6.6. Explain the concept of and how to reduce the risks of social engineering.
Social engineering is a form of attack that exploits human nature and human behavior. Social-engineering attacks take two primary forms: convincing someone to perform an unauthorized operation or to reveal confidential information. For example, the victim may be fooled into believing that a received e-mail is authoritative (such as an e-mail hoax), a person on the phone is someone to be respected and obeyed (such as someone claiming to be from tech support or a manager offsite), or a person with them is who they claim to be (such as an A/C repair technician). In just about every case, a social-engineering attack tries to convince the victim to perform some activity ...
Get CompTIA Security+™: Review Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.