5. Social Engineering

Question 1

what is social engineering

Answer 1

human aspect of the security. Before actual hacking, start with social engineering as people are the weakest link

Question 2

phishing

Answer 2

extract credentials by pretending to be from a legitimate organisation

• username passwords
• credit card credentials
• bank account number

Question 3

spear phishing

Answer 3

same as phishing but targeted towards high networth people

- need to know target before attack

Question 4

pharming

Answer 4

redirect user to another fake site

• conducted by changing host file (DNS poisoning)
• type in real address but redirected to fake site

Question 5

non tech attacks

Answer 5

1. authority
2. charm
3. pretext
4. baiting
5. reciprocation

Question 6

authority

Answer 6

people respect authority such as uniform

• legal (lawyer, public service)
• organisational (boss)
• social

Question 7

charm

Answer 7

make people sympathise with you

Question 8

pretext

Answer 8

create a good scenario and prepare for expected questions

Question 9

baiting

Answer 9

tempt victim’s greed or curiosity then steal their information

physical: drive containing malware
online: enticing advertisement which leads to download of malicious files

Question 10

reciprocation

Answer 10

do something for people so that they feel inclined to do something back. Manipulation of feelings

Question 11

mitigations

Answer 11

tech

1. check url
2. check for spelling mistakes
3. hover over links before clicking
4. open attachment using VM to isolate
5. check phish tanks that contains submitted malicious links

non tech

1. education
2. training
3. awareness