Common Social Engineer Things Every Beginner Should Know

1. Poor security practice:

- The user does not follow established security policies or processes.
- A result of a lack of security policies, procedures or training within the user's organization.
- An employee creates on good password and then uses it for all accounts.

2. When creating a password, users tend to use names of family, pets, or teams

3. Social engineers attempt to exploit the natural tendencies of people. They do this by first trying to evoke sympathy; if this fails, then by fear of confrontation

4. All of the following are techniques used by a social engineer

- An attacker replaces a blank deposit slip in a bank lobby with one containing his own account number.
- An attacker calls up the IT department posing as an employee and requests a password reset.
- An attacker sends a forged e-mail with a link to a bogus web site that has been set to obtain personal information.

5. An attacker watches people as they enter a building requiring a key card. He waits until he see someone who appears to be in a rush and has their hands full. He then intercepts the person, makes quick small talk, offers to help them hold what's in their hands while he swipes in, and follows behind. This is an example of Piggybacking.

6. A person parks his car by an ATM, sets up a small camera discreetly pointed at ATM keypad, and then pretends to be going through bank papers in his car. This would be an example of Shoulder surfing

7. Attackers need a certain amount of information before launching their attack. One common place to find information is to go through the trash of the target to find information that could be useful to the attacker. This process of going through a target's trash is known in the community as Dumpster diving

8. Installing unauthorized hardware such as a communication software and modem may cause a security breach and allow an intruder to have access to an organization's system by opening up a backdoor

9. "Users can't always be sure where the software came from and it may have hidden software inside of it" is the security risks of installing games on an organization's system.

10. All of the following are characteristics of a strong password

- Contains numbers and letters
- Contains at least eight characters
- Contains special characters, i.e., *%$#@

11. When an attacker attempts to get credit card numbers using telephone and voice technologies, it's called Vishing

12. First step for companies to take to fight potential social engineering attacks is establish policies and procedures dictating the roles and responsibilities all users, as well as security administrators

13. When and attacker tries to convince the target to initiate contact and then gets the target to give up confidential information, this is known as Reverse social engineering

14. Users on your network receive an e-mail warning them of a dangerous computer virus. It instructs the user to delete files it claims were put there by the virus, but they are actually critical system files. This is an example of a hoax