Social Engineering

avatar
Created by
Simon Noveski

Subdecks (5)

Cards (62)

  • Social Engineering is an attack against a user that involves some form of social interaction
  • Social Engineering is effective because it preys on people's basic desire to be helpful and their desire to avoid confrontations
  • Types of social engineering attacks include:
    • Phishing
    • Tailgating
    • Impersonation
    • Third-party Authorization
    • Help Desk/Tech Support
    • Contractors/Outside Parties
    • Online attacks
    • Dumpster diving
    • Shoulder surfing
    • Hoax
    • Waterhole attack
  • Dumpster Diving:
    • Act of going through trash to find valuable information that might be used in a penetration attempt
  • Shoulder surfing:
    • Attacker attempts to observe individuals entering sensitive information, such as on a form, keyboard, or keypad, without direct interaction
  • Hoax:
    • Common on social media sites
    • Usually involves a recommendation to make a change that weakens security
    • Often advises users to share the "issue," spreading the hoax further
  • Watering Hole Attacks:
    • First identified by RSA
    • Involves infecting a website with malware
    • Users unknowingly download malware to their system when visiting the infected site
    • Attackers plant malware at frequently visited sites, similar to predators waiting for prey near a watering hole