Gaining Access by Following an Authorized User

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Background: A coworker (who also happens to be a hacker) renamed or moved a file in order to fool his victim into believing the file does not exist. The co-worker pretends to assist the victim, speculating that he can help restore the file to its rightful location intact. The victim, who is eager to get back to work and avoid getting in trouble for the information loss, gratefully accepts. At this point, the co-worker/hacker says that the hacker can only accomplish the task by logging on as the victim—possibly even pointing out that it is against company policy and could get the co-worker/hacker into trouble. The victim will plead for their coworker to do whatever is necessary to restore the file, even if it is against company policy. Appearing to agree begrudgingly, the co-worker/hacker restores the file, and in the process swipes the victim’s login and password. This has two effects: first, the hacker bolsters his reputation among his co-workers and therefore can more easily access their machines and information, and second, the hacker may now skip past the regular support channels and go unnoticed as he enters the system with authorized login information.

Q: What is the above attack called?

a. Dumpster diving

b. Piggybacking

c. Tailgating

d. Reverse social engineering

View Topics

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?