3.3 Analyze and differentiate among types of social-engineering attacks

Social engineering is a form of attack that exploits human nature and human behavior. Social-engineering attacks take two primary forms: convincing someone to perform an unauthorized operation or convincing them to reveal confidential information. For example, the victim may be fooled into believing that a received email is authoritative (such as an email hoax), a person on the phone is someone to be respected and obeyed (such as someone claiming to be from tech support or a manager offsite), or a person with them is who they claim to be (such as an A/C repair technician). In just about every case, a social-engineering attack tries to convince the victim to perform some activity ...

Get CompTIA Security+™: Review Guide, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.