5. Social Engineering Flashcards

1
Q

what is social engineering

A

human aspect of the security. Before actual hacking, start with social engineering as people are the weakest link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

phishing

A

extract credentials by pretending to be from a legitimate organisation

  • username passwords
  • credit card credentials
  • bank account number
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

spear phishing

A

same as phishing but targeted towards high networth people

- need to know target before attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

pharming

A

redirect user to another fake site

  • conducted by changing host file (DNS poisoning)
  • type in real address but redirected to fake site
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

non tech attacks

A
  1. authority
  2. charm
  3. pretext
  4. baiting
  5. reciprocation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

authority

A

people respect authority such as uniform

  • legal (lawyer, public service)
  • organisational (boss)
  • social
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

charm

A

make people sympathise with you

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

pretext

A

create a good scenario and prepare for expected questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

baiting

A

tempt victim’s greed or curiosity then steal their information

physical: drive containing malware
online: enticing advertisement which leads to download of malicious files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

reciprocation

A

do something for people so that they feel inclined to do something back. Manipulation of feelings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

mitigations

A

tech

  1. check url
  2. check for spelling mistakes
  3. hover over links before clicking
  4. open attachment using VM to isolate
  5. check phish tanks that contains submitted malicious links

non tech

  1. education
  2. training
  3. awareness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly