CompTIA Security+ (SY0-701) S5 Social Engineering H

Impersonation = Pretending to be someone else, including brand impersonation, typo-squatting, and watering hole attacks Pretexting = Creating a fabricated scenario to manipulate targets, impersonating trusted figures to gain trust Phishing = Frauds and scams that deceive people into parting with money or valuable information Influence Campaigns = Spreading misinformation and disinformation, impacting politics, economics, etc.

Diversion Theft = A type of social engineering attack Hoaxes = A deceptive practice to deceive people into parting with money or valuable information Shoulder Surfing = A social engineering attack involving stealing information by looking over someone's shoulder Baiting = A fabricated scenario to manipulate targets, impersonating trusted figures to gain trust

Vishing = A type of phishing attack Smishing = A deceptive practice to deceive people into parting with money or valuable information Spear Phishing = Focused phishing attack targeting a specific individual or organization Whaling = Phishing attacks targeting high-profile individuals or executives

Familiarity and Likability = Motivational trigger used by social engineers Consensus and Social Proof = Motivational trigger used by social engineers Authority and Intimidation = Motivational trigger used by social engineers Scarcity and Urgency = Motivational trigger used by social engineers

Authority = Most people are willing to comply and do what you tell them if they believe it is coming from somebody in a position of authority Urgency = Compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly or prioritize certain actions Social Proof = Psychological phenomenon where individuals look to the behaviors of others to determine their own decisions or actions Scarcity = Psychological pressure people feel when they believe a product, opportunity, or resource is limited or in short supply

Impersonation Attack = Adversary assumes the identity of another person to gain unauthorized access or steal sensitive data Brand Impersonation = Attacker pretends to represent a legitimate company or brand using logos, language, and information to create deceptive communications or website Typosquatting = Attacker registers a domain name similar to a popular website with common typographical errors Pretexting = Gives some amount of information that seems true so that the victim will give more information

Phishing = Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information Spear Phishing = More targeted form of phishing used by cybercriminals who are tightly focused on a specific group of individuals or organizations, with a higher success rate Whaling = Form of spear phishing that targets high-profile individuals like CEOs or CFOs for potentially greater rewards, often as an initial step to compromise an executive’s account for subsequent attacks within their organization Watering Hole Attacks = Targeted cyber attack where attackers compromise a specific website or service known to be used by their target

Regular user security awareness training = Providing education on various phishing techniques Use of anti-phishing tools = Tools to aid in identifying and preventing phishing attacks Examination of URLs and email addresses = Verifying the authenticity of web links and sender addresses Fact checking and critical thinking skills when encountering potential hoaxes = Critical evaluation of information to identify deceptive content

Diversion theft = Manipulating situations to steal valuable items or information Shoulder surfing = Stealing information by looking over someone's shoulder Dumpster diving = Searching through trash for valuable information Hoaxes = Malicious deception spread through communication channels, often paired with phishing attacks

Fraud = Criminal deception intended for financial or personal gain Identity fraud = Unauthorized use of another person's personal information for deception or financial gain Identity theft = Assuming the victim's identity for fraudulent activities Influence campaigns = Coordinated efforts to shape public perception or behavior towards a cause, individual, or group

Eavesdropping = Secretly listening to private conversations Baiting = Leaving a malware-infected physical device to be found by a victim Piggybacking = Unauthorized person following an authorized person into a secure area Tailgating = Unauthorized person attempts to follow an employee through an access control point

Encrypting data in transit = Prevent eavesdropping Training users to not use devices they find = Prevent baiting Access control vestibule or access control point = Prevent tailgating Convincing an authorized employee to swipe their own access badge = Prevent piggybacking

Eavesdropping = Intercepting communication without knowledge Baiting = Leaving a malware-infected physical device to install malware unknowingly Piggybacking = Convincing an authorized employee to swipe their own access badge Tailgating = Following an employee into a secure area without authorization

Eavesdropping = Encrypting data in transit Baiting = Training users to not use devices they find Piggybacking = Preventing unauthorized entry at access control points Tailgating = Training employees on access control procedures