Social Engineering Flashcards
What is the correct order of phases of social engineering attack?
Research on target company → selecting target → develop the relationship → exploit the relationship.
Tax Identity Theft
This type of identity theft occurs when perpetrator steals the victim’s Social Security Number or SSN in order to file fraudulent tax returns and obtain fraudulent tax refunds. It creates difficulties for the victim in accessing the legitimate tax refunds and results in a loss of funds.
Identity cloning and concealment
This is a type of identity theft which encompasses all forms of identity theft where the perpetrators attempt to impersonate someone else in order to simply hide their identity. These perpetrators could be illegal immigrants or those hiding from creditors or simply want to become “anonymous” due to some other reasons
Synthetic identity theft
This is one of the most sophisticated types of identity theft where the perpetrator obtains information from different victims to create a new identity. Firstly, he steals a Social Security Number or SSN and uses it with a combination of fake names, date of birth, address and other details required for creating new identity. The perpetrator uses this new identity to open new accounts, loans, credit cards, phones, other goods and services.
Social identity theft
This is another most common type of identity theft where the perpetrator steals victim’s Social Security Number or SSN in order to derive various benefits such as selling it to some undocumented person, use it to defraud the government by getting a new bank account, loans, credit cards or for passport.
Malicious Insider
Malicious insider threats come from disgruntled or terminated employees who steal data or destroy company networks intentionally by injecting malware into the corporate network.
Negligent Insider
Insiders, who are uneducated on potential security threats or simply bypass general security procedures to meet workplace efficiency, are more vulnerable to social engineering attacks. A large number of insider attacks result from employee’s laxity towards security measures, policies, and practices.
Professional Insider
Professional insiders are the most harmful insiders where they use their technical knowledge to identify weaknesses and vulnerabilities of the company’s network and sell the confidential information to the competitors or black market bidders.
Compromised Insider
An outsider compromises insiders having access to critical assets or computing devices of an organization. This type of threat is more difficult to detect since the outsider masquerades as a genuine insider.
