Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Objective
In this lab, you will research examples of social engineering and identify ways to recognize and prevent it.
Resources
Computer with Internet Access
© 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 2
Lab Title Only Here - No Numbering
I asked who she banked with and then told her that I worked for that bank. What a stroke of luck! I
reassured her that everything would be fine, but she would need to cancel her credit card right away. I
called the “help-desk” number, which was actually Alex, and handed my phone to her.
Alex was in a van in the parking garage. On the dashboard, a CD player was playing office noises. He
assured the mark that her card could easily be canceled but, to verify her identity, she needed to enter
her PIN on the keypad of the phone she was using. My phone and my keypad.
When we had her PIN, I left. If we were real thieves, we would have had access to her account via ATM
withdrawals and PIN purchases. Fortunately for her, it was just a TV show."
"Hacking VS Social Engineering -by Christopher Hadnagy http://www.hackersgarage.com/hacking-vs-
social-engineering.html
Remember: “Those who build walls think differently than those who seek to go over, under, around, or
through them." Paul Wilson - The Real Hustle
Research ways to recognize social engineering. Describe three examples found in your research.
- If tech Support Calls you, it might be a social Engineering Attack
- Don’t Fall for “Act NOW!” False Urgency Request
- Beware of fear Tactics such as “Help Me or The Boss is going to be mad”
Use the Internet to research procedures that other organizations use to prevent social engineers from gaining
access to confidential information. List your findings.
Security sponsor A Senior Manager probably board level, who can provide the necessary authority to ensure
that all staff take the business of security seriously. Security manager, a management –level employee who
has responsibility for orchestrating the development and upkeep of a security policy. IT security officer A
technical staff member who has responsibility for developing the IT infrastructure and operational security
policies and procedures. Facilities security officer , a member of the facilities team who is responsible for
developing site and operational security policies and procedures. Security awareness officer. A management
–level member of staff – often from within the human resources or personnel development department- who is
responsible for the development and execution of security awareness campaigns.
© 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 2