A penetration tester recently performed a social-engineering attack in which the tester found an employee of the target company at a local coffee shop and over time built a relationship with the employee. On the employee's birthday, the tester gave the employee an external hard drive as a gift.
Which of the following social-engineering attacks was the tester utilizing?
C
Reference:
https://phoenixnap.com/blog/what-is-social-engineering-types-of-threats
Baiting involves leaving a bait or a tempting item, such as a USB drive, in a public place to see if someone will pick it up and use it. In this scenario, the attacker built a relationship with the employee over time and gave the employee an external hard drive as a gift on their birthday, which is a form of baiting. The attacker may have placed malware on the external hard drive or may have gained access to sensitive information when the employee used the drive on their work computer.
I laughed pretty hard at this one. It's a bit diabolical
Gotta respect the commitment
C. Baiting The penetration tester was utilizing a baiting social-engineering attack in which the tester builds a relationship with the employee over time and eventually gives the employee an external hard drive as a gift. Baiting is a type of social engineering attack in which the attacker lures the victim into performing an action, such as clicking on a link or opening an attachment, by offering something of value, such as a gift or a prize. Phishing is a type of social engineering attack that uses email or other electronic communication methods to trick victims into giving away sensitive information or clicking on a link that leads to malware. Tailgating is a type of social engineering attack in which an attacker follows an authorized person through a secure door or other access point without proper authorization. Shoulder surfing is a type of social engineering attack in which an attacker uses visual means to gather information by watching a victim enter sensitive information.
Some would say the pentester is a master baiter
One must pass certain tests to gain the title "Master" though :( - Darth Baiter