Show
Compare and Contrast Social Engineering Attack Types Terms in this set (22)Social engineering An activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines. Impersonation Pretending to be someone else. This is one of the basic social engineering techniques. Familiarity/Liking One of the basic tools of a social engineer. It's about being affable and likable, and to present the requests they make as completely reasonable and It's less likely to cause suspicion and the social engineer may be able to move on to a different target without being detected. Consensus (Social Proof) Refers to the fact that without an explicit instruction to behave in a certain way, many people will act just as they think others would act. A social engineering attack can use this instinct either to persuade the target that to refuse a request would be odd ("That's not something anyone else has ever said no to") or to exploit polite behavior (see Tailgating). Authority and Intimidation Social engineers can try to exploit this behavior to intimidate their target by pretending to be someone senior in rank or expertise. An attack might be launched by impersonating someone who would often be deferred to, such as a police officer, judge, or doctor. Another technique is using spurious technical arguments and jargon. Social engineering can exploit the fact that few people are willing to admit ignorance. Scarcity and urgency Often also deployed by salespeople, creating a false sense of scarcity or urgency can disturb people's ordinary decision-making process. The social engineer can try to pressure his or her target by demanding a quick response.
Establishing trust Usually depends on the attacker obtaining privileged information about the organization. Dumpster diving A social engineering technique of discovering things about an organization. It involves combing through an organization's (or individual's) garbage to try to find useful documents (or even files stored on discarded removable media). Shoulder surfing A social engineering tactic to obtain more information. This involves stealing a password or PIN (or other secure information) by watching the user type it. Lunchtime Attack An attacker physically gaining access to a system a user left unattended while logged on. Tailgating A social engineering technique to gain access to a building. This involves entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint. Piggy backing A) Similar to tailgating, except the attacker enters a secure area with an employee's permission. B) Alternatively, this may be a means of an insider threat actor to allow access to someone without recording it in the building's entry log. X) Another technique is to persuade someone to hold a door open, using an excuse, such as "I've forgotten my badge/key." Phishing A type of email-based social engineering attack. This involves the attacker sending an email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim. Spoofing An attack technique where the attacker disguises their identity. Spear phishing A) Phishing scam where the attacker has some information that makes an individual target more likely to be fooled by the attack. B) The attacker might know the name of a document that the target is editing. Whaling A spear phishing attack directed specifically against upper levels of management in the organization (CEOs etc.) Vishing A) Phishing attack conducted through a voice channel (telephone or VoIP, for instance). X) For example, targets could be called by someone purporting to represent their bank asking them to verify a recent credit card transaction and requesting their security details. Pharming A) Another means of redirecting users from a legitimate website to a malicious one. B) Relies on corrupting the way the victim's computer performs Internet name resolution, so that they are redirected from the genuine site to the malicious one. Watering Hole Attack A) Another type of directed social engineering attack. B) Relies on the circumstance that a group of targets may use an unsecure third-party website. Hoaxes An email-based, IM-based, or web-based attack. It is intended to trick the user into performing unnecessary or undesired actions. These actions include the following: A) Deleting important system files in an attempt to remove a virus, How do we best prepare for social engineering attacks? 1) Train employees to release information or make privileged use of the system only according to standard procedures. 2) Establish a reporting system for suspected attacks—though the obvious risk here is that many false negatives will be reported. 3) Train employees to identify phishing and pharming style attacks plus new styles of attacks as they emerge. 4) Train employees not to release work-related information on third-party sites or social networks (and especially not to reuse passwords used for accounts at work). Access Control The process of determining and assigning privileges to resources, objects, and data. Each resource has an access control list (ACL) specifying what users can do. Sets with similar termsChapter 13: Social Engineering13 terms huthatis Security Chapter 1 Questions38 terms Greg_DeLoach6 Chapter 1165 terms kalistraubewillavize Security21 terms StevensK30 Sets found in the same folderActivity 3-24 terms CyberEmanPLUS Lesson 5 - Topic B40 terms CyberEmanPLUS Activity 8-26 terms CyberEmanPLUS Lesson 9 - Topic E16 terms CyberEmanPLUS Other sets by this creatorFinding Files and Directories27 terms CyberEmanPLUS File and Directory Permissions Explained…22 terms CyberEmanPLUS File and Directory Permissions Explained…22 terms CyberEmanPLUS File and Directory Permissions Explained…23 terms CyberEmanPLUS Verified questions
SOCIOLOGY Identify the main racial or ethnic minorities in your area. Are you a member of any minority groups? What are they? Verified answer
SOCIOLOGY What sociological perspective focuses on the majority’s subjugation of minorities as a weapon of power and domination? Verified answer
SOCIOLOGY Cite an example from your earlier schooling that you believe presented a viewpoint of history that was incomplete or slanted toward one perspective. Verified answer
SOCIOLOGY Complete the sentence using each term once. a. monogamy b. polyandry c. polygyny d. exogamy e. endogamy f. homogamy g. patrilineal h. blended family i. dual-employed marriage j. boomerang kids. _________ is the arrangement in which descent is traced through the father. Verified answer Recommended textbook solutions Social Psychology10th EditionElliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson 525 solutions Human Resource Management15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine 249 solutions Information Technology Project Management: Providing Measurable Organizational Value5th EditionJack T. Marchewka 346 solutions Operations Management: Sustainability and Supply Chain Management12th EditionBarry Render, Chuck Munson, Jay Heizer 1,698 solutions Other Quizlet setsCh 13 Judgment, Decisions, and Reasoning72 terms PurpleFox17PLUS Gen Pysch Exam 353 terms Aaliyah_Williams442 Health and Exercise Psychology Chapter 1512 terms g16havrjess Psych Exam 2 Vocab55 terms mdandr12 Related questionsQUESTION New Political Ideologies (why and what) 2 answers QUESTION The second most common type of fraud is non-delivery of merchandise, which accounts for around 25% of Internet fraud. 7 answers QUESTION Collecting personal information and effectively posing as another individual is known as the crime of: 15 answers QUESTION What are the four quadrants of ethical and legal behaviors? 3 answers What is it called when a threat actor takes information for the purpose of impersonating someone?Email impersonation attacks are a type of phishing attack where the attacker impersonates a legitimate sender in order to trick the recipient into clicking on a malicious link or attachment.
Which of the following threat actors seeks to defame?Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government? Explanation: A hacktivist is any individual whose attacks are politically motivated. Instead of seeking financial gain, hacktivists want to defame, shed light on, or cripple an organization or government.
Which type of threat actor would benefit the most from accessing your enterprise?Which type of threat actor would benefit the most from accessing your enterprise's new machine learning algorithm research and development program? Competitors. Competitors are threat actors who launch attacks against an opponent's system to steal classified information like industry research to customer lists.
Which tool is most commonly associated with nationRansomware is the most commonly used tool of nation-state cybercriminals, and phishing is their most widely used means of spreading it.
|
