--- tags: course --- # Intro Cybersecurity # Security Awarness ## Social Engineering Red Flags manipulating, influencing or decieve ### Spot Red Flags I. Why hackers do what they do 1. money 2. creating tension 3. corporate espionate 4. personal entertainment 75B devices connected online How to stop them II. different types of social eng 1. Phishing Pretexting - gather info on social media Quid Pro Quo - getting something in exchange for something Goal: trick you to give away sensitive information Spear fishing - get you to react - verify sus msg 2. Emails 3. Untrustworthy characters within your organization 22% insider breachers (medical, finance, public admin) Thread Landscape: stay alert and skeptical Types of attacks ID specific actions to reduce risk Goal of social eng: 1. gain your trust and then exploit you 2. to get info they want Smishing - phishing from texts Disinformation - decieve and receieve Cellphone towers, after a disinformation MalWare: data breaches, org's network is broken into info is sold to other bad actors for a profit randsomeware - scrambles data in your computer and then the ransome is paid Spyware: - infect devices - gather info about you Malicious Apps - update to your fave apps - download app - hackers hide program III. Spotting red flags in email - payroll, holiday, policy changes ``` Checklist: 1. Subject line: click-bate vibes 2. To, From, Reply-to: are they verified 3. Date: unusual time 4. Links: asking to download a link or receieve punishment. However mouse over CTA button to expose actual link 5. Content of email: does it provoke an emotion ``` Mining personal information in online social Employees falling to attacks: 1. fired 2. fined actions to take for protection Business risk: - global cost of cybercrims is $11.4M / min - cyberattacks seen an 80% increase 2020-2022 - orgs fall victim to cybercrime every 11 sec ### Attack Examples http - directions on how info is transfered across the internet http(s) - s is secure connection Public Wifi/Coffeeshops - unsecure wifi connections - never connect to public wifi or create a VPN Tailgating - pretending to be an employee and coming in to access computer Flash Drive Attacks Vishing - voice phising to social eng someone. Hacker has you call a fake support number Questions: what VPN option do we have