2.3.6 Social Engineering techniques

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Targeted

A targeted attack is much more dangerous. A targeted attack is extremely methodical and is often carried out by multiple entities that have substantial resources. Targeted attacks almost always use unknown exploits, and the attackers go to great lengths to cover their tracks and hide their presence.

Elicitation

A technique used to extract information from a target without arousing suspicion.

Being a good listener

An attacker may approach a target and carefully listen to what the target has to say, validate any feelings the target expresses, and share similar experiences, which may be real or fabricated.

Compliments

An attacker may give a target compliments about something the target did. The attacker waits for the target to take the bait and elaborate on the subject.

Feigning ignorance

Attackers might make a wrong statement and then admit to not knowing much about the subject. The intent is to get the target to not only correct the attacker, but also explain in detail why the attacker is wrong.

Impersonation

Impersonation is pretending to be trustworthy and having a legitimate reason for approaching the target to ask for sensitive information or access to protected systems.

Interview vs interrogation

In the interview phase, the attacker lets the target do the talking while the attacker mostly listens. In this way, the attacker has the chance to learn more about the target and how to best extract information. In the interrogation phase, the attacker smoothly and naturally talks about the target's statements. The attacker is mostly leading the conversation with questions and statements that will flow in the direction the attacker needs to obtain information.

Environment

Place the attacker chooses for conducting the interview an interrogation: 1) Location should not be overly noisy or overly crowded 2) The environment should be relaxing and stress-free settings that puts the target at ease. 3) The attacker shouldn't sit between the target and the door. The target should never feel trapped in any way. 4) Lighting should be good enough for both parties to see each other clearly. This will allow the attacker to better read the target's micro expressions and movements. It will also inspire trust in the target. 5) Hacker pays attention to every change the target displays during the interview and interrogation. Hacker reads the target's physical cues to confirm the targets thoughts and feelings.

Preloading

Preloading is used to set up a target by influencing the target's thoughts opinions and emotions.

Pretexting

Pretexting is conducted research and information gathering to create convincing identities, stories, and scenarios to be used on selected targets.

Misinformation

The attacker makes a statement with the wrong details. The attacker's intent is for the target to provide the accurate details that the attacker wants to confirm. The more precise the details given by the attacker, the better the chance that the target will take the bait.

Opportunistic

Typically automated and involves scanning a wide range of systems for known vulnerabilities. Known vulnerabilities can include old software, exposed ports, poorly secured networks, and default configurations.


Kaugnay na mga set ng pag-aaral

Targeted Medical-Surgical: Endocrine

View Set

Lección 9 : Estructura: 9.1 (old)

View Set

Ch 29,30 Concept Check (Multiple Choice)

View Set

Chapter 13: Reformation & Religious Wars (16th century + first half of 17th c.)

View Set

FON CHAPTER 5 CULTURAL DIVERSITY

View Set