2.2 Social Engineering Flashcards
What is the best way to minimize the impact of social engineering?
Education
What are some ways an attacker manipulates a victim?
Threats, trust, moral obligation, asking for very little, ignoranceW
What are the three phases of the social engineering process?
Research, development, and exploitation
What does the research phase of social engineering involve?
Gathering information about the company or organization that will be attacked (footprinting)
What does the development phase of social engineering involve?
Selecting targets who have information and certain characteristics, then forming relationships with these people to build trust
What does the exploitation phase of the social engineering process involve?
The attacker takes advantage of their relationship with the victim to extract information, obtain access, or accomplish other goals
What is an important part of the exploitation phase?
A well-planned and smooth exit without traces
What is a prerequisite of many social engineering attacks?
Obtaining information about the network and security systems
What are some social engineering attacks examples?
Phishing, smishing, vishing, impersonation, pretexting, brand impersonation, business email compromise (BEC), disinformation, misinformation, watering hole (use of an unsecured third-party website), typosquatting, hijacked subdomains