Section 4: Social Engineering Flashcards
What is Social Engineering?
A manipulative strategy that exploits human psychology to gain unauthorized access to systems, data, or physical spaces.
What does Authority refer to in social engineering?
Leveraging perceived authority to compel compliance from targets.
What is the role of Urgency in social engineering?
Creating a sense of immediacy to provoke quick action from individuals.
How does Social Proof influence targets?
Influencing decisions by showcasing the actions of others to persuade targets.
What is Scarcity in the context of social engineering?
Pressuring targets by highlighting limited availability of resources or information.
What does Likability mean in social engineering?
Gaining trust from targets by appearing friendly or relatable.
How is Fear used in social engineering?
Using threats or potential consequences to force compliance from individuals.
What is Impersonation?
Pretending to be someone else to gain unauthorized access to information or systems.
What is Brand Impersonation?
Mimicking a legitimate company to deceive targets into providing sensitive information.
What is Typosquatting?
Registering domain names that are similar to legitimate ones to exploit common typing errors.
What are Watering Hole Attacks?
Compromising frequently visited websites of targets to deliver malware or phish for information.
What is Pretexting?
Creating a false scenario to manipulate individuals into revealing sensitive information.
What is Phishing?
Deceptive communications designed to steal sensitive information.
What is Spear Phishing?
Targeted phishing attacks aimed at specific individuals or organizations.
What is Whaling?
Phishing attacks that target high-profile individuals, such as executives.
What is Business Email Compromise (BEC)?
Using compromised internal emails to deceive employees into sharing confidential information.
What is Vishing?
Phishing conducted via phone calls to extract sensitive information.
What is Smishing?
Phishing executed through SMS or text messages to trick individuals into providing personal information.
What are Frauds and Scams?
Deceptive practices intended to trick individuals into providing money or sensitive information.
What is Identity Fraud/Theft?
Using someone else’s personal information for illegal activities.
What are Invoice Scams?
Tricking individuals into paying fraudulent invoices.
What are Influence Campaigns?
Coordinated efforts aimed at spreading misinformation or disinformation to sway public opinion or behavior.
What is Diversion Theft?
Creating distractions to steal items or information without being noticed.
What are Hoaxes?
Spreading false information to deceive individuals or create panic.
What is Shoulder Surfing?
Observing someone’s screen or keyboard to gain sensitive information without their knowledge.
What is Dumpster Diving?
The practice of searching through trash or discarded materials to find valuable information or data.
What is Eavesdropping?
The act of secretly listening to private conversations, often to gather confidential or sensitive information.
What is Baiting?
A technique where infected devices, such as USB drives, are left in locations for victims to find and use, potentially compromising their systems.
