Chapter 4 Flashcards
Social Engineering
The practice of manipulating people through a variety of strategies to accomplish desired actions.
Authority
Relies on the fact that most people will obey someone who appears to be in charge or knowledgeable, regardless of whether or not they actually are.
Intimidation
Relies on scaring or bullying an individual into taking a desired action.
Consensus
Uses the fact that people tend to want to do what others are doing to persuade them to take an action.
Scarcity
Make something look more desirable because it may the be the last one available.
Familiarity
Based on you liking the individual or even the organization the individual is claiming to represent.
Trust
Relies on a connection with the individual they are targeting.
Urgency
Relies on creating a feeling that the action must be taken quickly due to some reason or reasons.
Phishing
A broad term used to describe the fraudulent acquisition of information.
Spear Phishing
Phishing that targets specific individuals or groups in an organization.
Whaling
Phishing that targets senior employees.
Credential Harvesting
The process of gathering credentials like usernames and passwords.
Spam
Unsolicited or junk email that is used to employ various social engineering attacks.
Shoulder Surfing
Looking over a person’s shoulder to capture information.
Tailgating
A physical entry attack that requires simply following someone who has authorized access to an area so that they open secured doors you can pass through as well.
Eliciting Information
A technique used to gather information from targets without them realizing they are providing it.
Pretexting
The process of using a made-up scenario to justify why you are approaching an individual.
Identity Fraud
Using someone else’s identity.
Brute-force Attack
Iterating through a list of characters or words to find a combination that works.
Password Spraying
A form of brute-force attack that attempts to use a single password or small set of passwords against many accounts.
Dictionary Attacks
A form of brute-force attack that uses list of words for their attempts.