Social Engineering

Question 1

What are the 2 possible goals in Social Engineering?

Answer 1

Psychologically manipulate people into doing something/releasing info, Gather info left by people

Question 2

What 2 reasons allow Social Engineering to work?

Answer 2

People are vulnerable to manipulation, People can’t easily be patched

Question 3

What are the 6 stages in an SE attack? 1)🥊2) 🛜 3) 📖 4) 💏5) 😈6) 💼

Answer 3

1) Attack Formulation 2) Information Gathering 3) Preparation 4) Develop Relationship 5) Exploit Relationship 6) Debrief (maintain and ease out of relationship as to not cause suspicion)

Question 4

What are the 2 types of Commication in Social Engineering attacks?

Answer 4

Direct Communication (attacker to victim), Indirect Communication (attacker uses third party website to talk to victims)

Question 5

What is meant by Bidirectional communication?

Answer 5

Direct Communication between attacker and victim, both speak

Question 6

What is meant by Unidirectional communication?

Answer 6

Direct Communication between attacker and victim, attacker doesn’t expect victim reply. e.g. email directly to victim, but victim wouldn’t respond to email

Question 7

What are the 6 Compliance Principles?

Answer 7

Friendship or Liking, Commitment or Consistency, Scarcity. Reciprocity, Social Validation, Authority

Question 8

What is Pretexting?

Answer 8

Creating a fake scenario to convince you (e.g. “You booked this flight, call us for a refund”)

Question 9

What is meant by Compliance Principles “Commitment or Consistency”?

Answer 9

Ask little bit of info from victim, over time will divulge more as they are committed

Question 10

What is meant by Compliance Principles “Scarcity”?

Answer 10

Scarcity in resources or time, make them feel rushed

Question 11

What is meant by Compliance Principles “Social Validation”?

Answer 11

This brand new app everyone has, don’t miss out! Download

Question 12

What are the 6 entities in an SE attack? (the circle diagram)

Answer 12

1) Social Engineer (attacker) 2) Target 3) Goal 4) Medium 5) Technique 6) Compliance Principles

Question 13

What are 4 Social Engineering techniques?

Answer 13

1) Info Gathering, Interaction with Target, Tailgating, Baiting

Question 14

What are 3 ways of Info Gathering technique?

Answer 14

Dumpster Dive, Shoulder Surf, Search Internet

Question 15

What are 3 ways of Interaction with Target technique?

Answer 15

Phishing, Spear Phishing, Visihing, Physical Impersonation

Question 16

What is Spear Phishing?

Answer 16

Phishing specifically tailored to a particular victim

Question 17

What is Baiting?

Answer 17

Bait with curiosity, e.g. infected USB

Question 18

What is Tailgating?

Answer 18

Walk into building behind someone