1.1 Flashcards
Typosquatting
Using a similar web name, but not exact, or add one extra letting in beginning (prepending)
Phishing is
Social engineering via email or text with a falsified url and some type of incorrect spelling, font or graphics.
Pretexting
Lying to get information, through a character they created for this scenario such as “we’re calling from Visa for auto payment of ur utilities”
Pharming
The take over a real site to redirect to a bogus site (poisoned dns or client vulnerabilities), opportunity now for both pharming and phishing
Vishing and Smishing
Voice phishing caller ID spoofing for fake security checks or bank updates
Or texted based spoofing where links are forwarded and asks for personal info
How attackers will set up phishing
Gather info on victim from social media sites, websites, the. Bud pretext on where one works, where on banks, financial transactions, family and friends. These targeted attacks are called spear phishing because it’s targeted
Explain spearphishing
Targeted attacks based on inside infor for potential of large sum of money. Ex type = Whaling for ceos and chiefs.
Impersonations
Actor and story to steal info based on a familiar name of a company. They use the pretext of a help desk, or higher rank or using a lot of technical terms
Eliciting information
After gain trust, they start to get the information such as personal info
Dumpster diving
To physically look through one’s trash to get personal info. It’s commonly legal in the US, but can’t break law to get access.
So shred, lock up, keep away from public assess
Shoulder surfing
Looking over shoulder physically to get information so use privacy filters to black screen, survey surroundings, keep monitor out of sight
Hoaxes
A fabricated situation that seems real but seems real that consumes time and resources. Often in email format, or social media post. Some are engineered to take money, even fake malware or fake updates for software.
Watering hole attacks
A third party host that an attacker will know sends and a receives Traffic, they will infect that third party and get info that way. A local coffee shop for example or a common industrial site. They will use a vulnerability infecting all traffic and Hopi g the target is part of the traffic
Spam
Email, forums, IM (spim), usually unsolicited messages through ads, marketing or malicious natured. Use allowed or filtered lists to counter or block anything non RFC standards (SMTP standards check), or rDNS (reverse dns) where blocks email where senders domain doesn’t match the iP addy. Then recipient filtering (block email not addressed to certain addresses). Finally tarpitting or slowing down server conversation to waste their time
Influencer campaigns
Hacking public opinion. Sometimes a nation state, advertising and uses social media. There are fake users, create content, and posted on SM. It amplifies message, so real users share and mass media follows.
Alters policy changes for example. This is cyber warfare
