2.3.2 Social Engineering Flashcards
What is the Definition of Social Engineering
Social engineering attacks use deception and manipulation to trick users into revealing sensitive information or making mistakes that compromise the security of their devices
What are the 4 Laws relating to social engineering
The Computer Misuse Act 1990
The Fraud Act 2006
The General Data Protection Regulation (GDPR)
The Privacy and Electronic Communications (EC Directive) Regulations 2003
What is the Computer Misuse Act 1990
This Act makes it a criminal offence to gain unauthorised access to computer systems through hacking, viruses and other forms of cyber-attacks.
What is the Fraud Act 2006
This Act makes it a criminal offence to carry out deception with
the intention of making a gain or causing a loss. Social engineering scams, such as phishing and vishing, are often covered under the Fraud Act.
What is the The Privacy and Electronic Communications (EC Directive) Regulations 2003
This regulation regulates the use of electronic communication services, including e-mail, voice calls and text messages.
What are the different sectors social engineering is in
- commerce
- personal finance and home banking
- process control.
What are the types of techniques in social engineering
- Phishing
- Vishing
- Baiting
- E-mail Hacking
- Pretexting
- Quid pro quo scams
- Active digital footprints
- Passive digital footprints
What is phishing
Fraud emails, text messages or websites that appear to be trustworthy but not
What is vishing
Uses voice calls or other things with voice to trick people into leaking personal info
What is baiting
When somebody leaves a valuable USB to trick people into taking it and using it