Social Engineering Flashcards
(31 cards)
What is Social Engineering?
Manipulative strategy exploiting human psychology for unauthorized access to systems, data, or physical spaces.
List the motivational triggers used by social engineers.
- Familiarity and Likability
- Consensus and Social Proof
- Authority and Intimidation
- Scarcity and Urgency
What is impersonation in the context of social engineering?
Pretending to be someone else to gain unauthorized access to resources or sensitive data.
What is pretexting?
Creating a fabricated scenario to manipulate targets and impersonating trusted figures to gain trust.
What are the types of phishing attacks?
- Phishing
- Vishing
- Smishing
- Spear Phishing
- Whaling
- Business Email Compromise
Define frauds and scams.
Deceptive practices to deceive people into parting with money or valuable information.
What are influence campaigns?
Coordinated efforts to affect public perception or behavior towards a particular cause, individual, or group.
Name a few other social engineering attacks.
- Diversion Theft
- Hoaxes
- Shoulder Surfing
- Dumpster Diving
- Eavesdropping
- Baiting
- Piggybacking
- Tailgating
What does the authority motivational trigger imply?
Most people comply with requests if they believe it comes from someone in a position of authority.
What is the urgency motivational trigger?
A compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly.
Explain social proof as a motivational trigger.
Individuals look to the behaviors and actions of others to determine their own decisions.
What is scarcity in the context of social engineering?
Psychological pressure people feel when they believe a product or opportunity is limited.
What does likability refer to in social engineering?
Most people prefer to interact with those they like, which can be exploited by social engineers.
Describe the fear motivational trigger.
Attacks focused on creating a threat that if the target does not comply, something bad will happen.
What is brand impersonation?
A specific form of impersonation where an attacker pretends to represent a legitimate company or brand.
What is typosquatting?
A form of cyber attack where an attacker registers a domain name similar to a popular website with typographical errors.
What are watering hole attacks?
Targeted attacks where attackers compromise a specific website that their target is known to use.
Define phishing.
Sending fraudulent emails that appear to be from reputable sources to convince individuals to reveal personal information.
What is spear phishing?
A more targeted form of phishing aimed at specific individuals or organizations.
What is whaling in phishing attacks?
A form of spear phishing targeting high-profile individuals like CEOs or CFOs.
What is Business Email Compromise (BEC)?
A sophisticated phishing attack targeting businesses using internal email accounts to conduct unauthorized actions.
What is vishing?
Voice phishing where attackers trick victims into sharing personal information over the phone.
What does smishing involve?
Using text messages to trick individuals into providing personal information.
Fill in the blank: The most common type of fraud seen online is known as _______.
identity fraud or identity theft.
