Social Engineering Flashcards
Understanding the Social Engineering Section of Security+ Exam
What is Social Engineering?
The manipulative tactics an attacker uses that exploits human psychology in order to gain access into a physical area, system, or access to data.
What are Motivational Triggers?
The various was an attacker can play on a victim’s psyche.
What are the 6 Motivational Triggers?
- Authority: The power or right to give orders, make decisions, and enforce obedience
- Urgency: Time sensitivity that drives uses to make poor decisions
- Social Proof: The mentality of following the herd.
- Scarcity: Fear of missing out
- Likeability: People are much more susceptible to threats from people they few favorably
- Fear: Intimidation
What is Impersonation?
To masquerade as someone else.
What are the 4 main forms of Impersonation
- Impersonation: An attacker assumes the identity of someone else to gain access to data and systems.
- Brand Impersonation: An attack presents themselves as the representative of some reputable brand.
- Typosquatting: An attacker registers many domain names to capitalize on people misspelling urls they search for
- Watering Hole Attacks: Targeted form of attack where attackers compromise a specific website or service their target is known to use.
What is Pretexting?
A form of social engineering attack that involves a situation, pretext, created by an attacker in order to lure a victim into divulging valuable information.
What are phishing attacks?
An attack vector that comes in many forms. The general idea is that a massive number of messages are sent over a medium to get a victim to supply sensitive information.
What are the 6 types of phishing attacks?
- Phishing
- Vishing
- Smishing
- Whaling
- Spear Phishing
- Business Email Compromise(BEC)
What is vishing?
A phishing attack carried out over VOIP or phone
What is Smishing?
A phishing attack carried out over messaging ie IM, texting, social media messages, etc
What is Whaling?
A type of phishing attack that focuses on a large target for a bigger payout. Targets like CEO, CFO, Vice Presidents, etc
What is Spear Phishing?
A targeted phishing campaign. Instead of attacking everyone under the sun, an attacker focuses on a smaller demographic.
What is Business Email Compromise?
Advanced form of phishing attack that leverages internal email accounts to manipulate employees into carrying out malicious actions for the attacker.
What is an anti phishing campaign?
A means of preventing phishing attacks. This is a tool used to carry out fake phishing attack campaigns to identify those in an organization vulnerable to phishing attacks and supply training to rectify the gap in security.
What are ways to identify a phishing attack?
- Urgency
- Unusual Requests
- Mismatched URLs
- Strange Email Addresses
- Poor grammar or spelling