IS 414 CH. 6 Flashcards
Explain how social engineering techniques are used to gain physical or logical access to computer resources.
- has a conversation with someone to trick, lie to, or deceive
- has information, knowledge, authority, or confidence that makes it appear that he belongs or knows what he is doing
social engineering
the techniques or psychological tricks used to get people to comply with the perpetrator’s wishes in order to gain physical or logical access to a building, computer, server, or network. It is usually to get the information needed to obtain confidential information.
7 Human traits fraudsters take advantage of
- compassion - the desire to help others who present themselves as needing your help
- greed - get something out of it
- sex appeal - more willing to help if you’re good looking
- sloth - take advantage of our lazy habits since few people want to do things the hard way
- trust - more likely to cooperate if you gain their trust
- urgency - sense of immediate need leads people to be more cooperative
- vanity - appeal to their vanity, tell them they’ll be more popular
Policies & Procedures
- Never let people follow you into a restricted building
- Never log in for someone else on a computer, especially if you admin access
- Never give sensitive information over the phone or through e-mail
- Never share passwords or IDs
- Be cautious of anyone you don’t know who is trying to gain access through you
Types of Social Engineering
identity theft, pretexting, posing, phishing, vishing, carding, pharming, evil twin, typosquatting/URL hijacking, tabnapping, scavenging/dumpster diving, shoulder surfing, lebanese looping, skimming, chipping, eavesdropping
Malware
any software that is used to do harm
Describe the different types of malware used to harm computers.
spyware, adware, torpedo software, scareware, randsomware, keylogger, trojan horse, timebomb/logic bomb, trap door/back door, packet sniffers, steganography, rootkit, superzapping, virus, worm, bluesnarfing, bluebugging
