Social Engineering

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/18

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 3:14 PM on 7/9/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

19 Terms

1
New cards

What is social engineering?

Techniques that persuade or intimidate people into revealing confidential information or allowing some sort of access to the organization that should not have been authorized

2
New cards

What is often a prerequisite of many attacks?

Obtain information about the network and its security controls

3
New cards

What is impersonation in social engineering?

The social engineer develops a pretext scenario to allow himself or herself an opportunity to interact with an employee

4
New cards

What must happen for a pretexting attack to succeed?

The social engineer must gain the employee's trust or use intimidation or hoaxes to frighten the employee into complying

5
New cards

What is Business Email Compromise (BEC)?

The attacker gains access to an email account in the company and uses it to impersonate a trusted individual to trick employees into performing a specified task, such as sending money or divulging information

6
New cards

Why is dumpster diving useful to an attacker?

To obtain information or documents that help make a social engineering attack credible

7
New cards

What kinds of information can help an attacker through impersonation?

Department employee lists, job titles, phone numbers, diary appointments, invoices, or purchase orders

8
New cards

What is dumpster diving?

Combing through an organization's or individual's garbage to try to find useful documents

9
New cards

What is shoulder surfing?

Learning a password, PIN, or other secure information by watching the user type it

10
New cards

Does shoulder surfing require proximity to the target?

No; the attacker could use high-powered binoculars or CCTV to directly observe the target remotely

11
New cards

What is tailgating?

Entering a secure area without authorization by following closely behind the person who has been allowed to open the door or checkpoint

12
New cards

What is piggybacking?

Entering a secure area with an employee's permission

13
New cards

What is the key difference between tailgating and piggybacking?

Tailgating is without authorization by following closely behind; piggybacking is with an employee's permission

14
New cards

What is the #1 way to help protect end users from social engineering in the section?

Train your end users

15
New cards

What does healthy skepticism mean in the section?

Asking, "Should I do this? What's the situation?" and opening up a situational awareness kind of approach

16
New cards

What does thinking in terms of out-of-band communication mean?

If someone communicated with you via one band, use a different band, like a phone or texting, to ask whether they sent the information

17
New cards

Why is it important to remember who contacted you first?

The best social engineers are the ones who are going to reach out to you first, but they're going to make you forget that they're the ones that contacted you first

18
New cards

What is the don't-click rule?

Don't click

19
New cards

What should a good response plan answer?

If something feels wrong, what next steps to take and how policy will help take those next steps