1.2 A Pre-Reading Flashcards
What is Social Engineering?
Social Engineering is the manipulation of individuals into divulging confidential information or performing actions that compromise security.
How does social engineering work?
It exploits human psychology, such as trust, fear, urgency, or curiosity, rather than technical hacking.
What is the primary goal of social engineering?
To trick individuals into revealing sensitive information, installing malware, or bypassing security controls.
What is Phishing?
A technique where attackers send fraudulent emails or messages to trick users into revealing login credentials, financial information, or downloading malware.
What is Spear Phishing?
A highly targeted phishing attack customized to deceive a specific person or organization.
What is Pretexting?
A form of social engineering where the attacker fabricates a scenario to obtain confidential information.
What is Baiting?
A social engineering attack where an attacker lures victims into downloading malicious software or revealing information by offering something enticing.
What is Quid Pro Quo?
A scam where attackers offer a service or benefit in exchange for sensitive information.
What is Tailgating (or Piggybacking)?
Gaining unauthorized physical access by following an authorized person into a restricted area.
What is Vishing (Voice Phishing)?
A phone-based scam where attackers impersonate legitimate entities to extract sensitive information.
What is Smishing (SMS Phishing)?
Using fraudulent text messages to deceive victims into clicking malicious links or providing confidential details.
How can you identify phishing emails?
Look for suspicious sender addresses, generic greetings, urgent requests, unexpected attachments, and grammatical errors.
What is the best way to prevent falling for pretexting attacks?
Always verify the identity of the requester before sharing sensitive information.
How can companies prevent tailgating attacks?
Implement strict access control measures, such as security badges and turnstiles, and encourage employees to challenge unknown individuals.
Why is multi-factor authentication (MFA) important in social engineering defense?
It adds an extra layer of security, making it harder for attackers to gain access even if they obtain login credentials.
How can users protect themselves from vishing and smishing attacks?
Never provide sensitive information over the phone or SMS unless you have verified the source through official channels.
What should you do if you suspect a social engineering attempt?
Do not engage, report it to your IT department, and educate others about the attack.
How can organizations reduce the risk of social engineering?
Conduct security awareness training, use strong authentication, and establish clear policies for handling sensitive data.
