Managing the risk of social engineering
Introduzione alla sicurezza dei dati
Angeline Corvaglia
Founder & Digital Transformation Specialist
Manipulation by exploiting human tendencies
Social engineering techniques
Phishing
Baiting
- Involves the use of enticements
- Gifts or promotions to click on malicious links or open attachments
Diversion Theft
- Tricks into sharing information with the wrong person
- Accomplished by impersonating someone
Scareware
- Scare users into doings something unnecessary
- Messages claiming your computer is infected and offering solutions
Pretexting
- Creating false scenarios to gain trust
- Use basis of trust to manipulate people into revealing sensitive information
Piggybacking
- Physical social engineering technique
- Following someone closely to gain unauthorized access
Defend yourself with awareness
The risk of doing things without thinking
In the digital world, thinking before acting is crucial
Phishing at Equifax
- Phishing email to employees that appeared to be from a legitimate source
- Link to fake website
- Enter credentials
- Used to access the system and steal data
