Free Preparation Discussions
MENU
ISC2 Exam ISSAP Topic 4 Question 21 Discussion
Topic #: 4
In which of the following Person-to-Person social engineering attacks does an attacker pretend to be an outside contractor, delivery person, etc., in order to gain physical access to the organization?
Impersonation: In the impersonation social engineering attack, an attacker pretends to be someone else, for example, the employee's
friend, a repairman, or a delivery person.
In Person Attack: In this attack, the attacker just visits the organization and collects information. To accomplish such an attack, the
attacker can call a victim on the phone, or might simply walk into an office and pretend to be a client or a new worker.
Important User Posing: In this attack, the attacker pretends to be an important member of the organization. This attack works
because there is a common belief that it is not good to question authority.
Third-Party Authorization: In this attack, the attacker tries to make the victim believe that he has the approval of a third party. This
works because people believe that most people are good and they are being truthful about what they are saying.
Currently there are no comments in this discussion, be the first to comment!