📚 Quick Study Guide
- 🕵️♀️ Social Engineering: This isn't about hacking computers directly; it's the art of manipulating people into performing actions or divulging confidential information. It exploits human psychology, trust, and curiosity.
- 🎣 Phishing: A common tactic where attackers send fraudulent communications (emails, texts, calls) appearing to be from a reputable source. The goal is to trick recipients into revealing sensitive data like passwords or credit card numbers, or to deploy malware.
- 🎭 Pretexting: This involves creating a fabricated scenario, or 'pretext,' to engage a target and extract information. Attackers often impersonate authority figures (e.g., IT support, bank officials) to build trust and urgency.
- 🎁 Baiting: Similar to phishing, but it involves offering something enticing to lure victims into a trap. This could be a 'free' movie download, a USB stick left in a public place, or an attractive online ad that, when clicked, installs malware.
- 🤝 Quid Pro Quo: Latin for 'something for something.' An attacker promises a benefit (e.g., technical support, a prize, an upgrade) in exchange for information (like login credentials) or an action (like disabling security software).
- 🚶♂️ Tailgating/Piggybacking: Gaining unauthorized physical access to a restricted area by following closely behind someone who has legitimate access, often by pretending to be with them or distracted.
- 🛡️ Prevention Strategies: Always be skeptical of unsolicited requests for information, verify the identity of the requester through an independent source, use strong and unique passwords, enable multi-factor authentication, and avoid clicking suspicious links or downloading unknown files.
🧠 Practice Quiz
- Which social engineering technique involves creating a fake scenario to trick someone into giving information?
A. Phishing
B. Baiting
C. Pretexting
D. Quid Pro Quo - A student finds a USB drive labeled 'Final Exam Answers' in the school library and plugs it into their laptop. What type of social engineering is this?
A. Phishing
B. Baiting
C. Tailgating
D. Pretexting - An email appears to be from your school's IT department, asking you to click a link to 'verify your account' or it will be deleted. This is an example of:
A. Pretexting
B. Phishing
C. Quid Pro Quo
D. Tailgating - A caller claiming to be from your bank asks for your online banking password to 'resolve a suspicious transaction' on your account. What social engineering tactic are they using?
A. Baiting
B. Tailgating
C. Phishing
D. Pretexting - What is the primary goal of social engineering?
A. To physically damage computer hardware
B. To manipulate individuals into divulging confidential information or performing actions
C. To brute-force passwords
D. To spread computer viruses without human interaction - A person holds open a locked door for someone carrying several boxes, assuming they work in the building. This could be an example of:
A. Phishing
B. Baiting
C. Tailgating
D. Pretexting - Which of the following is the BEST way to protect yourself from social engineering attacks?
A. Always trust emails from familiar logos
B. Share your password only with close friends
C. Verify requests for sensitive information through an independent channel
D. Click on all links that promise free rewards
Click to see Answers
1. C. Pretexting
2. B. Baiting
3. B. Phishing
4. D. Pretexting
5. B. To manipulate individuals into divulging confidential information or performing actions
6. C. Tailgating
7. C. Verify requests for sensitive information through an independent channel
