Social Engineering

avatar
Created by
Carrie Rose

Cards (15)

  • Social Engineering
    The act of deceiving an individual into revealing sensitive information, obtaining unauthorised access or committing fraud by associating with the individual to gain confidence and trust
  • Six Principles of Persuasion

    Liking, Reciprocity, Social Proof, Consistency, Authority, and Security
  • Phishing
    Phishing is when the attackers attempt to trick users into doing the wrong thing, like directing them to a dodgy or insecure website
  • 2 Types of Phishing

    Whale phishing and spear phishing
  • Spear Phishing
    More informed and sophisticated, targeted and tailored to a specific target
  • Pretexting
    Using fictious scenarios, the adversary will establish trust which is leveraged to create a false motive for an unsuspecting individual to divulge information or do something they would not normally do
  • Spoofing
    Spoofing in the act of disguising a communication or identity so that it appears to be associated with a trusted, authorised source.
  • Examples of Spoofing include...
    Email, IP, Domain Name System (DNS), Caller ID spoofing
  • Quid Pro Quo (Something for something)

    Attacker will call the company to follow up about a technical problem. Eventually they find someone with an issue. By providing tech support, the end user provides system access or types in a malicious command.
  • Tailgating
    To gain access to a physically restricted area by simply walking behind a person with legitimate ccess.
  • Baiting
    Attacker leaves a malware-infected USB drive in obvious location with a name to pique people's interest. Someone may wish to return it so they want to view the contents. There is also social media baiting.
  • Human Factor (Defence Against Social Engineering)
    Raising awareness among staff, train employees in security protocols relevant to their position.
  • Policy/Organization (Defence Against Social Engineering)

    Determine what sensitive information is in the workplace and check how vulnerable it is to security breaches, including social engineering. Establish security protocols, policies, and procedures for handling sensitive information.
  • Technical (Defence Against Social Engineering)

    AI-powered solutions to automate
  • Whale Phishing
    A highly targeted phishing attack aimed at senior executives, posing as a legitimate email.