Cybersecurity - Human Factors in security Flashcards

1
Q

Human Factors in Security and Privacy

A

This means how people’s behavior affects security. Even with strong security systems, humans can make mistakes that hackers exploit.
📌 Example: Someone clicks on a phishing email and gives away their password, even if the system itself is secure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Privacy Paradox

A

People say they care about privacy, but they still use privacy-invasive tools like social media and weak passwords.
📌 Example: Someone shares everything on Facebook but also complains about online privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Social Engineering

A

Tricking people into giving away confidential information by using manipulation instead of hacking computers.
📌 Example: A hacker pretends to be IT support and asks for an employee’s password over the phone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Phishing

A

Sending fake emails or messages to trick people into giving away passwords or clicking harmful links.
📌 Example: An email saying “Your PayPal account is locked. Click here to fix it”, but the link leads to a fake website that steals login details.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Spear Phishing

A

A targeted phishing attack aimed at a specific person or company.
📌 Example: A hacker sends a fake email to an HR employee, pretending to be their boss, asking for employee tax records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CEO Fraud (Business Email Compromise)

A

Hackers impersonate a company’s CEO to trick employees into sending money or confidential data.
📌 Example: An employee gets an email saying “Wire $10,000 to this account ASAP”, but it’s actually from a hacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

USB Drop Attack

A

Hackers leave infected USB drives in public places, hoping someone will plug them in.
📌 Example: An employee finds a USB labeled “Employee Salaries”, plugs it in, and unknowingly installs malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Multi-Tasking in Security

A

Humans are bad at doing multiple tasks at once, which makes them more likely to fall for security threats.
📌 Example: A busy employee quickly clicks “Allow” on a pop-up without checking if it’s malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Nudges in Security

A

A gentle push to help people make the right security choices, like warnings or reminders.
📌 Example: Websites make strong password suggestions when creating an account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Dark Patterns

A

Tricks in website design that manipulate users into making bad privacy decisions.
📌 Example: A website makes the “Accept all cookies” button big and easy to find, but the “Reject cookies” button is small and hidden.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Biases in Security

A

Cognitive biases make people misjudge risks, leading to bad security decisions.
📌 Example: A user thinks “I won’t get hacked because I’m not important”, so they reuse the same weak password everywhere.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Confirmation Bias

A

People only believe information that supports their existing opinions.
📌 Example: A person believes “My MacBook can’t get viruses”, so they ignore security warnings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Action Bias

A

People feel the need to take action, even when doing nothing is better.
📌 Example: Someone gets a fake security alert and installs unnecessary software, which turns out to be malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Social Proof

A

People copy others’ behavior, assuming it’s correct.
📌 Example: If everyone logs into a fake Zoom link, an employee might also log in without checking if it’s legitimate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Overconfidence Bias

A

People overestimate their security skills and take fewer precautions.
📌 Example: An IT expert thinks “I’m too smart to get hacked”, but still falls for a phishing scam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Dunning-Kruger Effect

A

People with low knowledge about security think they know more than they do.
📌 Example: Someone says “I don’t need antivirus software”, even though they download unsafe files all the time.

16
Q

Authority Manipulation in Security

A

Hackers pretend to be authority figures to make people comply.
📌 Example: A scammer pretends to be the police and demands payment for an unpaid fine.

17
Q

Layered Security (Swiss Cheese Model)

A

Using multiple security layers so if one fails, others still protect you.
📌 Example: A bank uses passwords, 2FA, and fraud detection systems to protect accounts.

18
Q

Security Fatigue

A

People get tired of constant security warnings, leading them to ignore real threats.
📌 Example: A person sees too many “Your password is weak” warnings, so they start ignoring them completely.

19
Q

Usable Security and Privacy

A

Security systems should be easy to use, or people won’t follow them.
📌 Example: If password managers are complicated, employees won’t use them, making security worse.

20
Q

Nielsen’s Usability Heuristics

A

Rules for making systems easy and safe to use, like clear error messages and simple security settings.
📌 Example: A website warns users when they enter a weak password.

21
Q

Email Signature & Encryption Problems

A

Even experts struggle to use encrypted email properly.
📌 Example: A study found that many users accidentally shared private encryption keys.

22
Q

Attack 1 – Invalid Signature

A

A fake email signature makes users think a message is safe.
📌 Example: A hacker copies a real company’s signature in a phishing email to look more trustworthy.

23
Q

Attack 2 – UI Spoofing

A

Hackers fake security elements (like padlock icons) to trick users.
📌 Example: A fake banking website adds a padlock image to make users think it’s secure.

24
Attack 3 – Conflicting Signer
An email appears to come from one sender, but the signature doesn’t match. 📌 Example: An email says “From PayPal”, but the signature belongs to a random person.
25
Social Engineering Audits
Companies send fake phishing emails to test employee awareness. 📌 Example: An employer sends a fake phishing email to see which employees click it.
26
Clone Phishing
A hacker copies a real email but adds a malicious link. 📌 Example: A hacker resends a real invoice email, but changes the payment link to their bank account.
27
Homoglyph Attacks
Using similar-looking characters in fake URLs to trick users. 📌 Example: www.paypaI.com (with a capital i) instead of www.paypal.com.
28
Cookie Consent Dark Patterns
Websites make it hard to reject tracking cookies, violating privacy laws. 📌 Example: A website hides the "Reject All" button, making it difficult to find.
29
Security Awareness Training
Teaching people how to spot and avoid cyber threats. 📌 Example: A company trains employees to identify phishing emails.