Social Engineering Flashcards

Understanding the Social Engineering Section of Security+ Exam

1
Q

What is Social Engineering?

A

The manipulative tactics an attacker uses that exploits human psychology in order to gain access into a physical area, system, or access to data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are Motivational Triggers?

A

The various was an attacker can play on a victim’s psyche.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 6 Motivational Triggers?

A
  1. Authority: The power or right to give orders, make decisions, and enforce obedience
  2. Urgency: Time sensitivity that drives uses to make poor decisions
  3. Social Proof: The mentality of following the herd.
  4. Scarcity: Fear of missing out
  5. Likeability: People are much more susceptible to threats from people they few favorably
  6. Fear: Intimidation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Impersonation?

A

To masquerade as someone else.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the 4 main forms of Impersonation

A
  1. Impersonation: An attacker assumes the identity of someone else to gain access to data and systems.
  2. Brand Impersonation: An attack presents themselves as the representative of some reputable brand.
  3. Typosquatting: An attacker registers many domain names to capitalize on people misspelling urls they search for
  4. Watering Hole Attacks: Targeted form of attack where attackers compromise a specific website or service their target is known to use.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Pretexting?

A

A form of social engineering attack that involves a situation, pretext, created by an attacker in order to lure a victim into divulging valuable information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are phishing attacks?

A

An attack vector that comes in many forms. The general idea is that a massive number of messages are sent over a medium to get a victim to supply sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the 6 types of phishing attacks?

A
  1. Phishing
  2. Vishing
  3. Smishing
  4. Whaling
  5. Spear Phishing
  6. Business Email Compromise(BEC)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is vishing?

A

A phishing attack carried out over VOIP or phone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Smishing?

A

A phishing attack carried out over messaging ie IM, texting, social media messages, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Whaling?

A

A type of phishing attack that focuses on a large target for a bigger payout. Targets like CEO, CFO, Vice Presidents, etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Spear Phishing?

A

A targeted phishing campaign. Instead of attacking everyone under the sun, an attacker focuses on a smaller demographic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Business Email Compromise?

A

Advanced form of phishing attack that leverages internal email accounts to manipulate employees into carrying out malicious actions for the attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is an anti phishing campaign?

A

A means of preventing phishing attacks. This is a tool used to carry out fake phishing attack campaigns to identify those in an organization vulnerable to phishing attacks and supply training to rectify the gap in security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are ways to identify a phishing attack?

A
  • Urgency
  • Unusual Requests
  • Mismatched URLs
  • Strange Email Addresses
  • Poor grammar or spelling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Fraud?

A

Wrongful or criminal deception intended to result in financial or personal gain.

17
Q

What is a Scam?

A

A fraudulent or deceptive act or operation.

18
Q

What is an Influence Campaign?

A

A powerful tool for shaping public opinion and behavior. These campaigns can foster misinformation and disinformation.

19
Q

What is misinformation?

A

The unintentional spreading of false information

20
Q

What is disinformation?

A

The intentional spreading of false information to deceive or mislead

21
Q

What are some social engineering attacks?

A
  • Diversion theft
  • Hoaxes
  • Shoulder surfing
  • Dumpster Diving
  • Eavesdropping
  • Baiting
  • Piggybacking/Tailgating
22
Q

What is the difference between piggybacking and tailgating?

A

Piggyback is when someone willing let’s an unauthorized person into an area. Tailgating is when an unauthorized person follows behind an unaware person to gain access to an area.

23
Q

What is Diversion Theft?

A

Manipulating a situation or creating a distraction to steal data or gain unauthorized access to an area

24
Q

What is a hoax?

A

Malicious deception that is often spread through social media, email, and/or other forms of communication

25
Q

What is baiting?

A

Where an attacker lures a victim in with an enticing offer, and installs some form of malware on to their system in the end.