Ch4 - 4.01 - Understanding Social Engineering Flashcards

1
Q

Popular Social Engineering Attacks

A
  1. Impersonation
  2. Phishing
  3. Shoulder Surfing and Dumpster Diving
  4. Tailgating
  5. Hoaxes
    When it comes to security, make sure you educate your users about e-mail hoaxes. E-mail hoaxes are e-mail messages that users receive giving a false story and asking the user to take some type of action. For example, the hoax could say a certain file is causing a serious flaw in the operating system. The e-mail could tell the reader they should delete the file, but in reality there is nothing wrong with the file, and it may be needed for information on important features of the operating system.
  6. Whaling
    Whaling differs in that instead of sending an e-mail to everyone, the hacker sends the e-mail to a specific person (“the big fish”) who may have a lot to lose from the attack.
  7. Vishing
    The difference is that with vishing, the contact is made with a phone call instead of an e-mail message.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Social Engineering - Reasons for Effectiveness

A
  1. Authority
    Most of the time the hacker impersonates a person of authority, which makes the victim believe they should do what the hacker says.
  2. Intimidation
    The victim may be intimidated by the message the hacker is relaying, so the victim does exactly what the message says.
  3. Consensus/social proof
    The hacker usually presents some facts known to the victim (and hacker) to act as proof that what the hacker is saying is true and can be trusted.
  4. Scarcity
    Scarcity is when the attack comes in the form of an e-mail, web site, or even a call, where the hacker makes you feel you need to click the order link now as you have a limited amount of time to take advantage of the great deal!
  5. Urgency
    Urgency The hacker usually has a sense of urgency in the e-mail or voice that makes the victim feel they should fix the problem right away, so the victim doesn’t really think of the security impact.
  6. Familiarity/liking
    The hacker may use a friendly tone and be very sociable, which makes the victim tend to like them and want to help.
  7. Trust
    It is in our nature to trust people who appear to be in need of help
How well did you know this?
1
Not at all
2
3
4
5
Perfectly