Managing the risk of social engineering

Introduction to Data Security

Angeline Corvaglia

Founder & Digital Transformation Specialist

Manipulation by exploiting human tendencies

  icons representing different types of social engineering attacks

  • People are driven by emotions like fear, empathy, curiosity, and greed
  • Trust in authority figures
Introduction to Data Security

Social engineering techniques

  icons representing different types of social engineering attacks

 

  • Phishing
  • Baiting
  • Diversion Theft
  • Scareware
  • Pretexting
  • Piggybacking
Introduction to Data Security

Phishing

  icon representing Phishing

Phishing involves posing as someone else to trick people

  • Smishing
  • Vishing

Types where specific info about target is used

  • Spear Phishing
  • Whaling
  • Business Email Compromise (BEC)
Introduction to Data Security

Baiting

icon representing Baiting

  • Involves the use of enticements
  • Gifts or promotions to click on malicious links or open attachments
Introduction to Data Security

Diversion Theft

icon representing Diversion Theft

  • Tricks into sharing information with the wrong person
  • Accomplished by impersonating someone
Introduction to Data Security

Scareware

icon representing Scareware

  • Scare users into doings something unnecessary
  • Messages claiming your computer is infected and offering solutions
Introduction to Data Security

Pretexting

icon representing Pretexting

  • Creating false scenarios to gain trust
  • Use basis of trust to manipulate people into revealing sensitive information
Introduction to Data Security

Piggybacking

icon representing Piggybacking

  • Physical social engineering technique
  • Following someone closely to gain unauthorized access
Introduction to Data Security

Defend yourself with awareness

 

Continuous education is necessary!

Typical red flags:

  • Urgent or threatening language
  • Impersonal or unprofessional communication
  • Links or attachments that don't look legitimate
  • Requests for sensitive information

Introduction to Data Security

The risk of doing things without thinking

icon representing a person thinking before they act

In the digital world, thinking before acting is crucial

Introduction to Data Security

Phishing at Equifax

icon representing Equifax breach

  • Phishing email to employees that appeared to be from a legitimate source
  • Link to fake website
  • Enter credentials
  • Used to access the system and steal data
Introduction to Data Security

Let's practice!

Introduction to Data Security

Preparing Video For Download...