Social Engineering for Absolute Beginners (no coding!)
2.9 (12 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
2,077 students enrolled

Social Engineering for Absolute Beginners (no coding!)

The most common social engineering attacks every manager should know, because every hacker does!
2.9 (12 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
2,077 students enrolled
Created by Soerin Bipat
Last updated 4/2019
English
English [Auto]
Current price: $13.99 Original price: $19.99 Discount: 30% off
5 hours left at this price!
30-Day Money-Back Guarantee
This course includes
  • 42 mins on-demand video
  • 1 article
  • 18 downloadable resources
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
What you'll learn
  • Identify the most common social engineering attacks (no coding!)
  • Explain the threat, impact and remediation for the most common attacks
  • Strengthen your personal firewall!
Requirements
  • Interest in cyber security
  • Interest in psychology
  • Open mind and a willingness to learn
  • [optional] watch the movie Catch me if you can (2002). You'll find out why...
Description

This course will teach you the most common social engineering threats. At the end of the course you will understand why people are the weakest link in your organisations security posture. You will understand:
 
1) what the most common social engineering threats and are,
2) the impact per threat for your business, 
3) how these threats can be executed and / or mitigated. 

You will able to understand the above-mentioned points without having to understand technical stuff (e.g. source code) within ONE HOUR!

How is that possible?
Social engineering is closely related to psychology. Social engineering can be defined as the art of manipulating people in order to achieve a goal. Therefore, this course is created for managers rather than developers. Managers must train their employees to strengthen their personal firewall (i.e. being less likely to fall victim to manipulation), because collectively all employees make up your organisation's firewall! 

So, after following this course am I a full-fledged security expert? 
No. This course will teach you the most common social engineering threats so that you can critically question and discuss the impact of these security issues with your employees and management.

What!?! Why should I enroll?
Only enroll when you want to strengthen your personal firewall, are new social engineering and want a complete beginners’ perspective. This course is specifically developed for:

- (Project) managers that lead in an organisation that depends on IT and have no clue how social engineering could harm their organisation; 
- Security managers tasked to deliver basic security awareness training;
- Anyone interested in the basics of social engineering, explained in layman’s terms

Ok, but there is already a lot of information on available on the web. So, what’s in it for me?
I thought you would never ask! This course differentiate itself from existing available information because: 

- this course is not solely based on my opinion, but substantiated with scientific evidence. This means you not only get my opinion and experience but it is also backed by science;  
- I've included lots of links to websites that provide comprehensive background information, should you be interested in more detail; 
- That's not it, there is more...   

BONUS Material:
- attacks that are not considered social engineering (e.g. shoulder surfing) are also included;
- Frequently asked questions. Ask a social engineering question and I'll answer it with a video.

Why include bonus material, is the main course not exciting enough?
Is that a trick question? Getting organisational security right goes well beyond instructing employees. With the bonus material, I would like to inform you about the complementary measures that should be taken into account.

I’m fully convinced of the benefits, but I don’t see why I should learn all this from you.
True, let me explain by giving you an overview of my experience:
- Parttime PhD Candidate (6 years - present). I read the science, you'll get the knowledge! What more do you want? 
- Security operations manager (present). Acting as a security liaison on strategic accounts, I monitor the security of 2500+ workstations, 500+ servers and 10+ firewalls and routers, report on the operational security status of European and Dutch law and integrate intelligence results from: AVDS, Check Point, Nagios, Nessus, Palo Alto Traps, SCCM, SCEP, SEP, SCOM and SIEM;
- Software quality consultant (6,5 years). I've advised many managers of large / small IT projects on various software related aspects; 
- IT auditor (1 year). I have closely worked with accountants and audited large governmental IT projects; 
- Quality assurance engineer (3 years). I have implemented two large IT systems for large companies (>1000 employees). 

You can find more details on LinkedIn on or my profile.

Go ahead and click the enroll button, and I'll see you in lesson 1!

Cheers,
Soerin

Who this course is for:
  • (Project) managers that depend on IT
  • Security managers tasked to deliver basic security awareness training
  • Anyone interested in the basics of social engineering, explained in layman’s terms
  • Managers that want to create a more secure organisational culture
Course content
Expand all 20 lectures 42:05
+ The social engineering attacks
11 lectures 21:49

Three resources:

1) The paper that explains most of the social engineering attacks. In order to provide you with the most value possible, I've also included another paper that introduces a taxonomy of social engineering.

2) The persuasion and security awareness experiment: reducing the success of social engineering attacks.pdf. I've also included another paper to explain the impact of authority with example. Conclusions Awareness-raising about the dangers, characteristics, and countermeasures associated with social engineering proved to have a significant positive effect on neutralising the attacker.

3) Reflections_on_the_Stanford_Prison_Experiment_Gene.pdf. A short synopsis of the Zimbardo research is described starts on page 5.

Authority
02:04

Two resources:
1) Social phishing document in the attachment gives you an example of how easy a hacker can collect information about you in order to start an effective deceptive relationship. Check out page 1 and 2 (the rest of the paper you may skip). Again, "people can become less vulnerable by a heightened awareness of the dangers of phishing (page 8)". Your are on the right path. Keep on watching these videos.
2) Social Engineering Attack Examples, Templates and Scenarios. The paper presents a template for social engineering and forming a deceptive relationship (page 9). 

Deceptive Relationships
01:52
Overloading
01:20
Scarcity
01:34

This pdf. document is a must read to gain more understanding of people’s haphazard and unquestioned trust. Thank me later ;-)

Social validation
03:08

Two resources:
1) In the attachment you can find more background and examples of phishing (e.g. page 25, 27-28).
The document also provides best practices (search on "best practices" through the document), but is biased toward Symantec products.

2) US-CERT - Technical Trends in Phishing Attacks.pdf. Recommendations and remediation can be found on page 13.

Phishing
02:45

The background paper of this social engineering attack.

Preview 02:16

Note: the attached a paper is technical and offers a technical remediation to pharming. Name of the paper: A dual approach to detect pharming attacks at the client-side.pdf

Pharming
01:56

The attached paper is technical and not meant for a manager, but intended for the network engineer that may remediate this issue. The name of the paper is: Voice Pharming Attack and the Trust of VoIP.pdf

IVR or Phone Phishing
01:11
Quid Pro Quo
01:50
Tailgating
01:53
+ Bonus section!
2 lectures 05:03
Shoulder surfing
02:34
Unclean desk
02:29
+ Social engineering: general remediation actions
1 lecture 00:01

1) Social Engineering Attacks.pdf. Page 5 describes the detecting / stopping social engineering attacks.
2) Online Social Networks - Threats and solution.pdf. Page 8 and 9 depict solutions to protecting social network users. Note: solutions on page 9 are commercial packages.
3) US-CERT - Recognising and Avoiding Email Scams.pdf. Page 1 already provides an overview of remediation steps for recognising email scams.
4) A Taxonomy of Attacks and a Survey of Defence Mechanisms for Semantic Social Engineering Attacks.pdf. This document presents organisational as well as technical remediations on page 19.
5) Advanced Social Engineering Attacks.pdf. Overview of Social Engineering taxonomy (page 5) and nice real-world examples that will increase urgency to mitigate risks (page 7).
6) Social Engineering in the Context of Cialdini’s Psychology of Persuasion and Personality Traits. A bachelor thesis that nice describes the link between psychology of persuasion and social engineering (page 11-19) and prevention (page 29-36).

General remediation steps
00:01