Social Engineering Flashcards
Understanding the Social Engineering Section of Security+ Exam
What is Social Engineering?
The manipulative tactics an attacker uses that exploits human psychology in order to gain access into a physical area, system, or access to data.
What are Motivational Triggers?
The various was an attacker can play on a victim’s psyche.
What are the 6 Motivational Triggers?
- Authority: The power or right to give orders, make decisions, and enforce obedience
- Urgency: Time sensitivity that drives uses to make poor decisions
- Social Proof: The mentality of following the herd.
- Scarcity: Fear of missing out
- Likeability: People are much more susceptible to threats from people they few favorably
- Fear: Intimidation
What is Impersonation?
To masquerade as someone else.
What are the 4 main forms of Impersonation
- Impersonation: An attacker assumes the identity of someone else to gain access to data and systems.
- Brand Impersonation: An attack presents themselves as the representative of some reputable brand.
- Typosquatting: An attacker registers many domain names to capitalize on people misspelling urls they search for
- Watering Hole Attacks: Targeted form of attack where attackers compromise a specific website or service their target is known to use.
What is Pretexting?
A form of social engineering attack that involves a situation, pretext, created by an attacker in order to lure a victim into divulging valuable information.
What are phishing attacks?
An attack vector that comes in many forms. The general idea is that a massive number of messages are sent over a medium to get a victim to supply sensitive information.
What are the 6 types of phishing attacks?
- Phishing
- Vishing
- Smishing
- Whaling
- Spear Phishing
- Business Email Compromise(BEC)
What is vishing?
A phishing attack carried out over VOIP or phone
What is Smishing?
A phishing attack carried out over messaging ie IM, texting, social media messages, etc
What is Whaling?
A type of phishing attack that focuses on a large target for a bigger payout. Targets like CEO, CFO, Vice Presidents, etc
What is Spear Phishing?
A targeted phishing campaign. Instead of attacking everyone under the sun, an attacker focuses on a smaller demographic.
What is Business Email Compromise?
Advanced form of phishing attack that leverages internal email accounts to manipulate employees into carrying out malicious actions for the attacker.
What is an anti phishing campaign?
A means of preventing phishing attacks. This is a tool used to carry out fake phishing attack campaigns to identify those in an organization vulnerable to phishing attacks and supply training to rectify the gap in security.
What are ways to identify a phishing attack?
- Urgency
- Unusual Requests
- Mismatched URLs
- Strange Email Addresses
- Poor grammar or spelling
What is Fraud?
Wrongful or criminal deception intended to result in financial or personal gain.
What is a Scam?
A fraudulent or deceptive act or operation.
What is an Influence Campaign?
A powerful tool for shaping public opinion and behavior. These campaigns can foster misinformation and disinformation.
What is misinformation?
The unintentional spreading of false information
What is disinformation?
The intentional spreading of false information to deceive or mislead
What are some social engineering attacks?
- Diversion theft
- Hoaxes
- Shoulder surfing
- Dumpster Diving
- Eavesdropping
- Baiting
- Piggybacking/Tailgating
What is the difference between piggybacking and tailgating?
Piggyback is when someone willing let’s an unauthorized person into an area. Tailgating is when an unauthorized person follows behind an unaware person to gain access to an area.
What is Diversion Theft?
Manipulating a situation or creating a distraction to steal data or gain unauthorized access to an area
What is a hoax?
Malicious deception that is often spread through social media, email, and/or other forms of communication
What is baiting?
Where an attacker lures a victim in with an enticing offer, and installs some form of malware on to their system in the end.