealing confidential information. Hackers prey on human trust and willingness to help others. They may impersonate authoritative figures from IT support, HR, or management to get people to reveal passwords, personal details, or install malware. Some common social engineering techniques include claiming to have an emergency and needing to borrow a phone, or offering a prize in exchange for entering credentials into a fake survey. However, people can protect themselves by thinking critically about unsolicited requests, verifying identities, and not feeling pressured to help without proper verification.

Uploaded by

Yussa Asasina
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd

Introduction to Information Security video transcript

Speaker Key:

SP Speaker One

SP2 Speaker Two

Screensho Timecode Speake Text


t r

[Link] SP Social engineering in information security is the


active tricking a person into revealing information
that they should not. A simple example would be
username or password. Social engineers are highly
sophisticated hackers who pray upon our good
natures to try and gain access to confidential data.
They are willing to exploit your trust, generosity,
charitable nature, or willingness to listen to an
authority figure.

[Link] Attackers may impersonate an authoritative person of


trust, for example, IT support.

SP2 We are checking staff mailbox’s qualities. What is


your password.

SP Or someone from the HR department.

SP2 We are updating our records. Can you confirm your


name and address?

SP Enticement is one of their favourites.

SP2 Oh, look at this USB flash drive on the floor in the
kitchen entitled pay review. Please insert it, so I can
execute malware on your laptop.

[Link] SP This deception is all about you. Social engineers


sound so professional and genuine; they may well
refer to you by your first name or refer to other
personal information.

SP2 Yes, we do.

SP But they want something you have or can offer. How


about information in exchange for a prize in the form

1
Screensho Timecode Speake Text
t r

of a survey? Just enter your company information,


including your credentials, and you’ve won £1,000
and a dream holiday to Hawaii.

SP2 This could have not gone any better.

SP They may even follow you to the entrance of your


office or to a restricted area, asking you to hold the
door open for them, because they forgot their ID card.

SP2 You’re too polite to refuse, and you didn’t want to


offend me. Am I correct?

SP They may ask nicely to borrow your phone or laptop


for an emergency.

[Link] My phone battery’s died and I need to contact


somebody urgently. Please.

SP2 Oh, the possibilities are endless with social


engineering, and resistance is futile. Let me just
install this malware.

SP But we can defend ourselves against social


engineering by being vigilant. Think secure. Here
are some things you can do. Don’t assume an
unsolicited call or email is from a trusted source.

[Link] Never divulge your ARUP password to anyone. Do


not divulge any information that makes you feel
uncomfortable. Do not be scared to challenge
someone who’s trying to get into a restricted area
without identification. If they refuse to verify
themselves, inform reception. Do not insert
unverified USB drives into your system. When
discarding data, make sure it’s done in the appropriate
manner.

[Link] Paperwork should be shredded, CDs and DVDs


physically destroyed, and hard drives given to the IT
department for destruction. Remember, social
engineering is all about deception. Just because
people have information about you or represent
themselves as someone you can trust, always verify.

2
Screensho Timecode Speake Text
t r

The only defence is being vigilant. Don’t be tricked


and think secure.

You might also like