Section 7: Social Engineering and Physical Attacks Flashcards
Methods of Influence
o Authority
▪ People are more willing to comply with a request when they think it is coming from someone in authority
▪ Use of recognizable brand names like a bank or PayPal could be
considered a form of authority
● CEO or manager
● Important client
● Government agency
● Financial institution
o Urgency
▪ People are usually in a rush these days and urgency takes advantage of this fact
▪ Approaching deadline, time-based
o Social proof
▪ People are more likely to click on a link through social media or based on seeing others have already clicked on it
▪ Use social proof to make people crave to be part of a social group, experience, or interaction
o Scarcity
▪ Technique that relies on the fear of missing out on a good deal that is only offered in limited quantities or a limited time
o Likeness/Likeability
▪ A technique where the social engineer attempts to find common ground and shared interests with their target
▪ Social engineers are some of the most likeable people you will meet
o Fear
▪ The use of threats or demands to intimidate someone into helping you in the attack
Pharming
Tricks users into divulging private information by redirecting a victim to a website controlled by the attacker or penetration tester
Vishing
Occurs when the message is being communicated to the target using the voice functions of a telephone
Typosquatting/URL Hijacking
A social engineering attack that deliberately uses misspelled domains for malicious purposes and is often used in combination with a watering hole attack
