Lab - Social Engineering

Objectives
Research and identify social engineering attacks

Background / Scenario
Social engineering is an attack with the goal of getting a victim to enter personal or sensitive information, this
type of attack can be performed by an attacker utilizing a keylogger, phishing email, or an in-person method.
This lab requires the research of social engineering and the identification of ways to recognize and prevent it.

Required Resources
● PC or mobile device with internet access

Instructions
Using a web browser find the article “Methods for Understanding and Reducing Social Engineering Attacks”
on the SANS Institute website. A search engine should easily find the article.
The SANS Institute is a cooperative research and education organization that offers information security
training and security certification. The SANS Reading Room has many articles that are relevant to the
practice of cybersecurity analysis. You can join the SANS community by creating a free user account in order
to access to the latest articles, or you can access the older articles without a user account.
Read the article or choose another article on social engineering, read it, and answer the following questions:
Questions:

a. What are the three methods used in social engineering to gain access to information?
Baiting, Pretexting, and Scareware

b. What are three examples of social engineering attacks from the first two methods in step 2a?
As its name implies, baiting attacks use a false promise to pique a victim's greed or curiosity.
Scareware involves victims being bombarded with false alarms and fictitious threats
Pretexting is a method of inventing a scenario to convince victims to divulge information they should not divulge.

c. Why is social networking a social engineering threat?

Social networking sites have made social engineering attacks easier to conduct. Today's attackers can go
to sites like LinkedIn and find all of the users that work at a company and gather plenty of detailed
information that can be used to further an attack.
d. How can an organization defend itself from social engineering attacks?
Educate yourself and all employees on the types of attack out there. Never give up sensitive information. Ensure
employees don't repeat passwords. Keep all devices and endpoints secure. Ensure employees do not disclose
business-related information online.

© 2017 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 2 www.netacad.com
Lab - Social Engineering

e. What is the SANS Institute, which authored this article?

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security,
cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses,
penetration testing, incident response, digital forensics, and auditing. written by Michael Alexander

End of document

© 2017 - 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 2 www.netacad.com