Preview

03 - Social engineering

 1. Social engineering, in the context of information security, refers to ….
Note: The video is optional, and provides an interesting insight into social engineering

  socially engineering bots (robots) to steal and deliberately corrupt data

  manipulation of computers to derive social or personal data and engineering it for one's own needs

  psychological manipulation of people into performing actions or divulging confidential information

  engineering social networking sites that are designed to trap and seriously harm a user

 2. You could think of social engineering as a type of confidence trick for the purpose of information gathering, fraud, or system access

  FALSE

  TRUE

 3. The attacks used in social engineering can be used to steal employees' confidential information. One common type of social engineering …

  happens via the download of Microsoft products

  happens over the phone

  happens between machines

  happens via privately secured skype calls

 4. Another example of social engineering is a criminal posing as exterminators, fire marshals and technicians to go unnoticed and…

  steal anti virus software

  steal company secrets

  steal engineering devices (e.g. cranes)

  steal nothing

 5. A hacker contacts a person via facebook, gains their trust and is given their bank details. Which statement is most accurate?

  This is an example of white box testing as the hacker is known to the target user

  This is an example of social engineering

  This is not an example of social engineering as it involves hackers and trust

  This is an example of penetration testing

 6. Social engineering relies heavily on the 6 principles of influence established by Robert Cialdini .Fill in the first blank
#1 ______________ – People tend to return a favor, thus the pervasiveness 
of free samples in marketing. 


#2 Commitment and consistency – If people commit, orally or in writing, 
to an idea or goal, they are more likely to honor that commitment because of establishing that idea or goal as being congruent with their self-image. Even if the original incentive or motivation is removed after they have already agreed, they will continue to honor the agreement. Cialdini notes Chinese brainwashing of American prisoners of war to rewrite their self-image and gain automatic unenforced compliance. Another example is children being made to repeat the Pledge of Allegiance each morning and why marketers make you close popups by saying “I’ll sign up later” or "No thanks, I prefer not making money”.


#3 Social proof – People will do things that they see other people are doing. 
For example, in one experiment, one or more confederates would look up into the sky; 
bystanders would then look up into the sky to see what they were seeing. 
At one point this experiment aborted, as so many people were looking 
up that they stopped traffic. See conformity, and the Asch conformity experiments.

#4 Authority – People will tend to obey authority figures, even if they are 
asked to perform objectionable acts. Cialdini cites incidents such as 
the Milgram experiments in the early 1960s and the My Lai massacre.


#5 Liking – People are easily persuaded by other people that they like. 
Cialdini cites the marketing of Tupperware in what might now be called 
viral marketing. People were more likely to buy if they liked the person 
selling it to them. Some of the many biases favoring more attractive people 
are discussed. See physical attractiveness stereotype.


#6 Scarcity – Perceived scarcity will generate demand. For example, 
saying offers are available for a "limited time only" encourages
sales.

  Retarded

  Reciprocity

  Retribution

  Retention

 7. Which of the following are also forms of social engineering?

  All of the above

  phishing and pharming

  shouldering

  blagging

 8. An example of blagging is a hacker calling a company and pretending to be their network manager.
Blagging is the art of convincing an individual you are someone else in order to obtain sensitive information

  FALSE

  TRUE

 9. Receiving a phone call explaining that you have won a prize but need to deposit money in order to claim it is an example of:

  shouldering

  pharming

  blagging

  phishing

 10. Phishing emails look to obtain passwords or bank details. The hacker may send a …

  unprofessional looking image which is obviously a virus to their victim, hoping for a click

  None of the above

  professional looking email to their victim that appears to be from their bank (but is not)

  long love letter to their victim, hoping to gain their trust

 11. A way of ensuring that you are not fooled by a phishing email is to:

  Check to see if the email looks impersonal as most phishing emails are sent out in bulk

  Contact your bank (or company) to verify the email was really from them

  Carefully check that the email is valid and genuine

  All of the above

 12. Pharming is terrifying because the email can be legitimate but clicking on the link takes you to a hacker's website. How?

  The hacker may modify certain files on your computer or hack the DNS server

  The hacker may be the owner of the internet so knows it all

  This cannot be done

  All of the above

 13. ____________ is when the perpetrator obtains information while watching you use the device they want access to.

  phishing

  pharming

  shouldering

  blagging

 14. Baiting is like the real-world Trojan horse that uses physical media and relies on the _____________ of the victim

  religion or ethnicity

  curiosity or greed

  health and wealth

  wickedness and technological ability

 15. Organisations can reduce their security risks by:

  Training employees in security protocols relevant to their position

  Establishing clear company security protocols (rules) and procedures for handling sensitive data

  Performing unannounced periodic tests of the security framework

  All of the above