3_6_1_1 Social engineering

You should be able to:

Define the term social engineering.
Describe what social engineering is and how it can be protected against.
Explain the following forms of social engineering:

•• blagging (pretexting)

•• phishing

•• pharming

•• shouldering (or shoulder surfing)

REVISE:

What is social engineering?

The humans that use a network are often the biggest threats to the security of that network. A social engineering hacker will try to gain access to a network by social means. For example, ringing and asking for a bank pin number whilst pretending to be from the bank.

Below is a simple, quick example from a well-known TV advert.

This Defcon 21 video is quite long but it is a really good demonstration to show how easy it is for social engineering to take place.

Blagging

Impersonating another person in order to try and get confidential information.

Phishing

This is when a mass email or spam is sent to lots of people in an attempt to trick them into logging on to a spoof account. Anyone who enters their personal details will then be logged and their data could be used to access their real accounts.

Pharming

All web addresses have an IP address. Pharming is when the web address is moved to a different IP address that contains a fake version of the website. This is then used to gain access to personal details.

Shouldering

This is simply looking over someones shoulder to watch them type in their PIN at a bank or their password when logging on.

TEST:

Download and print the test paper here: https://drive.google.com/open?id=0B5fLtQ0Xgr2PcHVhR2hTOElTTGc
Try the mock test yourself.
Use the 3.6.1.1 Walking Talking Mock below to guide you through answering the questions.

SOURCE RECOGNITION - PLEASE NOTE: The examination examples used in these walking talking mocks are samples from AQA from their non-confidential section of the public site. They also contain questions designed by TeachIT for AQA as part of the publicly available lesson materials.