Which of the following are social engineering techniques?
Each correct answer represents a complete solution. Choose all that apply.
A.
Phishing
B.
Baiting
C.
Pretexting
D.
Salami attack
Explanation:
Following are social engineering techniques: Phishing: Phishing is a type of scam that entice a user to disclose personal information such as social security number, bank account details, or credit card number. An example of phishing attack is a fraudulent e-mail that appears to come from a user’s bank asking to change his online banking password. When the user clicks the link available on the e-mail, it directs him to a phishing site which replicates the original bank site. The phishing site lures the user to provide his personal information. Pretexting: Pretexting is a type of social engineering attack. It is the act of creating and using an invented scenario to persuade a targetedvictim to release information or perform an action and is typically done over the telephone. It is more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information (e.g. for impersonation: date of birth, Social Security Number, last bill amount) to establish legitimacy in the mind of the target. This technique is often used to trick a business into disclosing customer information, and is used by private investigators to obtain telephone records, utility records, banking records and other information directly from junior company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager (e.g., to make account changes, get specific balances, etc). Baiting: Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the victim. In this attack, the attacker leaves a malware infected floppy disk, CD ROM, or USB flash drive in a location sure to be found (like bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and curiosity- piquing label, and simply waits for the victim to use the device. Answer option D is incorrect. A salami attack is a series of minor attacks that collectively result in a larger attack. Computers are ideally suited to automating this type of attack. It is a form of cybercrime usually used for the purpose of committing financial crimes. In this type of attack, cybercriminals steal money or resources a bit at a time from financial accounts on a computer. Reference: http://en.wikipediA.org/wiki/Social_engineering_(security)