chapter five
5 Tricking our way in: social engineering
This chapter covers:
- Learning how to spot potential social engineering, and having the confidence and knowledge to challenge them.
- Spotting, and checking for, phishing attacks. By understanding how they work, learning how to reduce their impact, and stop them.
- Defense against complex attacks, by understanding how attackers can chain together multiple small security flaws to achieve a data breach.
- Protection against password and ID theft by utilizing different types of multi-factor authentication.
- Using Operational Security (OPSEC) principles to spot security flaws, and developing counter strategies to address them.
Social engineering is the psychological manipulation of someone, with the goal of getting them to do what we want. In this chapter we’re going to explore how attackers use various types of social engineering to plant malware and steal credentials. And we’ll also learn how to stop them.
You’ll need to have read Chapter 4 to get the most out of this chapter – social engineering builds on the common attacks we covered there. As we explore social engineering, the focus will be on our own personal behavior – how social engineering affects and exploits us – to enable us to extend this new understanding (and best practices to combat it) to our employees and colleagues.