Identify the Attack
A text message informs you that a password change has been initiated and asks you to confirm this was you by replying with your credentials.
An email says your account will be locked within 30 minutes unless you respond immediately.
Urgency / Fear
An attacker tricks an employee into giving up their password and can login to their account.
Multi-factor authentication (MFA)
A targeted phishing attack against a user or group?
Spearphishing
The network of all interconnected devices capable of collecting, transmitting, or acting on data.
The Internet of Things (IoT)
A caller presents a believable backstory involving a routine business process and requests one small piece of information to “close the loop.”
Pretexting
A message claims to be from the CFO and asks for quick confirmation before a payment is sent.
Authority
An attacker sends multiple phishing emails using fear, urgency, and authority, taking advantage of users inability to recognize the phishing emails.
Security awareness training
Manipulating people into performing actions or revealing information.
Social Engineering
A self replicating malware that spreads across networks on its own.
Worms
Someone in business casual follows employees into a badge-protected area while talking on the phone.
Tailgating
A caller says, “Everyone else has already completed this — you’re the last one left.”
Social pressure / Conformity
An attacker pretends to be a manager and requests sensitive information, and the employee is unsure what to do next.
Clear security policies and processes
An attack where an attacker pretends to be a trusted individual such as IT staff, management, or a vendor.
Impersonation
Policy that allows users to use their personal devices for work.
USB drives labeled “Q4 Bonuses” are left in the employee parking lot.
Baiting
A contractor you’ve worked with for months asks you to “just send the file like usual” since they’re locked out today.
Trust / Familiarity
Employees frequently plug unknown USB drives into their work computers.
USB device control / endpoint protection policies
A targeted phishing attack against a high level executive (c-suite).
Whaling
7 Domains of IT
User, Workstation, LAN, LAN-WAN, WAN, Remote Access, System/Application
An attacker emails first, then later shows up in person referencing the email conversation.
Hybrid social engineering attack
An email with the subject line “Updated Salary Adjustments – See Attached” is sent to multiple employees without further explanation.
Curiosity
An employee suspects a social engineering attempt but does not report it, allowing the attack to continue elsewhere.
Method of reporting
An unauthorized person enters a restricted area with the help or permission of an authorized person.
Piggybacking
5 Phases of an Attack
Reconnaissance, Gaining Access, Maintaining Access, Clearing Tracks, Exploitation