Impersonation attacks

- [Presenter] You're probably already very familiar with spam. It's hard to open your email inbox without being bombarded with unwanted messages. Let's take a look at how spam and other types of hoaxes can be used as weapons of social engineering through impersonation attacks. Spam, also known as unsolicited commercial email, consists of unwanted messages sent for a variety of marketing and identity fraud purposes. Most spam is illegal under the CAN-SPAM Act, but it's difficult to prosecute offenders, because it's often hard to identify them. Phishing is a subcategory of spam. Phishing messages have the explicit purpose of eliciting information. They want to trick users into revealing passwords to sensitive accounts such as bank accounts or employer systems. Phishing attacks are often used during the early stages of a larger attack. For example, an attacker might send thousands of messages to random recipients, warning…