Chapter 04: Social Engineering, Physical and Password Attacks Flashcards
_____ is the practice of manipulating people through a variety of strategies to accomplish desired actions.
Social Engineering
______ relies on the fact that most people will obey someone who appears in charge or knowledgeable, regardless if they are or not.
Authority
____ relies on scaring or bullying an individual into taking a desired action.
Intimidation
A ________ social engineering attack uses the fact that people tend to want to do what others are doing to persuade them to take an action.
Consensus-based
____ is used for social engineering in scenarios that make something look more desirable because it may be the last one available.
Scarcity
_____ attacks rely on you liking the individual or even the organization the individual is claiming to represent.
Familiarity-based attacks
____ relies on a connection with the individual they are targeting so they will take actions the hacker wants them to take.
Trust
_____ relies on creating feeling that the action must be taken quickly due to some reason or reasons.
Urgency
Which type of social engineering principle uses something like “Everyone else is the department has already clicked on the link.”
Consensus based social engineering
_____ describes the fraudulent acquisition of information, often focused on credentials like usernames and passwords, as well as sensitive personal information like credit card numbers and related data.
Phishing
____ is phishing via SMS messages.
smishing
____ is phishing through telephones.
vishing
____ targets specific individuals or groups in an organization in an attempt to gather desired information or access.
Spear Phishing
_____ targets specific high profiled people, like senior employees, or CFO/CIOs.
Whaling
Best defense against phishing attacks.
Security Awareness
____ is the process of gathering credentials like usernames and passwords.
Credential Harvesting
_____ is often performed via phishing attacks but may also be accomplished through system compromise resulting in the acquisition of user databases and passwords.
Credential Harvesting