Social Engineering Cheat Sheet: The 7 Triggers
Attackers rely on these psychological "short-circuits" to make people act without thinking. Memorizing these is essential for the Security+ exam.
Trigger | How it Works | Example Scenario |
Authority | Relying on rank or position to demand compliance. | "This is the CEO, I need the payroll file immediately." |
Urgency | Creating a time-limited "crisis" to prevent logical thinking. | "Your account will be deleted in 10 minutes. Click here." |
Social Proof / Consensus | Claiming everyone else is already doing it. | "80% of your coworkers have already signed this petition." |
Scarcity | Making an offer or resource seem limited. | "Only 2 spots left for the company bonus program." |
Likability / Familiarity | Being friendly or using a known name to build trust. | "Hey, I'm the new guy in IT. Can you help me out?" |
Fear | Threatening negative consequences for non-compliance. | "Failure to update your PC will result in a disciplinary write-up." |
Reciprocity | Giving a small "gift" so the victim feels they owe a favor. | "I helped you with your printer, could you just let me in the door?" |
1. A caller pretends to be from the "Global Security Response Team" to get a password. Which trigger?
A) Scarcity
B) Authority
C) Consensus
2. An email says, "The first 5 people to click this link get a $50 gift card." Which trigger?
A) Scarcity
B) Social Proof
C) Authority
3. A person waits at the smoking area, chats with an employee, and then follows them in through the badge-access door. This is:
A) Tailgating
B) Piggybacking
C) Shoulder Surfing