J.Dion Sec. 5 Social Engineering Flashcards
Manipulative strategy that exploits human psychology to gain unauthorized access to systems, data, or physical spaces.
Social engineering
What are the 6 main types social engineers use?
Authority
Urgency
Social proof
Scarcity
Likability
Fear
The power or right to give orders, make decisions, and enforce obedience.
Authority
Compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly or prioritize certain actions.
Urgency
Psychological phenomenon where individuals look to the behaviors and actions of other to determine their own decisions or actions in similar situations.
Social proof
Psychological pressure people feel when they believe a product, opportunity, or resource is limited or in short supply.
Scarcity
It is associated with being nice, friendly, and socially accepted by others.
Likability
Feeling afraid of someone or something, as likely to be dangerous, painful, or threatening.
Fear
What are the four main forms of impersonation used by attackers?
Impersonation
Brand impersonation
Typosquatting
Watering Hole Attacks
An attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data.
Impersonation
Specific form of impersonation where an attacker pretends to represent a legitimate company or brand.
Brand Impersonation
A form of cyber attack where an attacker registers a domain name that is similar to a popular website but contains some kind of common typographical error.
Typosquatting
Typosquatting is also known as 2 other names
URL hijacking
Cyber-squatting
Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use.
Watering hole attacks
What are the 6 types of phishing attacks?
Phishing
Vishing
Smishing
Whaling
Spear phishing
Business email compromise
Fraudulent attack using deceptive emails from trusted sources to trick individuals into disclosing personal information like passwords and credit card numbers.
Phishing
Used by cybercriminals who are more tightly focused on a specific group of individuals or organizations.
Spear phishing
“Spray and pray” mode?
Phishing
Targeted users mode?
Spear phishing
Form of spear phishing that targets high-profile individuals like CEOs or CFOs.
Whaling
Advanced phishing attack that leverages internal email accounts within a company to manipulate employees into carrying out malicious actions for the attacker.
Business email compromise (BEC)
Phone-based attack in which the attacker deceives victims into divulging personal or financial information.
Vishing (Voice phishing)
Attack that uses text messages to deceive individuals into sharing their person information.
Smishing (SMS phishing)
Vital tool for educating individuals about phishing risks and how to recognize potential phishing attempts in user security awareness training.
Anti-phishing compaign
Manipulating a situation or creating a distraction to steal valuable items or information.
Diversion theft
This type of attack, the attacker manipulates the DNS server settings, so that when a user types a legitimate website URL they are redirected to a fake website.
DNS spoofing
Malicious deception that is often spread through social media, email, or other communication channels.
Hoax
What two types of attack are hoaxes usually paired with?
Phishing attacks
Impersonation attacks
Looking over someone’s shoulder to gather personal information.
Shoulder surfing
Virtual or physical searching through trash to find valuable information.
Dumpster diving
The process of secretly listening to private cnonversations.
Eavesdropping
What type of attack is paired with eavesdropping?
On the path attack
Planting a malware-infected device for a victim to find and unintentionally introduce malware to their organization’s system.
Baiting
Which of the following types of phishing attacks is used to specifically target high-level executives or important officials within an organization?
a. Phishing
b. Whaling
c. Spear phishing
d. Impersonation
b. Whaling
During an anti-phishing campaign, what primary action should a company take after simulating a successful phishing attack on its employees?
a. Terminate the employees who fall for the simulated attack.
b. Send a warning email to all employees so they will be aware of phishing as a problem.
c. Provide remedial training to all employees who fell for the attack.
c. Provide remedial training to all employees who fell for the attack.
The primary goal of the campaign is to raise awareness.
Which social engineering technique involves searching through a target’s trash or discarded items to obtain sensitive or valuable information?
a. Diversion theft
b. Shoulder surfing
c. Eavesdropping
d. Dumpster diving
d. Dumpster diving
Which social engineering attack involves an attacker creating a fabricated scenario to manipulate or deceive someone into divulging confidential information?
a. Pretexting
b. Dumpster diving
c. Shoulder surfing
d. Eavesdropping
a. Pretexting
Form of social engineering where attackers create a scenario or pretext to manipulate/deceive someone into sharing confidential information.
Which of the following is a common motivational trigger used in social engineering attacks to manipulate victims to act or respond without taking time to think about the consequences?
a. Likability
b. Authority
c. Urgency
d. Social proof
c. Urgency
