CISSP All Domains Practice test 13

Social engineering uses people skills to bypass security controls. Attacks are often more successful if they use one or more of these approaches: Authority (someone you trust or are afraid of) - Look and sound like an authority figure, be in charge, this can be in a uniform or a suit. Most effective with impersonation, whaling, and vishing attacks. Intimidation (If you don't bad thing happens) - Virus on the network, credit card compromised, lawsuit against your company, intimidation is most effective with impersonation and vishing attacks. Consensus (Following the crowd, everyone else was doing it) - Fake reviews on a website, using consensus/social proof is most effective with Trojans and hoaxes. Scarcity (If you don't act now, it is too late) - New iPhone out, only 200 available, often effective with phishing and Trojan attacks. Urgency (It has to happen now or else) - The company will be sued for $1,000,000 if these papers are not filled out before Friday, often used with Phishing. Familiarity (Have a common ground, or build it) - Knowing something about the victim ahead of time and then reference it can raises chances of a successful attack drastically. People want to be helpful, if they feel like they know you they want to even more. Often successful with vishing and in-person social engineering.