Social Engineering Techniques
What is "baiting"?
Baiting is a tactic where an attacker offers something enticing to lure victims into a trap, often using a USB drive left in a public place.
What is "phishing"?
Phishing is a cyber attack that uses fake emails or websites to trick individuals into providing personal or confidential information.
What is the human factor in cybersecurity?
The human factor refers to the vulnerabilities that arise from human behavior and decision-making, which can lead to security breaches.
What is a "Nigerian Prince" scam?
This scam involves receiving an email from someone claiming to be a Nigerian prince who needs help transferring money, promising a large reward for assistance.
How can users mitigate social engineering risks?
Users can mitigate risks by being aware of social engineering tactics, questioning suspicious requests, and verifying identities.
"Shoulder Surfing" is …
Shoulder surfing is a technique where an attacker watches someone enter sensitive information, such as passwords, by looking over their shoulder.
Explain "spear phishing."
Spear phishing is a targeted version of phishing where attackers customize their attacks to a specific individual or organization.
Why do humans make security mistakes?
Humans may make mistakes due to lack of awareness, complacency, or being manipulated by attackers exploiting social engineering tactics.
What is a "Tech Support" scam.
In this scam, attackers impersonate tech support from a legitimate company, claiming the victim's computer is infected and offering to fix it for a fee.
What is a "clean desk policy"?
A clean desk policy requires employees to keep their workspaces tidy and to secure sensitive information when not in use.
What is "piggybacking" in security?
Piggybacking occurs when an unauthorized person follows an authorized individual into a restricted area, often by taking advantage of the trust established by the authorized person.
What is "whaling"?
Whaling is a type of phishing attack that targets high-profile individuals, such as executives, to steal sensitive information.
What is "dumpster diving."
Dumpster diving is a tactic where attackers search through trash to find discarded documents that may contain sensitive information.
What is a "Lottery Scam"?
This scam informs victims they have won a lottery or prize but must pay a fee or provide personal information to claim it.
Why is user training so important?
User training is essential for educating employees about cybersecurity threats and best practices to prevent social engineering attacks.
What is "vishing."
Vishing, or voice phishing, is a social engineering tactic where attackers use phone calls to trick individuals into revealing sensitive information.
What is "smishing."
Smishing is the use of SMS text messages to conduct phishing attacks, tricking users into revealing personal information.
What is the role of "authority" in social engineering?
Attackers often exploit perceived authority to manipulate victims into complying with requests they would normally reject.
Explain "Romance Scam."
In romance scams, attackers build a relationship with victims online, often using fake profiles, to gain their trust and eventually ask for money or personal information.
What are procedures in cybersecurity?
Procedures are step-by-step instructions that guide users in implementing security policies effectively.
What are "scareware" tactics?
Scareware tactics involve tricking users into believing their system is infected with malware, prompting them to purchase fake security software.
What is "pretexting"?
Pretexting involves creating a fabricated scenario to trick individuals into divulging confidential information.
How can "urgency" be exploited?
Attackers create a sense of urgency to pressure individuals into making quick decisions, often leading to security breaches.
What is an "Online Auction Scam"?
This scam involves fraudulent listings on auction sites where the seller takes payment for an item that either doesn't exist or is not as described.
How do policies guide security measures?
Policies establish the framework for security practices, outlining expectations and responsibilities for all employees to protect sensitive information.