Flashcards - M9: Social Engineering

Define social engineering.

Manipulating individuals into revealing confidential information or performing actions that compromise security.

What is phishing?

A fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity via emails or messages.

Differentiate between spear phishing and whaling.

Spear Phishing: Targeted phishing at specific individuals/organizations.
Whaling: High-level targeting of executives or VIPs.

Give an example of physical social engineering.

Tailgating into a secure facility or impersonating a repair technician to gain access.

What is shoulder surfing?

Spying on someone’s screen or keyboard to steal login credentials or other sensitive info.

How can organizations mitigate social engineering risks?

Security awareness training, clear policies, email filtering, and phishing simulations.

Why do attackers often prefer social engineering?

Humans are generally easier to exploit than technical systems, bypassing many traditional defenses.