Edvinas Urbasius

Cybersecurity Consultant

Press ESC to close

Work from Home

CompTIA Security+ Notes – Part 4

As I mentioned, I am preparing for the CompTIA Security+ exam and making many notes on this page for future reference. The first sub-topic was named: Compare and contrast different types of social engineering techniques. I am continuing on this sub-topic.

Social engineering is an activity that tries to manipulate and abuse people. Social engineers try to influence people to achieve their objectives. For that to happen, specific principles have to be applied.

Here is a list of those: 

  • Authority
    • This principle relies on the fact that most people will obey authority. For example, in Stanley Milgram’s experiment where ordinary people shocked total strangers with electricity because the experiment organizer seemed like an authority figure. They gave in to his demands.
  • Intimidation
    • This principle relies on the fact that most people can get scared quickly. A social engineer might use bullying and intimidation tactics to achieve his goals. 
  • Consensus
    • This principle relies on the fact that most people do what others do to be part of a group. With these tactics, social engineers can use scenarios like everyone already clicked on that link, and only you are slowing down the process. 
  • Scarcity
    • This principle relies on the fact that scarce things are more attractive. For example, when advertising some products at a discount. Salespeople love to intimidate consumers about limited availability. Social engineers like to use the scarcity principle as well.
  • Familiarity
    • This principle relies on the fact that to like things. From a social engineering perspective, a person can like an organization or an individual representing a company. Such blind trust can lead to harmful consequences when a social engineer is not who he claims to be.
  • Trust
    • This principle is very similar to the familiarity principle. However, the difference is that a social engineer is actively working to create that trust, like a spy working on his victim.
  • Urgency
    • This principle relies on the fact that some action has to be taken right now, this very moment. With such a rush, harmful things can happen.

That concludes the first subsection of the Threats, Attacks, and Vulnerabilities module. The next set of texts will analyze potential indicators to determine the type of attack. 

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright All Rights Reserved 2022 Theme: Puskar by Template Sell.