Week 8 - Social Engineering Flashcards
What is Social Engineering?
psychological manipulation that tricks people into giving away information or performing actions that compromise security.
What is Pretexting?
attacker creates a believable scenario or situation to manipulate the victim into revealing valuable information
e.g
attacker impersonating someone in a position of power, like a CEO
What is baiting?
attacker offers an enticing opportunity to draw the victim into a scam.
e.g
an email with a malicious link to a salesperson offering a promising lead
What is Pressure and Solution?
applying pressure to the victim through negative emotional states and then offering a solution.
e.g
using fear to cloud the victim’s judgement, so they use a solution by the attacker
What is Leveraging Authority?
manipulating the victim by pretending to hold a position of power or influence,
e.g
Impersonating a CEO and contacting IT employees to demand a change
What is Reverse Social Engineering ?
a technique where the attacker makes the victim believe they need assistance, causing the victim to seek help from the attacker.
e.g
attacker deliberately causes an issue and then comes in to save the victim
What is Chain of Authentication?
creating a situation where the victim assumes the social engineer has already been validated by a trusted source.
e.g
attacker is an engineer wanting access to a sever. befriends the receptionist and gets them to ask the server manager to show them the server room
What is Gaining Credibility?
increase the likelihood of success in an attack by presenting the victim with obtainable information that makes the attacker appear legitimate and trustworthy.
e.g
using pretexting to gain credibility
What is Social proof?
where people are influenced by the actions or opinions of others and are more likely to follow the crowd
e.g
majority of people have already clicked the link, making the victim do so
