1
00:00:02,630 --> 00:00:08,810
‫Social engineering attacks by phone is also called a phishing with the word is a combination of voice

2
00:00:08,810 --> 00:00:09,680
‫and phishing.

3
00:00:10,460 --> 00:00:12,650
‫Viking attacks are highly effective.

4
00:00:12,650 --> 00:00:18,350
‫If you've done your homework and have all the relevant information and you already know where you get

5
00:00:18,350 --> 00:00:20,300
‫the information in the first place.

6
00:00:20,720 --> 00:00:24,710
‫This is where the information gathering phase comes into play.

7
00:00:25,550 --> 00:00:28,370
‫You need to have a realistic scenario first.

8
00:00:28,730 --> 00:00:32,090
‫Before you call the victim, you have to be very well prepared.

9
00:00:32,840 --> 00:00:33,650
‫Who are you?

10
00:00:33,890 --> 00:00:35,390
‫Where are you calling from?

11
00:00:35,690 --> 00:00:37,130
‫What's your expertise?

12
00:00:37,370 --> 00:00:38,510
‫What's the subject?

13
00:00:38,780 --> 00:00:40,700
‫What do you want from the victim?

14
00:00:41,120 --> 00:00:44,660
‫The more you prepare, the more the victim will trust you.

15
00:00:45,590 --> 00:00:47,660
‫There are some tricks to being more realistic.

16
00:00:47,840 --> 00:00:53,660
‫For example, if you're in the role of a call centre staff, it's better to have a background voice

17
00:00:53,660 --> 00:00:57,620
‫as if some of the staff are talking with other customers or clients.

18
00:00:58,550 --> 00:01:01,910
‫It's a very effective way to frighten the victim.

19
00:01:02,630 --> 00:01:05,690
‫Your computer is blocking a million dollar transaction to the company.

20
00:01:05,840 --> 00:01:07,490
‫We have to fix it immediately.

21
00:01:08,360 --> 00:01:11,380
‫Have you recently visited websites that you should not have visited?

22
00:01:13,540 --> 00:01:18,910
‫Here, then, is the real world social engineering test that we performed in one of our pen tests.

23
00:01:19,450 --> 00:01:25,720
‫According to the scenario, we are an I.T. department staff and want to make sure if all the employees

24
00:01:25,990 --> 00:01:31,780
‫got the critical security update of the corporate email service, the critical points of the attack

25
00:01:31,780 --> 00:01:39,520
‫are as follows First, introduce yourself as one of the personnel from the IT department, now an information

26
00:01:39,520 --> 00:01:40,900
‫gathering and reconnaissance phase.

27
00:01:41,080 --> 00:01:48,090
‫If you found the real names working in the IT department, use one of these names, but prepare yourself.

28
00:01:48,340 --> 00:01:51,610
‫The victim may know the person whose name you're using.

29
00:01:52,510 --> 00:01:55,870
‫If you don't know anyone in the IT department, choose a common name.

30
00:01:56,350 --> 00:01:59,080
‫What's the most common name in that country?

31
00:02:00,160 --> 00:02:04,960
‫Second, make the victim nervous about his or her mistake.

32
00:02:05,850 --> 00:02:08,890
‫Well, it's critical and security are important.

33
00:02:10,210 --> 00:02:17,770
‫You should have got the update up to now, but you haven't third gain the trust of the victim.

34
00:02:19,000 --> 00:02:21,400
‫Don't share any information with me or anyone else.

35
00:02:21,460 --> 00:02:22,690
‫Security is important.

36
00:02:24,300 --> 00:02:30,210
‫Give the IP address of your malicious website because you share the URL on the phone.

37
00:02:30,630 --> 00:02:34,710
‫Don't try to find a URL similar to the company's web mail service.

38
00:02:35,250 --> 00:02:41,630
‫IP is good, but it's not understandable since the victim manages the steps him or herself.

39
00:02:41,880 --> 00:02:44,640
‫He or she has no doubt that the operation is secure.

40
00:02:46,060 --> 00:02:52,960
‫The victim visits our Web site, which looks like the Web mail service of the company that downloads

41
00:02:52,960 --> 00:02:55,390
‫our backdoor as the security patch.

42
00:02:56,580 --> 00:02:58,770
‫The success rate of this test was.

43
00:03:00,520 --> 00:03:01,900
‫90 percent.

44
00:03:04,690 --> 00:03:06,070
‫In this course, you learned.

45
00:03:07,160 --> 00:03:12,890
‫The terminologies and definitions of social engineering, basic social engineering techniques.

46
00:03:13,920 --> 00:03:17,610
‫Social engineering types and the steps of the social engineering tests.

47
00:03:18,820 --> 00:03:20,680
‫How to bypass security measures.

48
00:03:22,070 --> 00:03:23,390
‫How to create malware.

49
00:03:25,730 --> 00:03:32,540
‫How to create custom payloads to use inside the malware, how to embed the malicious code into the documents.

50
00:03:33,730 --> 00:03:35,380
‫The social engineering toolkit.

51
00:03:36,370 --> 00:03:39,700
‫And social engineering via phone, also known as phishing.