1.1 Flashcards
What is an attack characterized by the attacker trying to get the victim to click on a link or log-in to an illegitimate website?
PhishingPhishing
What is an attack characterized by the attacker trying to exploit the victim via text message?
Smishing
What is an attack characterized by the attacker trying to exploit the victim via a phone call or What is an attack characterized by the attacker trying to exploit the victim via a phone call or voicemail??
Vishing
An attack that is focused on a large group rather than an individual within the group
Pharming
An attack that is characterized by creating a false URL that is almost identical to a legitimate URL, except it has an extra letter in the beginningPrepending
Prepending
The process of the attacker gathering information about the victim
Reconnaissance
An attack that is characterized by creating a fake URL that is very similar to a legitimate URL, except it has an easy-to-miss misspelling.
Typosquatting
An attack that involves setting up the scenario by lying to the victim
Pretexting
____________ is a common causation of a pharming attack.
Poisoned DNS server
Poisoned DNS server
Caller ID Spoofing
A targeted attack with inside information that makes the attacker more believable.
Spear phishing
An attack characterized by the attacker faking to be someone they aren’t.
Impersonation
The process of an attacker extracting information from the victim.
Eliciting information
An attack where the victim’s identity has been exploited.
Identity fraud
3 types of identity fraud
Credit card fraud
Bank fraud
Loan fraud
An attack characterized by the attacker gaining information about the victim by going through their trash.
Dumpster diving
An attack characterized by the attacker gaining information by looking at the victim’s computer screen without the victim’s knowledge.
Shoulder surfing
A threat that seems real, but isn’t real.
Hoax
A third party location or website that attackers exploit in hopes that their target victims will use the location/website and become infected.
Watering Hole Attack
Unsolicited messages that likely could infect a user if interacted with.
Spam
Spam that is received through a messaging platform.
Spam over instant messaging (SPIM)
The Influence Process
Fake users create content > post to social media > amplify the message > real users see and share the message > Mass media picks up the story and spreads it everywhere
A type of influence campaign that involves changing the way other people think through technology (i.e. cyberwarfare)
Hybrid Warfare
When an unauthorized individual enters a secure area by following someone through a secured door.
Tailgating
An attack where the attacker focuses on the individual that handles financial transactions.
Invoice scams
An attack that involves the attacker attempting to access the victim’s login information via. the computer’s storage system.
Credential harvesting
An attack where the attacker specifically targets an important individual that has access to a lot of important information.
Whaling
The role of authority in social engineering.
The attacker pretends to be someone important to pressure the victim into giving up important information.
The role of intimidation in social engineering.
The attacker threatens the victim in order to gain access to important information.
The role of consensus in social engineering.
The attacker tries to convince the victim that what they are requesting is normal/no big deal.
The role of scarcity & urgency in social engineering.
The attacker indicates that the information must be given or the change must be made before it’s too late.
The role of familiarity & trust in social engineering.
The attacker tries to be friendly with the victim to the point where the victim trusts them.
