Social Engineering Flashcards
What is Authority?
Authority implies the right to exercise power in an organization. Attackers take advantage of this by presenting themselves as a person of authority, such as a technician or an executive, in a target organization to steal important data
What is Scarcity?
Scarcity implies the state of being scarce. In the context of social engineering, scarcity often implies creating a feeling of urgency in a decision-making process. Due to this urgency, attackers can control the information provided to victims and manipulate the decision-making process
What is Intimidation?
Intimidation refers to an attempt to intimidate a victim into taking several actions by using bullying tactics. It is usually performed by impersonating some other person and manipulating users into disclosing sensitive information
What is Consensus?
Consensus or social proof refers to the fact that people are usually willing to like things or do things that other people like or do.
What is a Negligent Insider?
Negligent insiders are insiders who are uneducated on potential security threats or who simply bypass general security procedures to meet workplace efficiency.
What is a Professional Insider?
A professional insider is an insider who uses their technical knowledge to identify weaknesses and vulnerabilities in the company’s network and sell confidential information to competitors or black-market bidders
What is a Malicious Insider?
A malicious insider is a disgruntled or terminated employee who steals data or destroys the company’s networks intentionally by introducing malware into the corporate network
What is a Compromised Insider?
A compromised insider is an insider with access to critical assets of an organization who is compromised by an outside threat actor
What is reverse social engineering?
Generally, reverse social engineering is difficult to carry out. This is primarily because its execution needs a lot of preparation and skills. In reverse social engineering, a perpetrator assumes the role of a knowledgeable professional so that the organization’s employees ask them for information. The attacker usually manipulates questions to draw out the required information
What is piggybacking?
Piggybacking usually implies entry into a building or security area with the consent of the authorized person. For example, an attacker might request an authorized person to unlock a security door, saying that they have forgotten their ID badge. In the interest of common courtesy, the authorized person will allow the attacker to pass through the door.
What is tailgating?
Tailgating implies accessing a building or secured area without the consent of the authorized person. It is the act of following an authorized person through a secure entrance, as a polite user would open and hold the door for those following them.
What is diversion theft?
Diversion theft is a technique where attackers target delivery professionals or transport companies. This technique is also known as “Round the Corner Game” or “Cornet Game.” The main objective of this technique is to trick a person responsible for making a genuine delivery into delivering the consignment to the wrong location, thus interrupting the transaction
What is a honey trap?
The honey trap is a technique where an attacker targets a person online by pretending to be an attractive or kind person and then begins a fake online relationship to obtain confidential information about the target company. In this technique, the victim is an insider who possesses critical information about the target organization
What is baiting?
Baiting is a technique in which attackers offer end users something alluring in exchange for important information such as login details and other sensitive data. This technique relies on the curiosity and greed of the end-users. Attackers perform this technique by leaving a physical device such as a USB flash drive containing malicious files in locations where people can easily find them, such as parking lots, elevators, and bathrooms
What is a quid pro quo?
In the quid pro quo technique, attackers keep calling random numbers within a company, claiming to be calling from technical support. This is a baiting technique where attackers offer their service to end-users in exchange of confidential data or login credentials.
