Several basic principles or reasons make psychological social engineering effective These include authority, intimidation, consensus, scarcity, urgency, familiarity, and trust Table 26 uses these principles in a scenario of an attacker pretending to be the chief executive officer (CEO) calling the organization's help desk to have a password reset Create two additional scenarios, such as an attacker impersonating a help desk employee who wants access to an employee's protected information and make a dialog example for each of the seven principles 

Case Project 23 Your Social Engineering Attack Today's Attacks and Defenses at the beginning of this chapter illustrated how a security researcher could manipulate a help desk support technician into compromising security If you were to make your own social engineering attack, what would it be Using your place of employment or school, first determine exactly what your goal would be in the attack, and then craft a detailed description of how you would carry out the attack using only social engineering to achieve your goal You might want to search the Internet for examples of previously successful attacks that used social engineering Why do you think your attack would be successful Who would be involved What would be the problems in achieving your goal Why one page paper on your research

 Case Project 24 Google Dorking Google Dorking, or using advanced Google search techniques to find sensitive information, has been likened to online dumpster diving Use the Internet to research Google Dorking First, use the Internet to determine how the following advanced Google search engine operators are used allintext, allintitle, allinurl, cache, filetype, inanchor, interest, title, link, site, and Then, use at least five of the operators to create potential Google Dorking searches Finally, try out your searches to see if they are effective How easy is it for a threat actor to use Google Dorking How can users and organizations combat this List your Google Dorking searches the results, and the defenses that should be used against it Write a one-page paper on your activity

 Case Project 25 Cryptomalware Attacks Use the Internet to research some of the recent different crypto-malware ransomware attacks What do they do Why are they so successful How are they being spread What can users do to protect themselves Write one page summary of your research

 Case Project 26 Online Phishing Tests Detecting phishing emails can often be difficult Point your web browser to the following three online phishing tests www. sonicwallcomphishing, www. opendnscomphishingquiz, and wwwkomandocomtips361345canyouspotafakeemailtakeourphishingiqtest (or search the Internet for others) What did you learn from these tests Were they helpful What do you think general users would think about these tests Write one-paragraph summary on what you learned about phishing from these tests 

Case Project 27

Lake Point Consulting Services (LPCS) provides security consulting and assurance services to over 500 clients across a wide range of enterprises in more than 20 states. A new initiative at LPCS is for each of its seven regional offices to provide internships to students who are in their final year of the information security degree program at the local college.

Manna is a regional bakery and café. Although Manna has used an outside security consultant to help their small IT team with security they nevertheless have been the victims of several attacks over the last two quarters. Manna decided not to renew the consultant's contract and has now turned to LPCS for assistance. While LPCS is performing an audit and evaluating the enterprise's current security position, LPCS has asked you to conduct a presentation about malware to the staff of three of Manna's retail sites during their annual regional meeting.

1. Create a PowerPoint presentation that lists 15 different types of malware and defines each type in detail regarding what the malware can do, how it spreads, its dangers, etc. Your presentation should contain at least 10 slides.

2. After your presentation, it is apparent that some of the attacks were the result of social engineering. Manna has asked you to create a one-page "cheat sheet" that describes social engineering attacks and how they may be performed, including a list of practical tips to resist these attacks. This sheet paper will be posted in the stores in which employees can make quick reference to when necessary. Create the paper for Manna, using a format that is easy to reference.