![Lab Cisco [PDF]](https://pdfs.asia/img/200x200/lab-cisco.jpg)
32 0 138 KB
Lab - Social Engineering (Instructor Version) Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.
 
 Objectives Research and identify social engineering attacks
 
 Background / Scenario Social engineering is an attack with the goal of getting a victim to enter personal or sensitive information, this type of attack can be performed by an attacker utilizing a keylogger, phishing email, or an in-person method. This lab requires the research of social engineering and the identification of ways to recognize and prevent it.
 
 Required Resources 
 
 PC or mobile device with Internet access
 
 Step 1: Read the following article. Navigate to the following website and read it thoroughly to answer the following questions in step 2. https://www.sans.org/reading-room/whitepapers/critical/methods-understanding-reducing-social-engineeringattacks-36972
 
 Step 2: Answer the following questions. a. What are the three methods used in social engineering to gain access to information? Electronic access. Physical Access, Social media or Phishing, Spear Phishing, Baiting
 
 b. What are three examples of social engineering attacks from the first two methods in step 2a? Phishing, as shown in the article, A recent scam sent phishing emails to users after they installed cracked APK files from Google Play Books that were pre-loaded with malware. Phishing, Another example would be someone posing as someone you know to try and learn something useful about you such as your Mother’s maiden name to help with a security question. Spear Phishing, an example would be someone trying to target someone by posing as someone with a high clearance such as a CTO requesting a wire transfer.
 
 c.
 
 Why is social networking a social engineering threat? Social networking is a social engineering threat because everyone posts things about them at could be used by someone to hack an account or access information about you. Anything from your location to your dog name could help a hacker access stuff.
 
 d. How can an organization defend itself from social engineering attacks? The biggest flaw in a company is usually the people who work for it. The best way to defend yourself is to be knowledgeable and know when someone is trying to social engineer you. A way to do this would be to teach your employees the signs and what to do if someone is.
 
  Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 
 Page 1 of 2
 
 www.netacad.com
 
 Lab - Social Engineering
 
 e. What is the SANS Institute, which authored this article? SANS institute is a private company that specializes in information security such as cyber security etc. They sell things like certificates.
 
  Cisco and/or its affiliates. All rights reserved. Cisco Confidential
 
 Page 2 of 2
 
 www.netacad.com