- A comprehensive introduction to the psychological basis of social engineering
- Concrete examples of social engineering attacks
- Practical tips for detecting manipulation
- Clearer connections between IT security and human behavior
- Effective strategies to create more security awareness
- Simple instructions for secure communications More info
We support implementation
- Which of our courses fits your requirements in terms of content?
- Which licensing model fits your learning needs?
- We accompany the integration of the courses into your Learning Management System (LMS)
- No own LMS? The Security Island Online Academy offers an alternative
- Support in the implementation and internal marketing of the courses
- Bereitstellung eines Ansprechpartners - auch über die Einführungsphase hinaus
- Content and design adjustments
Social engineering can cause considerable damage to companies
What is social engineering? Basically, the term describes the collection of data and confidential information. Social engineers try to gain insights into your life by any means possible. Step by step and with great patience, they put the pieces of the puzzle they find together so that a comprehensive picture emerges in the end. However, the weak point that criminals use in social engineering to gain access to your sensitive data is not technology - but people.
So much for a look at the social engineering definition. Let's switch from theory to practice. The following example will show you how incredibly easy it is to use social engineering to obtain personal data.
Social engineering: social networks as a source of data
Think about social networks. Are your profiles publicly visible? Yes? Then let's see what we find there. We see your first and last name and your date of birth. Four weeks ago you went on a motorcycle tour through the Eifel, your grandmother Josephine celebrated her 95th birthday last week, and on Wednesday you ate lasagna at "Luigi's Trattoria. A photo shows you in front of your beautiful home, the house number and a street sign are clearly visible. Oops - and at this moment a new post appears: The attached picture shows you and your family snorkeling with dolphins in Hurghada. So you are not at home right now. Oha! When your vacation is over, your house is empty.
This example shows how social engineering works. There are criminals who specialize in mining social media profiles for sensitive information. Now, if these criminals see that you are currently enjoying yourself on the Red Sea, they will sell this information to a burglary gang in no time. For you personally, this is a big nuisance. The damage is high, but comparatively manageable. Just imagine what would happen if your company fell victim to a social engineering attack.
Make employees aware of social engineering
CEO fraud can cause considerable damage to a company. In the U.S. alone, criminals used this scam to cause $2.3 billion in total damage from 2016 to 2018. CEO fraud is particularly dangerous for companies because they can hardly protect themselves against it. The experts in the IT department are powerless - because every single employee can literally open the door for the fraudsters. In this form of social hacking, too, people are the point of attack that criminals use to enrich themselves. It is therefore all the more important that all employees of a company are sensitized to social engineering, for example by taking part in an online course from Security Island on this important topic.
Popular social engineering scam: CEO fraud
In CEO Fraud, social engineers spy on a company. They gain a comprehensive overview of internal processes and personnel responsibilities - down to the last detail. Then one of the fraudsters contacts an employee who has access to company-owned bank accounts, by phone or email. During this contact, the fraudster claims to be the company's CEO - and that he very urgently needs a large sum of money to discreetly conduct an important business transaction. Of course, the scammer has previously explored that the real boss is not present in the company at the time of his contact. Any queries from the employee would therefore come to nothing. And to make his inquiry seem credible, the alleged boss or one of his accomplices sends deceptively real-looking documents, "sales contracts" or the like, to the employee's mail addresses. There are companies that have already transferred 40 million euros to fraudsters in the course of the CEO fraud scam.
Social engineers use many different methods
CEO fraud is only one method used by social engineers. They have numerous other aces up their sleeves. Sometimes it's about supposedly necessary computer updates, sometimes they pretend to be friends or acquaintances in social networks with fake profiles, sometimes they target the senile grandparents of their victims, or they find a way into the lives of the people whose trust they have gained via online partner exchanges.
The social engineering approach has parallels to a phishing attack. In this case, Internet users receive a fake e-mail, for example. These phishing e-mails look harmless, but they are quite tricky: they usually contain a link to a fake website. Under a pretext, the recipient of the phishing e-mails is asked to enter confidential information on the website, such as access or payment data. If the phishing attack is successful, the criminals can then access online banking or store in web stores unnoticed.
Social engineering: people as a risk factor
No one is safe from a social engineering attack. The fraudsters are absolute professionals. They know how to gain the trust of their victims. They have detailed insider knowledge and rely on perfect timing when making contact. Ignorance, urgency and impatience are their most important allies. This way, they can be sure that the alarm bells will not ring in the victims until they have already fallen into the trap. The devastating thing about social engineering is that it only takes one careless colleague for the cyber attacker to gain access to the company's IT systems.
Deepening knowledge about social engineering with e-learning
In summary, we can say: it is very important to know how social engineering works, how it is planned and executed, and what the perpetrators' intentions are. Participants acquire this knowledge in this e-learning course from Security Island. Numerous practical examples are used to sensitize them to the topic of social engineering. Finally, they can test their new knowledge using a questionnaire.
Our courses are delivered in SCORM 1.2 format. You can thus integrate the e-learning into your existing Learning Management System (LMS) or make it available to all desired employees via our in-house Online Academy.
This depends on various factors:
- Number of employees to be trained
- Licensing period
- Degree of course customization desired (optional)
- Licensing of other e-learning courses from Security Island
We will be happy to support you in finding your suitable licensing model!
Every Security Island e-learning course can be adapted to your corporate design and your company processes. Due to our flexible production method, individualizations can also be realized at short notice.
The costs for the individualization depend on the effort of the adaptations. This can be determined in a free initial consultation.
All our e-learning courses are written by experienced specialist authors who are an integral part of Security Island's courses. For content-related queries and adaptations, they are available to our customers with advice and support.