- Social Science
- Sociology
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Compare and Contrast Social Engineering Attack Types
Terms in this set (22)
Social engineering
An activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.
Impersonation
Pretending to be someone else.
This is one of the basic social engineering techniques.
Familiarity/Liking
One of the basic tools of a social engineer.
It's about being affable and likable, and to present the requests they make as completely reasonable and
unobjectionable.
It's less likely to cause suspicion and the social engineer may be able to move on to a different target without being detected.
Consensus (Social Proof)
Refers to the fact that without an explicit instruction to behave in a certain way, many people will act just as they think others would act.
A social engineering attack can use this instinct either to persuade the target that to refuse a request would be odd ("That's not something anyone else has ever said no to") or to exploit polite behavior (see Tailgating).
Authority and Intimidation
Social engineers can try to exploit this behavior to intimidate their target by pretending to be someone senior in rank or expertise.
An attack might be launched by impersonating someone who would often be deferred to, such as a police officer, judge, or doctor.
Another technique is using spurious technical arguments and jargon.
Social engineering can exploit the fact that few people are willing to admit ignorance.
Scarcity and urgency
Often also deployed by salespeople, creating a false sense of scarcity or urgency can disturb people's ordinary decision-making process.
The social engineer can try to pressure his or her target by demanding a quick response.
Establishing trust
Usually depends on the attacker obtaining privileged information about the organization.
Dumpster diving
A social engineering technique of discovering things about an organization.
It involves combing through an organization's (or individual's) garbage to try to find useful documents (or even files stored on discarded removable media).
Shoulder surfing
A social engineering tactic to obtain more information.
This involves stealing a password or PIN (or other secure information) by watching the user type it.
Lunchtime Attack
An attacker physically gaining access to a system a user left unattended while logged on.
Tailgating
A social engineering technique to gain access to a building.
This involves entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint.
Piggy backing
A) Similar to tailgating, except the attacker enters a secure area with an employee's permission.
B) Alternatively, this may be a means of an insider threat actor to allow access to someone without recording it in the building's entry log.
X) Another technique is to persuade someone to hold a door open, using an excuse, such as "I've forgotten my badge/key."
Phishing
A type of email-based social engineering attack.
This involves the attacker sending an email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.
Spoofing
An attack technique where the attacker disguises their identity.
Spear phishing
A) Phishing scam where the attacker has some information that makes an individual target more likely to be fooled by the attack.
B) The attacker might know the name of a document that the target is editing.
---B1) It'll
then send a malicious copy,
---B2) Also, the phishing email might show that the attacker knows the recipient's full name, job title, telephone number, or other details.
---B2-1) This helps convince the target that the communication is genuine.
Whaling
A spear phishing attack directed specifically against upper levels of management in the organization (CEOs etc.)
Vishing
A) Phishing attack conducted through a voice channel (telephone or VoIP, for instance).
X) For example, targets could be called by someone purporting to represent their bank asking them to verify a recent credit card transaction and requesting their security details.
Pharming
A) Another means of redirecting users from a legitimate website to a malicious one.
B) Relies on corrupting the way the victim's computer performs Internet name resolution, so that they are redirected from the genuine site to the malicious one.
Watering Hole Attack
A) Another type of directed social engineering attack.
B) Relies on the circumstance that a group of targets may use an unsecure third-party website.
Hoaxes
An email-based, IM-based, or web-based attack.
It is intended to trick the user into performing unnecessary or undesired actions.
These actions include the following:
A) Deleting important system files in an attempt to remove a virus,
or
B) Sending money or important information via email or online forms
How do we best prepare for social engineering attacks?
1) Train employees to release information or make privileged use of the system only according to standard procedures.
2) Establish a reporting system for suspected attacks—though the obvious risk here is that many false negatives will be reported.
3) Train employees to identify phishing and pharming style attacks plus new styles of attacks as they emerge.
4) Train employees not to release work-related information on third-party sites or social networks (and especially not to reuse passwords used for accounts at work).
Access Control
The process of determining and assigning privileges to resources, objects, and data.
Each resource has an access control list (ACL) specifying what users can do.
Sets with similar termsChapter 13: Social Engineering
13 terms
huthatis
Security Chapter 1 Questions
38 terms
Greg_DeLoach6
Chapter 11
65 terms
kalistraubewillavize
Security
21 terms
StevensK30
Sets found in the same folderActivity 3-2
4 terms
CyberEmanPLUS
Lesson 5 - Topic B
40 terms
CyberEmanPLUS
Activity 8-2
6 terms
CyberEmanPLUS
Lesson 9 - Topic E
16 terms
CyberEmanPLUS
Other sets by this creatorFinding Files and Directories
27 terms
CyberEmanPLUS
File and Directory Permissions Explained…
22 terms
CyberEmanPLUS
File and Directory Permissions Explained…
22 terms
CyberEmanPLUS
File and Directory Permissions Explained…
23 terms
CyberEmanPLUS
Verified questions
SOCIOLOGY
Identify the main racial or ethnic minorities in your area. Are you a member of any minority groups? What are they?
Verified answer
SOCIOLOGY
What sociological perspective focuses on the majority’s subjugation of minorities as a weapon of power and domination?
Verified answer
SOCIOLOGY
Cite an example from your earlier schooling that you believe presented a viewpoint of history that was incomplete or slanted toward one perspective.
Verified answer
SOCIOLOGY
Complete the sentence using each term once. a. monogamy b. polyandry c. polygyny d. exogamy e. endogamy f. homogamy g. patrilineal h. blended family i. dual-employed marriage j. boomerang kids. _________ is the arrangement in which descent is traced through the father.
Verified answer
Recommended textbook solutionsSocial Psychology
10th EditionElliot Aronson, Robin M. Akert, Samuel R. Sommers, Timothy D. Wilson
525 solutions
Human Resource Management
15th EditionJohn David Jackson, Patricia Meglich, Robert Mathis, Sean Valentine
249 solutions
Information Technology Project Management: Providing Measurable Organizational Value
5th EditionJack T. Marchewka
346 solutions
Operations Management: Sustainability and Supply Chain Management
12th EditionBarry Render, Chuck Munson, Jay Heizer
1,698 solutions
Other Quizlet setsCh 13 Judgment, Decisions, and Reasoning
72 terms
PurpleFox17PLUS
Gen Pysch Exam 3
53 terms
Aaliyah_Williams442
Health and Exercise Psychology Chapter 15
12 terms
g16havrjess
Psych Exam 2 Vocab
55 terms
mdandr12
Related questionsQUESTION
New Political Ideologies (why and what)
2 answers
QUESTION
The second most common type of fraud is non-delivery of merchandise, which accounts for around 25% of Internet fraud.
7 answers
QUESTION
Collecting personal information and effectively posing as another individual is known as the crime of:
15 answers
QUESTION
What are the four quadrants of ethical and legal behaviors?
3 answers