We are at our annual
corporate IT security training event and we are talking about social engineering. Which of these are
types of social engineering? (Select all that apply).
Social engineering uses people skills to bypass security controls. Attacks are often more
successful if they use one or more of these approaches: Authority (someone you trust or are afraid
of) - Look and sound like an authority figure, be in charge, this can be in a uniform or a suit.
Most effective with impersonation, whaling, and vishing attacks. Intimidation (If you don't bad
thing happens) - Virus on the network, credit card compromised, lawsuit against your company,
intimidation is most effective with impersonation and vishing attacks. Consensus (Following the
crowd, everyone else was doing it) - Fake reviews on a website, using consensus/social proof is most
effective with Trojans and hoaxes. Scarcity (If you don't act now, it is too late) - New iPhone out,
only 200 available, often effective with phishing and Trojan attacks. Urgency (It has to happen now
or else) - The company will be sued for $1,000,000 if these papers are not filled out before Friday,
often used with Phishing. Familiarity (Have a common ground, or build it) - Knowing something about
the victim ahead of time and then reference it can raises chances of a successful attack
drastically. People want to be helpful, if they feel like they know you they want to even more.
Often successful with vishing and in-person social engineering.