Flipped Classroom Lecture 7/9 [SB]: Social engineering

Content

Strategies and examples of social engineering, when and why they work.

Reading

Anderson (2nd) Sections 2.1-2.3.6, 

Policies, management: Gollmann Chapter 2

Slides

social engineering techniques and human traits they exploit, some examples (pdf on FBF) Links to an external site.

Other resources

in class:

recording of analysis of social engineering scenarios (audio only as the recording only showed people on zoom since there were no extra slides): The first scenario is the one from the example video [2.5min] youtube Links to an external site., watch that first. The second scenario is the one in the old exam question (January 21) pdf Download old exam question (January 21) pdf Here is an automatically generated transcript Download automatically generated transcript (not corrected for any errors) and the audio recording (mp3).

I mentioned the optional conference presentation below, about why social engineering needs to be taken seriously. The authors of that paper analyzed prominent data breaches and found that human error (usability) and social engineering were the main reasons that allowed attackers to get into a system. 

anatomy of data breaches [20min] youtube Links to an external site., paper pdf Links to an external site.

other, other resources:

https://www.theregister.co.uk/2018/11/19/phishing_knowledge_dangerous/

https://www.theregister.co.uk/2018/07/25/developers_malware_vectors/

https://www.microsoft.com/en-us/research/publication/why-do-nigerian-scammers-say-they-are-from-nigeria/

http://www.irregularwebcomic.net/72.html Links to an external site.

Videos

Intro to social engineering [18.5min] on FBF Links to an external site.

Network outage example, analysis [12min] on FBF Links to an external site.