Cyber Security training from QA

5 Social Engineering scams you should know!

QA Cyber Security Trainer, James Aguilan, breaks down five Social Engineering attacks everyone should be aware of.


James Aguilan | 24 October 2018

It's essential for employees to be aware of social engineering for ensuring corporate cyber security and data protection. If end users know the main characteristics of these attacks, it's much more likely they can avoid falling for them. Here is a breakdown of 5 Social Engineering attacks you should know:

 

  1. Phishing

    The most common tactic used by today's ransomware hackers, typically delivered in the form of an email, web ad or website designed to impersonate a real system and organisation. The message within these emails often appears to be from the government or a major corporation, and they are often crafted to deliver a sense of urgency and importance.

  2. Baiting

    Like phishing, baiting involves offering something enticing to an end user in exchange for private data. The bait comes in many forms, both digital, such as a movie downloaded from a torrent site, or physical, such as a branded drive labelled "CELEBRITY HACKS" that is left out on a desk for an end user to find. Once the bait is taken, malicious software is delivered directly into the victim's computer.

  3. Quid Pro Quo

    Quid pro quo involves a request for the exchange of private data for a service or favour. For example, an employee might receive a phone call from the hacker posing as a technology expert offering free IT assistance in exchange for login credentials. Like baiting, this could be something physical, such as giving someone a gift in exchange for a service. The exchange needs to be of the same value.

  4. Pretexting

    This is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker, professional colleague, or a figure of authority within the company in order to gain access to private data. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data in order to comply with a corporate audit (that isn't real).

  5. Tailgating

    An unauthorised person physically follows an employee into a restricted corporate area or system. The most common example of this is when a hacker calls out to an employee to hold a door open for them as they've forgotten their RFID card. Another example of tailgating is when a hacker asks an employee to "borrow" a private laptop for a few minutes, during which the criminal is able to quickly steal data or install malicious software.

 

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

 

James Aguilan

James Aguilan

Cyber Security Specialist

James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.