No matter how strong a company’s security is end-users will often be the weakest link in the security chain. Hackers can exploit an employee’s trusting nature, naivety, gullibility, or just the harried state of many workers, with the end goal being to gain unauthorized access to corporate IT systems using social engineering tactics.
In this module, students will learn how to avoid social engineering schemes. Specifically, they will learn how to recognize unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information.
Also, students learn reasons why they should not provide personal or organizational information unless they are confident that person has the authority to have that information.
The course will also teach students how to deal with a request for personal or financial information in an email, how to check a website’s security prior to sending sensitive information over it, how to check the URL of a website to identify whether it is legitimate or malicious (e.g. URL may use a variation in spelling eBay vs eDay or a different domain — thestar.com vs. thestar.net).
Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group.