Social Engineering Flashcards
1
Q
what is social Engineering
A
- a way of gaining sensitive information or illegal access to networks
- by influencing people, usually the employees of large companies
2
Q
what are the two main types of social Engineering
A
- over the phone
- phishing
3
Q
how does social Engineering take place over the telephone
A
- someone rings an employee of a company
- pretending to be a network administrator or somebody else within the organisation
- they gain the employees trust and persuade them to disclose confidential information
4
Q
what is phishing
A
- when criminals send emails or texts to people claiming they are from a well-known by business
- the email contain spoof versions of the company’s site
- they request that thef user update their personal information
- when they do they hand it to the criminals
5
Q
how do we protect ourselves from phishers
A
- many email programs, browsers and firewalls have anti-phishing features
- they reduce the number of phishing emails received
6
Q
what are sql injections
A
- pieces of sql types into a websites input box
- which then reveals sensitive informsation
7
Q
how do sql injections work
A
- a website may allow you to view your account information as long as you enter your password into an input box
- if a websites sql code does not have strong enough input validation
- someone may be able to enter a piece of sql code which allows them to access other peoples account information as well as their own