Lecture 9: Human Factors and Social Engineering Flashcards
1
Q
Name the different phases of social engineering
A
- Research
- Pretexting, build rapport and trust
- Get data (exploit trust)
- Keep connections
- Combine data
- Use it
2
Q
Give some examples of why social engineering is common
A
- Industrial spying
- Access to resources
- Data theft
- Identity theft
3
Q
Give some examples of techniques used for social engineering
A
- Trappings of role
- Using credibility
- Forcing the target into a role (altercasting)
- Distracting from systematic thinking
- Momentum of compliance
- Bury questions
- Get pieces from different sources
- Read victim’s openness
- Test with personal information
- Back off, don’t burn the source
- Create then fix a problem
4
Q
Give some examples of human factors that are often exploited in social engineering
A
- The desire to help
- Attribution
- Liking
- Fear
- Reactance
- Reciprocity
- Dynamics of doing a favor
5
Q
List some countermeasures against social engineering
A
- Clear concise protocols that are enforced
- Awareness thinking
- Simple rules to define sensitive information
- Simple rule that ID required for restricted action
- Data classification policy
- Resistance training
- Testing by security assessment ¨
- Politeness change, “NO” is OK
