Jump to content
 
 

Social Engineering online course

Manipulation of human vulnerabilities

 

Millions of companies worldwide use highly specialized technology to protect their data and information from unauthorized access. But what happens if it’s not your technology that is attacked, but the most vulnerable point of your security system: people? When attackers engage in what’s known as social engineering, they don’t need any programming or hacking skills to gain access to your sensitive data.

The best protection against social engineering is well trained employees who are familiar with the concept, and a well-thought-out security strategy. Train your workforce regularly to ensure that your company does not fall victim to an attack. Our eLearning module teaches your employees how to defend themselves against social engineering. It uses realistic case studies to simulate social engineering attacks, enabling you to understand the potential consequences for your company. Our online course enables you to raise your employees’ awareness of the issue and give them training on how to respond.

 

This is what your training could look like in the future

Online course on the prevention of social engineering

 

This course introduces you to a type of hacking that can have serious consequences: Social engineering:  Manipulating human vulnerabilities. You will study a number of examples, learning what’s behind these kinds of attacks, what the consequences can be, and of course how you can protect yourself against them. 

Course content at a glance:

  • Introduction
  • Social Engineering online course
  • Scenarios
  • Preventive Measures
  • Knowledge Check
  • Checklist at a glance

 

We will be happy to adapt the online course to your specific requirements or to supplement it with other content that is relevant for you.

 
...
 
 

Your contact

I’m delighted you’re interested and I’m looking forward to getting to know you!

Denise Schönheider | Director Content & Creative
Denise Schönheider
Director Content & Creative
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
Please fill in the mandatory field
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
*Mandatory field

We treat your data confidentially as a matter of course and do not pass them on to third parties. You can unsubscribe from the newsletter at any time and object to the processing of your data at any time in accordance with our privacy policy.
 

Social Engineering

Definition

Social engineering, also known as social hacking, is a method attackers use to try and obtain sensitive information. They do this by fraudulently obtaining passwords or other confidential data, for example.

The term social engineering originates from the field of social psychology and refers to the art of persuading people to do things they would not normally do. Since the 1980s, the term has been used in connection with threats. It describes the art of manipulating people in order to steal data or for the purpose of other criminal activities.

 

The origins of social engineering

Social engineering derives from psychological warfare. Psychologists found that people are more likely to reveal information if they consider the questioner to be trustworthy. In times of war, this principle was used to deceive and manipulate enemy troops.

In modern times, social engineering represents a significant threat. More and more companies are falling victim to attacks in which the perpetrators try to gain access to sensitive data.

 

How social engineering works

Social engineering occurs both offline and online. The best-known method from the private sector is the “grandchild trick”, in which fraudsters use emotion and trust to convince older people that a close relative urgently needs money.

But companies are also lucrative targets for criminals, presenting the opportunity to obtain large amounts of money or valuable data in a short space of time. Prevent social engineering attacks from succeeding by showing your employees how to protect themselves. One well-known example of this kind of attack is known as “CEO fraud”, in which the perpetrators attempt to impersonate top-level management in order to acquire confidential information. Attackers using what’s known as “spear-phishing” deploy two mechanisms:

 

Trust

The source of the request appears trustworthy. The name and sender address are familiar. Under certain circumstances, attackers may have further details such as the software being used or the names of regular customers. Spear phishers obtain data from social media or your website.

Obedience

Employees are often keen to please their superiors. Fear of rejection or of consequences for them personally can lead them to comply with attackers’ requests without double checking.

 

Victims often don’t realize they are being defrauded. However, there are ways to protect yourself against social engineering attacks. Providing your employees with regular training enables you to ensure they are well armed against social engineering.

 
 

Here’s an example:

Today is your colleague Alina’s last day of work today before a long-awaited vacation. Her temporary replacement Thomas has been trained up, and now it’s finally time to start. Shortly after she finishes work, Alina can’t help but share her excitement with her friends on Facebook.

At the same time, a hacker is trying to get hold of an individual’s confidential data and comes across your company because this person is listed as a customer. After a short search on the company website, he’s familiarized himself with the different teams, and finally finds Alina’s Facebook profile, which provides the perfect opportunity. The hacker uses a sophisticated approach to try and exploit what he assumes is a vulnerability. He calls, pretending to be an angry customer, and tries to put pressure on your employee. Let’s start the journey here. Thomas’ phone rings:

 

“Thomas Bauer here, how can I help you?”

“Hello, this is Frenzel from Lerner AG.
I actually wanted to talk to Alina Schneider.”

“She’s on vacation right now, I’m her stand-in.
How can I help you?”

“We’re currently having major problems with our server
and I urgently need some data
from your system. Can you set up a
new user account for me?”

“Yes of course, but I’ll
need e-mail confirmation from Ms.
Strobel, our contact point at your company.”

 

The foundation stone has been laid. The attacker now uses his knowledge about the company and its processes to put the employee under pressure and get around the security arrangements.

 

“As I said, we’re having server problems at the moment,
and Ms. Strobel isn’t in the office. Can’t I just send you
the confirmation myself?
We’re really pressed for time here!”

“I’m sorry, I can only do it
for the addresses we have on file.”

“If you don’t want to help me, I
can always talk to your supervisor, Mrs
Fischer, about you! And if you can’t
help, we’ll
use another
provider next time.”

“No, no, that’s not necessary.
Service is of course our top priority.
Please give me your details, and I
’ll set up the account for you.”

“Thank you. Why couldn’t you just do that in the first place?
If this happens again, we’ll be approaching
a different company with our next order!”

Here’s an unsettling thought: The hacker can now access the system independently and can view and modify sensitive customer data and cause a lot of damage.

 

Consequences of social engineering attacks

If a social engineering attack on your company succeeds, it can have far-reaching consequences, from the loss of customer trust to financial losses that could lead to insolvency. Anything is possible. A successful attack on a company providing critical infrastructure may have a global impact. Social hacking not only affects your company, it also impacts on your customers and partners. It loses you customers, but it can also lose you your reputation and a great deal of money.

 

And it’s easy to protect yourself

The best protection against social engineering is well trained employees who are familiar with the concept, and a well-thought-out security strategy. Train your workforce regularly to ensure that your company does not fall victim to an attack. Provide training on potential attacks, using practical examples to teach your employees how to deal with them and showing them where the dangers are. 

 

The bottom line.

Even though many people are sure that they’ll never fall into this kind of trap, it often happens more quickly than you’d expect. Pressure, stress and the desire to do your job as well as possible, to please customers or find the fastest possible solution all play a role. Social engineering targets human vulnerability and uses particularly effective methods. Vigilance and awareness of the risks help to minimize them and ensure that your employees have all the necessary information. Take advantage of regular online digital training that your employees can complete at a time that suits them. You can keep adding new examples to ensure they’re on the alert. 

 
Nadine Pedro
Nadine Pedro, chemmedia AG
Nadine Pedro
Marketing Manager
 

Cookie settings

We use several types of cookies on this website to provide you with an optimal online experience, to increase the user-friendliness of our portal and to constantly improve our communication with you. You can decide which categories you want to allow and which you do not want to allow (see "Custom settings" for more information).
Name Usage Duration
privacylayerStatus Agreement Cookie hint1 year
Name Usage Duration
_gaGoogle Analytics2 years
_gidGoogle Analytics1 day
_gatGoogle Analytics1 minute
_galiGoogle Analytics30 seconds
Google Tag Manager PixelTag management system for managing and evaluating tracking services
Name Usage Duration
vimeoVimeo
youtubeYoutube video embedding