Section 5.45 Other Social Engineering Attacks Flashcards
Objectives 2.2 Explain common threat vectors and attack surfaces Objectives 5.6 Given a scenario, implement security awareness practices
8 other common Social Engineering Attacks
Other Social Engineering Attacks
- Diversion Theft
- Hoaxes
- Shoulder Surfing
- Dumpster Diving
- Eavesdropping
- Baiting
- Piggybacking
- Tailgating
Diversion Theft
Involves manipulating a situation or creating a distraction to steal valuable items or information
e.g DNS spoofing attack - when user types in legimiate URL they are redirected to another URL
Hoaxes
Malicious deception that is often spread through social media, email, or other communication channels
Often paired with phishing attacks and impersonation attacks
To prevent hoaxes people must fact check and use good critical thinking skills
Shoulder Surfing
Involves looking over someone’s shoulder to gather personal information
Includes the use of high powered cameras or closed-circuit television cameras to steal information from a distance
To prevent shoulder surfing, users must be aware of their surroundings when providing any sensitive information
Dumpster Diving
Involves searching through trash to find valuable information
Commonly used to find discarded documents containing personal or corporate information
Use clean desk and clean desktop policies
Virtual dumpster diving involves searching through deleted files
Eavesdropping
Involves the process of secretly listening to private conversations
Perpetrator intercepts the communication of parties without their knowledge
Prevent this by encrypting data in transit
Baiting
Involves leaving a malware-infected physical device, like a USB drive, in a place where it will be found by a victim, who will then hopefully use the device to unknowingly install malware on their organization’s computer system
To prevent baiting, train users to not use devices they find
Piggybacking
Involves an attacker convincing an authorised employee to let them into the facility by getting the authorized employee to swipe their own access badge and allow the attacker inside the facility
Tailgating
Attacker attempts to follow an employee through an access control vestibule or access control point without their knowledge