Threats that target the human element

- [Instructor] What about the human side of security? The human element is often the most exploited, but why and how do the cyber criminals do it? The first, most commonly leveraged method attacking the human element is social engineering. The best way to describe social engineering is to think of a puppet master pulling the strings on a puppet to get the puppet to do exactly what they want, when they want. Social engineering is the same. In that an attacker plays the role of the puppeteer, trying to manipulate the people who play the role of the puppet into divulging information or giving access to certain things that shouldn't be shared. And all of this is done for malicious purposes. This can be conducted in a number of ways, but we will cover some of the most common. Then we have phishing. Phishing is when an email is sent with malicious intent with the appearance of coming from a legitimate person or company. However, that is not the case. Phishing is named so because like with sport fishing, a malicious actor throws out a line, hoping that someone takes the bait by either replying to the email, clicking on a link or opening an attachment. Vishing while similar in nature to phishing is conducted over the phone instead of via email. A threat actor may contact you via phone and solicit personal or confidential company information with ill-natured intent. These attackers may pose as legitimate businesses or government organizations or may even play into your human instinct to want to help. Smishing is SMS or text message phishing. Have you ever received a strange text on your phone asking you to click a link to something you weren't expecting? This may have been a real-life example of smishing. Smishing may include a link to a malicious site or may request personal information that you wouldn't typically divulge via text. It is always important to be wary of all types of ishing attacks and stay up to date on the cyber criminals' tactics. Spoofing is just one mechanism that the bad guys may leverage in these types of attacks. Spoofing is where they make an email, call, or even text message appear as though it is coming from a trusted name, number, and or source. They do this spoofing or impersonating with the help of technology to look like trusted people or organizations with the hopes that the attack seems more believable and the receiver will fall for it and take the suggested action. Another threat vector that continues to grow year over year is ransomware. Ransomware is similar to how it sounds. When something is taken and a ransom is requested to get it back. But in this, the items that are taken or locked down are digital. And in order to gain back access, the cyber criminal request payment, typically in cryptocurrency. However, there is no guarantee if you pay that they will actually give you access back. So, the process for handling ransomware differs case by case.