Social engineering module released

We close off the year with a fresh look at social engineering, always a topical issue during the holiday/new-year party season when we let our hair down.  Generally speaking, we are less guarded and more vulnerable than usual to some forms of social engineering.  The sheer variety of social engineering is one of the key messages in this month’s awareness materials. 

This module concerns:

• Social engineering attacks including phishing and spear-phishing, and myriad scams, con-tricks and frauds;
• The use of pretexts, spoofs, masquerading, psychological manipulation and coercion, the social engineers’ tradecraft;
• Significant information risks involving blended or multimode attacks and insider threats.

The awareness module is designed to appeal to virtually everyone in the organization,regardless of their individual preferences and perspectives.  A given individual may not value everything in the module, but hopefully there will be something that catches their attention – and that something may not even be the awareness materials as such, but perhaps a casual comment or oblique criticism from a peer or manager relating to the topic, which in turn was prompted by the supplied content. 

The posters, for instance, are deliberately thought-provoking, puzzling even.  Rather than spoon-feeding people with lots of written information, we choose striking images to express various challenging and often complex concepts visually.  We hope people will notice the posters, wonder what they are on about, and maybe chat about them … which is where the learning happens.

Explore the thinking that went into these awareness materials, and by all means tag-along with us as we develop next month’s module, here on the blog.

Learning objectives

December’s awareness materials are intended to:

• Introduce/outline social engineering – a backgrounder on the wide variety of forms it takes, techniques used etc.;
• Describe and promote the corresponding information security controls, particularly the human element given the limited effectiveness of technical/cybersecurity controls against social engineering, with a mix of informational and stimulating content;
• Motivate workers to act more securely, for example spotting, rebuffing and reporting possible attacks.

There are briefings, presentations, quizzes and competitions, checklists, posters and more in the new module - a wealth of creative materials all ready to use, straight out of the box (although we encouraged you to customize them if you have the time).

We’ve introduced a new A-to-Z-style awareness format this month with three briefings that work nicely together as a suite:

1. A-to-Z of social engineering scams, con-tricks and frauds - what they do;
2. A-to-Z of social engineering methods and techniques - how they do it;
3. A-to-Z of social engineering controls and countermeasures - how to spot and stop them in their tracks.