INFOSEC PREFINALS

Social Engineering

The art of manipulating people to divulge sensitive information to use it to perform some malicious action.

Receptionist and Help-Desk Personnel

A common target for social engineering in which winning their trust will be easy for the attackers to attack them, as they are ready to share info if they feel they’re doing so to help a customer.

Technical Support Executives

A common target for social engineering by pretending to be someone important to gather information from them

System Administrators

A common target for social engineering in which they are responsible for maintaining the systems

Users and clients

A common target for social engineering in which they could be fool by an attacker pretending to be a tech support person to extract information.

Vendors of the target Organization

A common target for social engineering in which they could gain critical information that could help in executing attacks

Senior Executives

A common target for social engineering in which they hold the access to valuable information and authority to make big decisions.

Economic loss

An impact of social engineering attack on an organization in which competitors use social engineering to steal important info like development plans and marketing strats.

Damage to goodwill

An impact of social engineering attack on an organization in which it is destroyed or damage due to leakage of sensitive organizational data.

Loss of privacy

An impact of social engineering attack on an organization in which if an organization is unable to hide its stakeholders or customers, people can lose trust in the company.

Dangers and terrorism

An impact of social engineering attack on an organization in which anti-social elements pose a threat to an org’s assets - people and property.

Lawsuits and arbitration

An impact of social engineering attack on an organization in which these will result in negative publicity for an org and affect the business’s performance.

Temporary or permanent closure

An impact of social engineering attack on an organization in which lawsuits and arbitration may force temporary or permanent closure of an org and business acts.

Authority

A type on behaviors vulnerable to attacks in which this implies the right to exercise power in an organization.

Intimidation

A type on behaviors vulnerable to attacks in which refers to bullying tactics.

Consensus or social proof

A type on behaviors vulnerable to attacks in which refers to the fact that people are usually willing to like things or do things that other people like or do.

Scarcity

A type on behaviors vulnerable to attacks in which it implies the creation of urgency in a decision-making process. Due to urgency, attackers control information provided to victims and manipulate decision-making process.

Urgency

A type on behaviors vulnerable to attacks in which implies encouraging people to take immediate action.

Familarity or liking

A type on behaviors vulnerable to attacks in which it implies that people are more likely to be persuaded to do something when asked by someone whom they like.

Trust

A type on behaviors vulnerable to attacks in which attacker build relationship with victims.

Greed

A type on behaviors vulnerable to attacks in which people are possessive by nature and seek to acquire vast amounts of wealth through illegal activities.