1
00:00:08,410 --> 00:00:15,040
Let us start with social engineering in this video, I am going to give you introduction with social

2
00:00:15,040 --> 00:00:20,560
engineering and also I'm going to explain you the social engineering cycle, along with some real life

3
00:00:20,560 --> 00:00:21,260
examples.

4
00:00:21,580 --> 00:00:23,020
So what is social engineering?

5
00:00:23,770 --> 00:00:30,580
Social engineering is simply the art of manipulating users of computer system into revealing vital or

6
00:00:30,580 --> 00:00:37,030
confidential information that can be used to gain unauthorized access to a computer system into a secure

7
00:00:37,030 --> 00:00:37,570
network.

8
00:00:38,230 --> 00:00:45,670
That can also include other exploration activities, such as exploiting human kindness, greed and curiosity

9
00:00:45,850 --> 00:00:52,000
to gain access to restricted buildings regarding the users to installing backdoor software into a secure

10
00:00:52,000 --> 00:00:52,450
network.

11
00:00:52,840 --> 00:00:59,890
Social engineering is one of the most dangerous and inhuman acts among humanity since its birth and

12
00:00:59,890 --> 00:01:02,050
became more dangerous in this world.

13
00:01:02,260 --> 00:01:09,310
With the speed and irresponsible use of the information technology, social engineers use a wide variety

14
00:01:09,310 --> 00:01:10,780
of tactics to perform attacks.

15
00:01:11,570 --> 00:01:17,740
The first step in most social attacks is for the attacker perform research and reconnaissance unadopted.

16
00:01:18,520 --> 00:01:24,130
If the target is an enterprise, for instance, that can gather intelligence on employees structure,

17
00:01:24,400 --> 00:01:31,320
internal operations commonly used within the industry and possible business partners, among other information.

18
00:01:32,080 --> 00:01:37,330
One common tactic of social engineers is to focus on the behaviors and patterns of employees.

19
00:01:37,840 --> 00:01:43,960
Hackers can scan the person's social media profits for information and study their behavior online and

20
00:01:43,960 --> 00:01:44,530
in person.

21
00:01:45,340 --> 00:01:51,160
From there, the hacker can design an attack based on information collected and exploit the weakness

22
00:01:51,160 --> 00:01:53,560
uncovered during the information gathering phase.

23
00:01:54,370 --> 00:02:01,120
If the attack is successful, hackers have access to sensitive data, says credit card or banking information

24
00:02:01,450 --> 00:02:06,490
have made many of the targets that have gained access to protected systems or networks.

25
00:02:07,720 --> 00:02:14,320
The best defense against attackers using social engineering scams is and will be always awareness.

26
00:02:15,450 --> 00:02:20,820
Some examples of social engineering can be like someone calling from the bank telling you that you need

27
00:02:20,820 --> 00:02:26,790
to change your bank account details because of a security reason and ask you for your personal details.

28
00:02:27,120 --> 00:02:29,430
In this scenario, the person frightens.

29
00:02:29,430 --> 00:02:35,760
You were telling you about hacking a security reason which makes you trade an Oscar and uses these emotional

30
00:02:35,760 --> 00:02:42,660
tactics to hack you, even your trash can, give more information about you, like your immunity from

31
00:02:42,660 --> 00:02:45,300
Amazon delivery box, phone, bank statements.

32
00:02:45,480 --> 00:02:52,020
You're all gadget components, which includes memory devices like printers and many other things, even

33
00:02:52,020 --> 00:02:57,410
simply filling a feedback form for some places because no one gives the feedback from notebook or leaflets

34
00:02:57,420 --> 00:03:02,520
securely, which can contain your mobile number, email or even your home address.

35
00:03:03,540 --> 00:03:10,260
The most widespread example of social engineering attack is phishing, Wikipedia, defense, phishing,

36
00:03:10,620 --> 00:03:17,880
the attempt to obtain sensitive information such as usernames, passwords and credit card details directly

37
00:03:18,000 --> 00:03:25,350
or indirectly, often used for malicious reasons or by disguising as a trustworthy entity in an electronic

38
00:03:25,350 --> 00:03:26,100
communication.

39
00:03:27,960 --> 00:03:35,220
Consider a scenario of phishing e-mail here, an employee from your organization is sending you an e-mail

40
00:03:35,460 --> 00:03:39,800
saying that the cupcake stop will be in front of office this afternoon.

41
00:03:40,350 --> 00:03:41,460
But can you imagine?

42
00:03:41,730 --> 00:03:48,600
Why would an employee in your office tell you about the cupcakes doctrine that if he wants to tell you,

43
00:03:48,780 --> 00:03:54,120
he will come to you and tell you that the cupcake truck is coming, we will head to truck and buy some

44
00:03:54,120 --> 00:03:54,720
cupcakes.

45
00:03:55,140 --> 00:04:00,710
So here that imply in your organization is nothing but the hacker.

46
00:04:01,140 --> 00:04:05,830
And if you click on that link, all your details will be faced by the hacker.

47
00:04:06,360 --> 00:04:08,960
Let's consider another scenario here.

48
00:04:09,300 --> 00:04:15,360
You've received an email from your university saying that this email is mean to inform you that your

49
00:04:15,360 --> 00:04:19,410
my university network password will expire in 24 hours.

50
00:04:19,920 --> 00:04:23,850
But the common thing is that your password never expires.

51
00:04:24,120 --> 00:04:28,410
So therefore, this email is sent to you by an hacker.

52
00:04:28,830 --> 00:04:34,890
Therefore, if you click on that link, your username and your password will be searched by the hacker.

53
00:04:35,400 --> 00:04:39,450
In the next lecture, we will study different types of social engineering.