2.4 – Social Engineering Flashcards
Social Engineering
- Uses social tactics to trick users into giving up information or performing actions they wouldn’t usually take
o In person, over phone, while browsing, via email
o Take advantage of normal social behaviors & trust
- Phishing
o Sending emails with purpose to trick them into revealing personal information / performing acts
o DOES NOT target specific group
- Spear Phishing
targets specific groups of users
—Attacks can be customized [more dangerous]
o Whaling
targets high-level executives
o Vishing
voice phishing
–Verify identity & contact info of caller
–Caller-ID can be spoofed
o Smishing
-Uses SMS Texts
-Instant messages / social media
- In Person Training
o Dumpster Diving
–Person looks through trash for info
–Burning / shredding helps prevent
- In Person Training
o Shoulder Surfing
Looking over shoulder with camera to view sensitive information
- In Person Training
o Tailgating
Follow closely behind someone to enter a secure area
- In Person Training
o Impersonation
Pretend to be someone else
Usually impersonate tech support / company personal
- In Person Training
o Evil Twin
Fraudulent WiFi access point that appears to be legit
Setup to eavesdrop on wireless communication