In which of the following Person-to-Person social engineering attacks does an attacker pretend to be
an outside contractor, delivery person, etc., in order to gain physical access to the organization?
A.
In person attack
B.
Third-party authorization attack
C.
Impersonation attack
D.
Important user posing attack
Explanation:
Person-to-Person social engineering works on the personal level. It can be classified as
follows:
Impersonation: In the impersonation social engineering attack, an attacker pretends to be someone
else, for example, the employee’s
friend, a repairman, or a delivery person.
In Person Attack: In this attack, the attacker just visits the organization and collects information. To
accomplish such an attack, the
attacker can call a victim on the phone, or might simply walk into an office and pretend to be a client
or a new worker.
Important User Posing: In this attack, the attacker pretends to be an important member of the
organization. This attack works
because there is a common belief that it is not good to question authority.
Third-Party Authorization: In this attack, the attacker tries to make the victim believe that he has the
approval of a third party. This
works because people believe that most people are good and they are being truthful about what
they are saying.