Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA A+220-1002 > Social Engineering Attacks > Flashcards

Social Engineering Attacks Flashcards

1
Q

Effective social engineering

A
  • Constantly changing
  • You never know what they’ll use next
  • May involve multiple people
  • And multiple organizations
  • There are ties connecting many organizations
  • May be in person or electronic
  • Phone calls from aggressive “customers”
  • Emailed funeral notifications of a friend or associate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Social engineering principles

A

• Authority
• The social engineer is in charge
• I’m calling from the help desk/office of the
CEO/police

• Intimidation
• There will be bad things if you don’t help
• If you don’t help me, the payroll checks won’t be
processed

  • Consensus / Social proof
  • Convince based on what’s normally expected
  • Your co-worker Jill did this for me last week
  • Scarcity
  • The situation will not be this way for long
  • Must make the change before time expires
  • Urgency
  • Works alongside scarcity
  • Act quickly, don’t think
  • Familiarity / Liking
  • Someone you know, we have common friends
  • Trust
  • Someone who is safe
  • I’m from IT, and I’m here to help
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Phishing

A
  • Social engineering with a touch of spoofing
  • Often delivered by spam, IM, etc.
  • Very remarkable when well done

• Don’t be fooled - Check the URL

  • Usually there’s something not quite right
  • Spelling, fonts, graphics
  • Vishing is done over the phone
  • Fake security checks or bank updates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Spear phishing

A
  • Phishing with inside information
  • Makes the attack more believable
  • Spear phishing the CEO is “whaling”
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Shoulder surfing

A

• You have access to important information
• Many people want to see
• Curiosity, industrial espionage, competitive
advantage

  • This is surprisingly easy
  • Airports / Flights
  • Hallway-facing monitors
  • Coffee shops
  • Surf from afar
  • Binoculars / Telescopes
  • Easy in the big city
  • Webcam monitoring
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Tailgating

A
  • Use someone else to gain access to a building
  • Not an accident
  • Johnny Long / No Tech Hacking
  • Blend in with clothing
  • 3rd-party with a legitimate reason
  • Temporarily take up smoking
  • I still prefer bringing doughnuts
  • Once inside, there’s little to stop you
  • Most security stops at the border
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Dumpster diving

A
  • Mobile garbage bin
  • United States brand name “Dumpster”
  • Similar to a rubbish skip
  • Important information thrown out with the trash
  • Thanks for bagging your garbage for me!
  • Gather details that can be used for a different attack
  • Impersonate names, use phone numbers
  • Timing is important
  • Just after end of month, end of quarter
  • Based on pickup schedule
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Phishing scams targeting a specific group of people are referred to as:

A

Spear phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA A+220-1002 (27 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions