Social Engineering Flashcards
Manipulative strategy exploiting human psychology for unauthorized access to systems, data, or physical spaces
Social Engineering
Creating a fabricated scenario to manipulate targets.
Impersonating trusted figures to gain trust
Pretexting
Used by Social Engineers
● Familiarity and Likability
● Consensus and Social Proof
● Authority and Intimidation
● Scarcity and Urgency
Motivational Triggers
Type of Motivational Trigger where Most people are willing to comply and do what you tell them to do if they believe it is coming from somebody who is in a position of authority to make that request
Authority
Type of Motivational Trigger where a Compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly or prioritize certain actions
Urgency
Type of Motivational Trigger, a Psychological phenomenon where individuals look to the behaviors and actions of others to determine their own decisions or actions in similar situations
Social Proof
Type of Motivational Trigger, a Psychological pressure people feel when they believe a product, opportunity, or resource is limited or in short supply
Scarcity
Most people want to interact with people they like, and social engineers realize this.
Likeability
Type of Motivational Trigger, where These types of attacks generally are focused on “if you don’t do what I tell you, then this bad thing is going to happen to you”
Fear
Attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data
Impersonation
More specific form of impersonation where an attacker pretends to
represent a legitimate company or brand
Brand Impersonation
Also known as URL hijacking or cybersquatting. A Form of cyber attack where an attacker will register a domain name that
is similar to a popular website but contain some kind of common
typographical errors
Typosquatting
Targeted form of cyber attack where attackers compromise a specific
website or service that their target is known to use
Watering Hole Attacks
Gives some amount of information that seems true so that the victim will give more information
Pretexting
Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information, such as passwords and credit card numbers
Phishing
More targeted form of phishing that is used by cybercriminals who are more tightly focused on a specific group of individuals or organizations. Has a higher success rate
Spear Phishing
Form of spear phishing that targets high-profile individuals, like CEOs or CFO
Whaling
Sophisticated type of phishing attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacker
Taking over a legitimate business email accounts through social
engineering or cyber intrusion techniques to conduct unauthorized fund transfers, redirect payments, or steal sensitive information
Business Email Compromise (BEC)
Attacker tricks their victims into sharing personal or financial information over the phone
Vishing (Voice Phishing)
Involves the use of text messages to trick individuals into providing their personal information
Smishing (SMS Phishing)
Essential user security awareness training tool that can be used to educate individuals about the risks of phishing and how to best identify potential phishing attempts
Anti-Phishing Campaign
Urgency, Unusual Requests, Mismatched URLs, Strange EMail Address, Poor Spelling or grammer or examples of…
Key Indicators of Phishing Attacks
Wrongful or criminal deception that is intended to result in financial or personal gain for the attacker
Fraud
Involves the use of another person’s personal information without their authorization to commit a crime or to deceive or defraud
that other person or some other third party
Identity Fraud and Identity Theft
