1 - 4: Social Engineering Attacks Flashcards
Social engineering
Manipulating people into divulging information or performing an action that undermines security
Main reasons social engineering is successful
Authority, Intimidation, Consensus, Scarcity, Urgency, Familiarity
Phishing
Soliciting valuable information or credentials using social engineering techniques through email
Spear Phishing
Targeting phishing attempts by adopting names, language, and terms familiar to the target
Spam
Unsolicited Commercial Email
Whaling
Spear phishing attacks aimed at organization executives
Pharming
A false website which appears like a legitimate one designed to prompt users attempting to access a real site
Vishing
Voice phishing by calling unsuspecting victims, posing as helpdesk or requesting a website visit
Smishing
Phishing sent through instant messaging services
Spoofing
Faking an identity when sending phishing
Pretexting
Contacting a third party vendor impersonating a legitimate customer
Watering hole
Compromising a commonly used website, bundling in a botnet, adding malware, then waiting for infected systems to contact
Shoulder surfing
Looking over a victim’s shoulder to find confidential information
Dumpster diving
Looking for sensitive information in trash
Tailgating
Following someone with access to take advantage of their entry
