Principles of Social Engineering

Question 1

What is Social Engineering

Answer 1

Constantly Changing attack
-Strategies are constantly changing

-Come from more than one person or organization

-More automated and use open source intelligence

-Might find out more info about you

-Try to take advantage of your emotions.
Can call in as aggressive or angry customer

Question 2

Use Authority

Answer 2

Call in as authority figure:
- CEO
-Help Desk
-Police

Question 3

Intimidation

Answer 3

Make you believe thing will be bad if you don’t help.
Ex; If you don’t help payroll checks won’t get published.

Question 4

Consensus / Social Proof

Answer 4

Convince you to do something based on what’s normally expected.

Ex; Your co-worker did this for me last week.

Question 5

Scarcity

Answer 5

Not a lot of time to get issue resolved.
Situation only has a short term to get fixed.

Question 6

Urgency

Answer 6

Works in conjunction with Scarcity.
Attempts to make you act without thinking.

Question 7

Familiarity / Liking

Answer 7

Befriend you or act like you have similar acquaintances.
“Name drop”.

Question 8

Trust

Answer 8

Presents themselves as someone you can trust.
Ex; Your IT