Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Domain 1: Threats, Attacks, and Vulnerabilities > 1.1 > Flashcards

1.1 Flashcards

Compare and contrast different types of social engineering techniques.

1
Q

Is a type of cyber attack where attackers attempt to trick individuals into disclosing sensitive information. The attackers typically disguise themselves as trustworthy entities, using deceptive emails, messages, or websites to manipulate users into taking actions that they otherwise wouldn’t.

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is this list examples of?
1. Be Skeptical of Unsolicited communications
2. Check email sender information
3. Avoid clicking on suspicious links.
4. Verify Requests for Personal Information
5. If a website, check the URL. Additionally, there’s usually something not quite right on the website. (Spelling, fonts, graphics)

A

Ways to avoid Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How is phishing so successful?

A

Phishing is so successful because it is digital slight of hand.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Is a type of Phishing that is done through text. (SMS Phishing)

A

Smishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Is a type of Phishing that is done over the phone or voicemail. (Voice Phishing)

A

Vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Are unsolicited, irrelevant, or inappropriate messages sent over the internet. These messages are typically sent in large volumes to users, and they can take various forms, such as emails, instant messages, comments on websites, or social media posts.

A

Spam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Is a variation of SPAM that is delivered via instant messaging

A

Spam Over Instant Messaging (SPIM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Is phishing that targets a specific person or group of people. Is targeted phishing with inside information. Makes the attack more believable.

A

Spear Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Is the act of searching through garbage for personal information.

A

Dumpster Diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Is the practice of spying on someone’s computer screen or mobile device screen to obtain sensitive information.

A

Shoulder Surfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Is a cyber attack technique where attackers redirect the traffic of a legitimate website to a fraudulent or malicious website without the users’ knowledge. The goal of this attack is to collect sensitive information such as usernames, passwords, or financial details from unsuspecting users.

A

Pharming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When an unauthorized person uses an authorized person to gain access to a building.

A

Tailgating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The act of coercing information from the victim using social engineering and psychological techniques. For example, calls to and from a Help Desk can be used to go about _____________ .

A

Eliciting Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Targeted phishing with the possibility of a large catch. High-value targets are referred to as ‘Whales’, such as a CEO or CFO.

A

Whaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The act of adding something else to the beginning of an item. When used in a social engineering context, it is the act of supplying information to legitimize a request. Ex: An attacker can use ____________ by stating they were sent by the target’s boss, as a means to justify why the target should perform a specific action.

A

Prepending

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Is the use of fake credentials to achieve an end. An example, is pretending to be an official representative of a government agency.

A

Identity Fraud

17
Q

This type of scam uses a fake invoice in an attempt to get a company to pay for things it has not ordered. The ‘From: Address’ could be a spoofed version of the CEO’s. Involves a bit of spear phishing because the attacker knows who pays the bills.

A

Invoice Scams

18
Q

Involves the collection of login credentials. There are many stored credentials on your computer. (stored on Chrome, Firefox, Outlook, Windows Credential Manager, etc.) Can start from a phishing email that contains a malicious Microsoft Word doc. Opening the document runs a macro. The macro downloads credential-harvesting malware and the user would have no idea.

A

Credential Harvesting

19
Q

As an attacker, is the act of gathering information on a victim. Background information of a victim can be found through lead generation sites, social media, their corporate website, etc.

A

Reconnaissance

20
Q

Is a deceptive or misleading message or piece of information that circulates widely. Are designed to trick users into believing false claims or taking certain actions that may be harmful or disruptive.

A

Hoax

21
Q

When an attacker assumes a role that is recognized by the person being targeted. The attacker uses the victim’s biases against them.

A

Impersonation

22
Q

Is a type of attack in which attackers compromise a website or online resource that is frequently visited by a specific target group. The attackers inject malicious code into the website or use other means to exploit vulnerabilities, with the goal of infecting the computers of individuals who visit the site.

A

Watering Hole Attack

23
Q

Is an attack form that involves capitalizing upon common typographical errors. When there’s a slight change in spelling of a URL. Is designed to direct users to a malicious webpage.
Ex: Real URL - https://professormesser.com
Fake URL - https://professormessor.com

A

Typosquatting

24
Q

is a social engineering technique used by attackers to manipulate individuals into divulging sensitive information or performing certain actions. The attacker uses a pre-established fabricated scenario, often impersonating someone trustworthy, to deceive the target and gain access to confidential information.

A

Pretexting

25
Q

Are coordinated efforts by individuals, groups, or nation-states to manipulate information, shape public opinion, or influence decision-making processes through various digital means. These campaigns often leverage social media to spread disinformation, sow discord, or achieve specific political, social, or economic objectives.

A

Influence Campaigns

26
Q

Refers to a military strategy that combines conventional warfare, irregular warfare, and cyber warfare to achieve strategic objectives. In the context of cybersecurity, ____________ involves the integration of cyber operations with traditional military and non-military tactics to create a comprehensive and multifaceted approach to conflict. This approach blurs the lines between physical and virtual domains.

A

Hybrid Warfare

27
Q
  1. Authority
    a. The social engineer is in charge.
    Ex: “I’m calling from the office of the CEO. “
  2. Intimidation
    a. “You will be reprimanded if you don’t help.”
  3. Consensus/Social Proof
    a. Convince based on what’s normally expected.
    b. “Your coworker Jill did this for me last week.”
  4. Scarcity
    a. “The situation will not be this way for long. We must
    make the change before time expires.”
  5. Familiarity
    a. Someone you know.
    b. May have common friends.
  6. Trust
    a. Someone who is safe.
    b. “I’m from IT, and I’m here to help.”
  7. Urgency
    a. Works alongside scarcity.
    b. Act quickly, don’t think.
A

Principles (Reasons for Effectiveness) of Social Engineering

Domain 1: Threats, Attacks, and Vulnerabilities (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions