CH29 Social Engineering Flashcards
What is Social Engineering?
manipulates a user into revealing confidential information that are detrimental to that user or the security of our systems
On the exam :
if they ask what is the act of tricking somebody or deceiving them, that would be social engineering.
What is Insider Threat?
Most dangerous threat to organizational security. Insider Threat is a person who works for your organization but has ulterior motives. Employees who steal your information are insider threats.
Data Loss Protection (DLP) systems can be used to help identify insider threats
What is Phishing ?
an attempt to fraudulently obtain information from a user (usually by email)
For the exam : Phishing = email
On the exam :
If they say tricking them through email, that would be phishing.
What is Spear Phishing ?
an attempt to fraudulently obtain information from a user, usually by email that targets a specific individual
What is Whaling?
a form of spear phishing that directly targets the CEO, CFO, CIO, CSO, or other high-value target in an organization
What is Smishing?
Phishing conducted over text messaging (SMS)
On the exam :
Tricking them through text message, that would be smishing
What is Vishing?
Phishing conducted over voice and phone calls
On the exam :
Tricking them through voice messages, that would be vishing.
What is Pharming
Phishing attempt to trick a user to access a different or fake website
On the exam :
Tricking them into going to bad websites, that would be pharming
What are motivation factors for Social Engineering ?
- Authority – People are more willing to comply with a request when they think it is coming from someone in authority.
- Urgency – people are usually in a rush these days and urgency takes advantage of this fact.
- Social Proof – People are more likely to click on a link through social media or based on seeing others have already clicked on it.
- Scarcity – technique that relies on the fear of missing out on a good deal that is only offered in limited quantities or a limited time.
- Likeability – a technique where the social engineer attempts to find common ground and shared interests with their target.
- Fear – the use of threats or demands to intimidate someone into helping you in the attack.
What is Diversion Theft?
when a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.
What is Hoax?
attempt at deceiving people into believing that something is false when it is true (or vice versa)
What is Shoulder surfing?
When a person uses direct observation to obtain authentication information
What is Eavesdropping?
When a person uses direct observation to “listen” in to a conversation
What is Dumpster Diving?
when a person scavenges for private information in garbage containers
What is Baiting?
when a malicious individual leaves malware-infected removable media such as a USB drive or optical disc lying around in plain view
