Remote Social Engineering
SOCIAL ENGNEERING
- Tricking or coercing people into violating security policy
- Depends on willingness to be helpful
- Human weaknesses can be leveraged
- May rely on technical aspects
- Bypasses access controls and most detection controls
PHISHING
- Phishing - people are contacted by a seemingly legitimate imposter in an attempt to extract sensitive information
- Spear phishing
- SMS phishing
- Voice phishing
- Whaling
QUICK REVIEW
- Social engineering is all about getting an authorized user to do your dirty work
- Relies on most peoples' willingness to be helpful
- Successful social engineering can bypass nearly all technical controls
- Phishing is attempting to get a valid user to click on a link to your exploit