Professional Documents
Culture Documents
Social Engineering
Created By: Andreea Alexandra Bancu, Teaching Assistant
Module 1: Introduction
Lesson 1.1: Introduction
Skills Learned From This Lesson: Introduction to course, Social Engineering
● Prerequisites: IT/Security background concepts
● Presentation of the course structure
● About the instructor
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
1
○ Phishing — getting someone to take the actions you want them to take (via email
- most common, via sms or smishing, via phone or vishing).
○ Spear phishing — a targeted attack, compared with a general phishing.
○ Whaling — a highly-targeted attack designed to strike at an organization's
high-value individual such as a senior executive, a high-level official in private
business, or anyone with privileged access to government (or top secret)
information.
○ Pharming — intended to redirect a website's traffic to a fake site; conducted
either by changing the host's file on a victim's computer or by the exploitation of a
vulnerability in DNS server software (DNS cache poisoning attack).
○ Hoaxing — under the form of false virus alerts, chain letters, or attempts to
spread incorrect information about some issues.
○ Shoulder Surfing — information gathering by looking over the targets' shoulder to
view a plethora of information.
○ Baiting — similar to phishing attacks, including the promise of an item or good
that malicious actors use to entice victims.
○ Tailgating — or piggybacking, involves an attacker seeking entry to a restricted
area that lacks the proper authentication (e.g. the attacker can simply walk in
behind a person who is authorized to access the area).
● Quiz
○ Q: Susan is the CFO of Action, Inc. She receives an email from the CEO stating
that an urgent wire transfer is needed to pay an invoice. What is this an example
of?
○ A: Baiting / Pharming / Whaling
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2
○ Sandbox
○ Endpoint Protection
○ Application/Execution controls
○ Whitelisting
○ Compartmentalization
Lesson 2.2: EC-Council Certified Ethical Hacker v10 Social Engineering Lab Overview
(Practice Labs)
Skills Learned From This Lesson: Ethical Hacker, Social Engineering
● Complete the lab entitled “EC-Council Certified Ethical Hacker v10 Social
Engineering” (45 min).
○ https://www.cybrary.it/catalog/practice-labs-module/social-engineering
Module 3: Conclusion
Lesson 3.1: Conclusion
Skills Learned From This Lesson: Social Engineering, Self-development
● Suggested courses
○ Penetration Testing and Ethical Hacking
○ Phishing
○ USB Drop Attack
○ Advanced Penetration Testing
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3
○ Offensive Penetration Testing
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
4