Study Guide

Social Engineering
Created By: Andreea Alexandra Bancu, Teaching Assistant

Module 1: ​Introduction
Lesson 1.1​: Introduction
Skills Learned From This Lesson: Introduction to course, Social Engineering
● Prerequisites: IT/Security background concepts
● Presentation of the course structure
● About the instructor

Lesson 1.2​: Introduction to Social Engineering Part 1

Skills Learned From This Lesson: Social Engineering Components, Social Engineering Types,
Social Engineering
● Components of Social Engineering - are not used individually, more in combination
○ Elicitation
■ The attacker opens more questions, trying to get more information about
the victim.
■ I.e. An attacker can be from the position of a sales person, who is asking
opened questions, instead of closed questions.
○ Interrogation
■ The attacker is asking questions using the body language.
■ Especially in person meetings, but also remotely.
■ I.e. types of gestures as clues to determine if the interlocutor is lying to us
could be: moving or rubbing hands, stop in their feet, eyebrow twitch,
blinking a lot, sweating, facial expressions (frown, smile, specific look).
○ Pretexting
■ The attacker is providing false information to get information.
■ I.e. Phrase used “​We need this because …​”
● Types of Social Engineering

Brought to you by: Develop your team with the ​fastest growing catalog​ in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
​1
 ○ Phishing — getting someone to take the actions you want them to take (via email
- most common, via sms or smishing, via phone or vishing).
○ Spear phishing — a targeted attack, compared with a general phishing.
○ Whaling — a highly-targeted attack designed to strike at an organization's
high-value individual such as a senior executive, a high-level official in private
business, or anyone with privileged access to government (or top secret)
information.
○ Pharming — intended to redirect a website's traffic to a fake site; conducted
either by changing the host's file on a victim's computer or by the exploitation of a
vulnerability in DNS server software (DNS cache poisoning attack).
○ Hoaxing — under the form of false virus alerts, chain letters, or attempts to
spread incorrect information about some issues.
○ Shoulder Surfing — information gathering by looking over the targets' shoulder to
view a plethora of information.
○ Baiting — similar to phishing attacks, including the promise of an item or good
that malicious actors use to entice victims.
○ Tailgating — or piggybacking, involves an attacker seeking entry to a restricted
area that lacks the proper authentication (e.g. the attacker can simply walk in
behind a person who is authorized to access the area).
● Quiz
○ Q: Susan is the CFO of Action, Inc. She receives an email from the CEO stating
that an urgent wire transfer is needed to pay an invoice. What is this an example
of?
○ A: Baiting / Pharming / ​Whaling

Lesson 1.3​: Introduction to Social Engineering Part 2

Skills Learned From This Lesson: Behavior and Technical Controls, Social Engineering
● Behavior Controls (“​If you didn’t request it, don’t click on it.”​ )
○ Validate links
○ Validate sender
○ Go to the website
○ Scan links
○ Minimize exposure
● Technical Controls

Brought to you by: Develop your team with the ​fastest growing catalog​ in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2​
 ○ Sandbox
○ Endpoint Protection
○ Application/Execution controls
○ Whitelisting
○ Compartmentalization

Module 2: ​Social Engineering Labs

Lesson 2.1​: Phishing Lab Overview (Cybrscore)
Skills Learned From This Lesson: Phishing, Social Engineering
● Complete the lab entitled “​Phishing​” (45 min).
○ https://app.cybrary.it/browse/cybrscore/phishing

Lesson 2.2​: EC-Council Certified Ethical Hacker v10 Social Engineering Lab Overview
(Practice Labs)
Skills Learned From This Lesson: Ethical Hacker, Social Engineering
● Complete the lab entitled “​EC-Council Certified Ethical Hacker v10 Social
Engineering​” (45 min).
○ https://www.cybrary.it/catalog/practice-labs-module/social-engineering

Lesson 2.3​: Social Engineering Skill Assessment

Skills Learned From This Lesson: Social Engineering
● Complete the “​Social Engineering​” Skill Assessment (30 min).
○ https://app.cybrary.it/browse/skill-assessment/social-engineering

Module 3: ​Conclusion
Lesson 3.1​: Conclusion
Skills Learned From This Lesson: Social Engineering, Self-development
● Suggested courses
○ Penetration Testing and Ethical Hacking
○ Phishing
○ USB Drop Attack
○ Advanced Penetration Testing

Brought to you by: Develop your team with the ​fastest growing catalog​ in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3​
 ○ Offensive Penetration Testing

Thank you for your interest in using this Study Guide!

Brought to you by: Develop your team with the ​fastest growing catalog​ in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
4​