Section 5.45 Other Social Engineering Attacks Flashcards

Objectives 2.2 Explain common threat vectors and attack surfaces Objectives 5.6 Given a scenario, implement security awareness practices

1
Q

8 other common Social Engineering Attacks

Other Social Engineering Attacks

A
  1. Diversion Theft
  2. Hoaxes
  3. Shoulder Surfing
  4. Dumpster Diving
  5. Eavesdropping
  6. Baiting
  7. Piggybacking
  8. Tailgating
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Diversion Theft

A

Involves manipulating a situation or creating a distraction to steal valuable items or information

e.g DNS spoofing attack - when user types in legimiate URL they are redirected to another URL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Hoaxes

A

Malicious deception that is often spread through social media, email, or other communication channels

Often paired with phishing attacks and impersonation attacks

To prevent hoaxes people must fact check and use good critical thinking skills

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Shoulder Surfing

A

Involves looking over someone’s shoulder to gather personal information

Includes the use of high powered cameras or closed-circuit television cameras to steal information from a distance

To prevent shoulder surfing, users must be aware of their surroundings when providing any sensitive information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Dumpster Diving

A

Involves searching through trash to find valuable information

Commonly used to find discarded documents containing personal or corporate information

Use clean desk and clean desktop policies

Virtual dumpster diving involves searching through deleted files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Eavesdropping

A

Involves the process of secretly listening to private conversations

Perpetrator intercepts the communication of parties without their knowledge

Prevent this by encrypting data in transit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Baiting

A

Involves leaving a malware-infected physical device, like a USB drive, in a place where it will be found by a victim, who will then hopefully use the device to unknowingly install malware on their organization’s computer system

To prevent baiting, train users to not use devices they find

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Piggybacking

A

Involves an attacker convincing an authorised employee to let them into the facility by getting the authorized employee to swipe their own access badge and allow the attacker inside the facility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Tailgating

A

Attacker attempts to follow an employee through an access control vestibule or access control point without their knowledge

How well did you know this?
1
Not at all
2
3
4
5
Perfectly