Lab - Social Engineering (Instructor Version)

Instructor Note: Red font color or gray highlights indicate text that appears in the instructor copy only.

Objectives
Research and identify social engineering attacks

Background / Scenario
Social engineering is an attack with the goal of getting a victim to enter personal or sensitive information, this
type of attack can be performed by an attacker utilizing a keylogger, phishing email, or an in-person method.
This lab requires the research of social engineering and the identification of ways to recognize and prevent it.

Required Resources
 PC or mobile device with Internet access

Step 1: Read the following article.

Navigate to the following website and read it thoroughly to answer the following questions in step 2.
https://www.sans.org/reading-room/whitepapers/critical/methods-understanding-reducing-social-engineering-
attacks-36972

Step 2: Answer the following questions.

a. What are the three methods used in social engineering to gain access to information?
Electronic access. Physical Access, Social media or Phishing, Spear Phishing, Baiting

b. What are three examples of social engineering attacks from the first two methods in step 2a?
Phishing, as shown in the article, A recent scam sent phishing emails to users after they installed cracked
APK files from Google Play Books that were pre-loaded with malware.
Phishing, Another example would be someone posing as someone you know to try and learn something
useful about you such as your Mother’s maiden name to help with a security question.
Spear Phishing, an example would be someone trying to target someone by posing as someone with a
high clearance such as a CTO requesting a wire transfer.

c. Why is social networking a social engineering threat?

Social networking is a social engineering threat because everyone posts things about them at could be
used by someone to hack an account or access information about you. Anything from your location to
your dog name could help a hacker access stuff.

d. How can an organization defend itself from social engineering attacks?

The biggest flaw in a company is usually the people who work for it. The best way to defend yourself is to
be knowledgeable and know when someone is trying to social engineer you. A way to do this would be to
teach your employees the signs and what to do if someone is.

 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 1 of 2 www.netacad.com
Lab - Social Engineering

e. What is the SANS Institute, which authored this article?

SANS institute is a private company that specializes in information security such as cyber security etc.
They sell things like certificates.

 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 2 of 2 www.netacad.com