Social Engineering online course
Manipulation of human vulnerabilities
Millions of companies worldwide use highly specialized technology to protect their data and information from unauthorized access. But what happens if it’s not your technology that is attacked, but the most vulnerable point of your security system: people? When attackers engage in what’s known as social engineering, they don’t need any programming or hacking skills to gain access to your sensitive data.
The best protection against social engineering is well trained employees who are familiar with the concept, and a well-thought-out security strategy. Train your workforce regularly to ensure that your company does not fall victim to an attack. Our eLearning module teaches your employees how to defend themselves against social engineering. It uses realistic case studies to simulate social engineering attacks, enabling you to understand the potential consequences for your company. Our online course enables you to raise your employees’ awareness of the issue and give them training on how to respond.
This is what your training could look like in the future
Online course on the prevention of social engineering
This course introduces you to a type of hacking that can have serious consequences: Social engineering: Manipulating human vulnerabilities. You will study a number of examples, learning what’s behind these kinds of attacks, what the consequences can be, and of course how you can protect yourself against them.
Course content at a glance:
- Introduction
- Social Engineering online course
- Scenarios
- Preventive Measures
- Knowledge Check
- Checklist at a glance
We will be happy to adapt the online course to your specific requirements or to supplement it with other content that is relevant for you.
Your contact
I’m delighted you’re interested and I’m looking forward to getting to know you!
Social Engineering
Definition
Social engineering, also known as social hacking, is a method attackers use to try and obtain sensitive information. They do this by fraudulently obtaining passwords or other confidential data, for example.
The term social engineering originates from the field of social psychology and refers to the art of persuading people to do things they would not normally do. Since the 1980s, the term has been used in connection with threats. It describes the art of manipulating people in order to steal data or for the purpose of other criminal activities.
The origins of social engineering
Social engineering derives from psychological warfare. Psychologists found that people are more likely to reveal information if they consider the questioner to be trustworthy. In times of war, this principle was used to deceive and manipulate enemy troops.
In modern times, social engineering represents a significant threat. More and more companies are falling victim to attacks in which the perpetrators try to gain access to sensitive data.
How social engineering works
Social engineering occurs both offline and online. The best-known method from the private sector is the “grandchild trick”, in which fraudsters use emotion and trust to convince older people that a close relative urgently needs money.
But companies are also lucrative targets for criminals, presenting the opportunity to obtain large amounts of money or valuable data in a short space of time. Prevent social engineering attacks from succeeding by showing your employees how to protect themselves. One well-known example of this kind of attack is known as “CEO fraud”, in which the perpetrators attempt to impersonate top-level management in order to acquire confidential information. Attackers using what’s known as “spear-phishing” deploy two mechanisms:
Trust
The source of the request appears trustworthy. The name and sender address are familiar. Under certain circumstances, attackers may have further details such as the software being used or the names of regular customers. Spear phishers obtain data from social media or your website.
Obedience
Employees are often keen to please their superiors. Fear of rejection or of consequences for them personally can lead them to comply with attackers’ requests without double checking.
Victims often don’t realize they are being defrauded. However, there are ways to protect yourself against social engineering attacks. Providing your employees with regular training enables you to ensure they are well armed against social engineering.
Here’s an example:
Today is your colleague Alina’s last day of work today before a long-awaited vacation. Her temporary replacement Thomas has been trained up, and now it’s finally time to start. Shortly after she finishes work, Alina can’t help but share her excitement with her friends on Facebook.
At the same time, a hacker is trying to get hold of an individual’s confidential data and comes across your company because this person is listed as a customer. After a short search on the company website, he’s familiarized himself with the different teams, and finally finds Alina’s Facebook profile, which provides the perfect opportunity. The hacker uses a sophisticated approach to try and exploit what he assumes is a vulnerability. He calls, pretending to be an angry customer, and tries to put pressure on your employee. Let’s start the journey here. Thomas’ phone rings:
“Thomas Bauer here, how can I help you?”
“Hello, this is Frenzel from Lerner AG.
I actually wanted to talk to Alina Schneider.”
“She’s on vacation right now, I’m her stand-in.
How can I help you?”
“We’re currently having major problems with our server
and I urgently need some data
from your system. Can you set up a
new user account for me?”
“Yes of course, but I’ll
need e-mail confirmation from Ms.
Strobel, our contact point at your company.”
The foundation stone has been laid. The attacker now uses his knowledge about the company and its processes to put the employee under pressure and get around the security arrangements.
“As I said, we’re having server problems at the moment,
and Ms. Strobel isn’t in the office. Can’t I just send you
the confirmation myself?
We’re really pressed for time here!”
“I’m sorry, I can only do it
for the addresses we have on file.”
“If you don’t want to help me, I
can always talk to your supervisor, Mrs
Fischer, about you! And if you can’t
help, we’ll
use another
provider next time.”
“No, no, that’s not necessary.
Service is of course our top priority.
Please give me your details, and I
’ll set up the account for you.”
“Thank you. Why couldn’t you just do that in the first place?
If this happens again, we’ll be approaching
a different company with our next order!”
Here’s an unsettling thought: The hacker can now access the system independently and can view and modify sensitive customer data and cause a lot of damage.
Consequences of social engineering attacks
If a social engineering attack on your company succeeds, it can have far-reaching consequences, from the loss of customer trust to financial losses that could lead to insolvency. Anything is possible. A successful attack on a company providing critical infrastructure may have a global impact. Social hacking not only affects your company, it also impacts on your customers and partners. It loses you customers, but it can also lose you your reputation and a great deal of money.
And it’s easy to protect yourself
The best protection against social engineering is well trained employees who are familiar with the concept, and a well-thought-out security strategy. Train your workforce regularly to ensure that your company does not fall victim to an attack. Provide training on potential attacks, using practical examples to teach your employees how to deal with them and showing them where the dangers are.
The bottom line.
Even though many people are sure that they’ll never fall into this kind of trap, it often happens more quickly than you’d expect. Pressure, stress and the desire to do your job as well as possible, to please customers or find the fastest possible solution all play a role. Social engineering targets human vulnerability and uses particularly effective methods. Vigilance and awareness of the risks help to minimize them and ensure that your employees have all the necessary information. Take advantage of regular online digital training that your employees can complete at a time that suits them. You can keep adding new examples to ensure they’re on the alert.
