3_6_1_1 Social engineering

The humans that use a network are often the biggest threats to the security of that network. A social engineering hacker will try to gain access to a network by social means. For example, ringing and asking for a bank pin number whilst pretending to be from the bank.

Below is a simple, quick example from a well-known TV advert.

This Defcon 21 video is quite long but it is a really good demonstration to show how easy it is for social engineering to take place.

Impersonating another person in order to try and get confidential information.

This is when a mass email or spam is sent to lots of people in an attempt to trick them into logging on to a spoof account. Anyone who enters their personal details will then be logged and their data could be used to access their real accounts.

All web addresses have an IP address. Pharming is when the web address is moved to a different IP address that contains a fake version of the website. This is then used to gain access to personal details.

This is simply looking over someones shoulder to watch them type in their PIN at a bank or their password when logging on.

1. Download and print the test paper here: https://drive.google.com/open?id=0B5fLtQ0Xgr2PcHVhR2hTOElTTGc
2. Try the mock test yourself.
3. Use the 3.6.1.1 Walking Talking Mock below to guide you through answering the questions.