Hi everyone, welcome back. Cyber security is an important area of focus. There is a whole lot of data that is being stored digitally, and this includes sensitive data that could potentially cause damage to someone or even a whole company.
Social engineering is a method in which someone, social engineer, gathers information over time by asking questions that seem unimportant and seem like small talk. Overtime, the social engineer will know more about a company and can use this knowledge to attempt to obtain sensitive information. Talking with the same person or group of people will also gain trust overtime.
Phishing is a technique used to obtain sensitive information by attempting to trick a user to enter their own info into a fake website. With social engineering, the social engineer can pretend to be from a company or a friend. As a social engineer, you learn how a company communicates with employees, such as structure of text, common words being used, type of communication and so on. This can be used to attempt to trick someone to entering their own data.
Types of Phishing
- Spear Phishing: The victim or target is researched more in depth to make the phishing campaign look more realistic.
- Whaling: Employees or founders within a company with high level position are targeted due to having more access and control over sensitive data.
- Smishing: Phishing campaigns that take place over SMS. Text message will appear to come from someone of trust.
- Vishing: Phishing campaigns that take place over a voice communications channel. Phone call will appear to come from someone of trust.
Large quantities of unsolicited emails being sent. Spamming can also be done through text and social media. A method used to reach as many people as possible and hope for the best. May appear to look like advertising. Important for users to understand spam and to not click on any suspicious links.
Method used to retrieve information from trash or dumpsters that could contain…