1.1 Flashcards
What is phishing
Social engineering with a touch of spoofing
What are the different ways phishing is delivered
Email, Text, Voice, etc
How to spot a phishing attempt
check url, spelling, different fonts, website graphics are different
What is TypoSquatting?
A type of URL hijacking that purposely uses misspelled domains for malicious purposes
What is prepending?
Adding an extra letter to the beginning of a url - ex. https://pprofessormesser.com
What is pretexting?
When attackers lie to get info out of a situation they created.
– Hi, we’re calling from Visa regarding an automated
payment to your utility service…
What is Pharming?
Redirecting a legit website to a fake/attackers bogus site
- Poisoned DNS server or client vulnerabilities
Combine Pharming with Phishing
Pharming - Redirecting everyone from a legit website to bogus site
Phishing - Collects access credentials from pharmed victims
side note:
- Difficult for anti-malware software to stop since everything appears legitimate to the user
What is Vishing?
Voice phishing - Done over the phone or voicemail
Whats the point of vishing?
For you to give up personal information that attackers can exploit
What is Smishing?
SMS Phishing - Done by texts
usually in the form of a link which attackers will use to get more information from you if clicked
What is Spear Phishing?
Targeted phishing at a specific individual or department within an organization that appears to be from a trusted source
What is Whaling?
Targeted phishing attack that targets high-profile employees
-CEO, CFO
What is impersonation?
Attackers pretending to be someone they aren’t
How to protect against impersonation?
Never give information like Passwords, or Personal Details
Verify before revealing information (Call back, verify through 3rd parties)
What is Dumpster Diving?
Searching through garbage for important information
How to protect against dumpster diving
Secure your garbage and shred/burn documents
What is Shoulder surfing?
Social engineering technique used to obtain information by looking over the victims shoulder
How to prevent shoulder surfing
Be aware of surroundings and use privacy filters on computer screens
What is a hoax?
A threat that doesn’t actually exist
- Often an email, facebook post, tweet, etc.
- Some will try to take your money
What is a watering hole attack?
An attack that infects a website often visited by the victim so the victim will become infected once visited again
How to defend against a watering hole attack?
Layered defense
Firewalls and IPS - Stop the network traffic before things get bad
Anti-virus/Anti-malware signature updates
What is spam?
Unsolicited messages from emails, online forums, etc.`
What is SPIM?
Spam over Instant Messaging
How to stop Spam?
Use an allowed list - Only receive emails from trusted senders (lots of maintenance)
SMTP standards checking - Block anyhting that doesn’t follow RFC standards
rDNS or Reverse DNS - Block emails where the senders domain doesn’t match the ip (a system would look at the incoming email and use rDNS to look for the known ip address of the website the email claims to be from and see if the known ip matches the ip from current email)
What is tailgating?
When an unauthorized person follows someone into a building
What are invoice scams?
Attacker will spear phish and find who pays the bills and will send an invoice directly to the victim asking them to pay a bill
What is credential harvesting?
- Also called password harvesting - attacker collects login credentials from the victim from their computer.
- Things like chrome, firefox, outlook etc. can save login/password and attackers will send an email to victim with malicious code that runs a macro which will harvest the login information and can even email it to the attackers
- Anti-virus and Anti-malware can detect this
