Lab - Social Engineering

Objectives
Research and identify social engineering attacks

Background / Scenario
Social engineering is an attack with the goal of getting a victim to enter personal or sensitive information, this
type of attack can be performed by an attacker utilizing a keylogger, phishing email, or an in-person method.
This lab requires the research of social engineering and the identification of ways to recognize and prevent it.

Required Resources
 PC or mobile device with internet access

Instructions
Using a web browser find the article “Methods for Understanding and Reducing Social Engineering Attacks”
on the SANS Institute website. A search engine should easily find the article.
The SANS Institute is a cooperative research and education organization that offers information security
training and security certification. The SANS Reading Room has many articles that are relevant to the
practice of cybersecurity analysis. You can join the SANS community by creating a free user account in order
to access to the latest articles, or you can access the older articles without a user account.
Read the article or choose another article on social engineering, read it, and answer the following questions:
Questions:

a. What are the three methods used in social engineering to gain access to information?
1) Phishing
2) Smishing
3) Spear Phishing
your answers here.

b. What are three examples of social engineering attacks from the first two methods in step 2a?
1) A Text message pretending to be from a delivery asking the receiver to click the link to track there
package
2) A fraud email claiming to be a letter from the bank telling the customer to click the link to update their
account information
3) A targeted phishing attack customizes messages for a specific individual. Like mimicking other co
worker or managers
Type your answers here.

 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 2 www.netacad.com
Lab - Social Engineering

c. Why is social networking a social engineering threat?

1) Because the social networking platforms are prime targets for the social engineering because they
allow the attackers to gather the personal information onto there target. The information they gather it
helps them to create more convincing and personalized phishing attempts making it easier to trick
peoples
Type your answers here.

d. How can an organization defend itself from social engineering attacks?

1) By implementing a multi factor authentication, adding another extra layer of verification to prevent
unwanted access. And they should also conduct a security awareness training, because educating
employes could recognize and report suspicious activities and messages
Type your answers here.

e. What is the SANS Institute, which authored this article?

1) The Sans is a well known cooperative research and education organization that provides a training
and certification in the information security. The also offer different articles and also they conduct a
security awareness training to help others and organization as well to stay updated on the
cybersecurity threats
Type your answers here.

End of document

 2017 - 2024 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 2 www.netacad.com