1.1 Compare and contrast different types of social engineering techniques. Flashcards
Smishing
Smishing is a type of phishing attack that uses social engineering to get personal information about someone using text messaging.
Phishing
type of social engineering attack often used to steal user data, including login credentials and credit card numbers.
Vishing
Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.
Spam
Spam is digital junk mail — unsolicited communications sent in bulk over the internet or through any electronic messaging system.
Spam over instant messaging (SPIM)
Spim is spam delivered through instant messaging (IM) instead of through e-mail messaging. Although less ubiquitous than its e-mail counterpart, spim is reaching more users all the time
Spear phishing
Spear phishing is an email targeted at a specific individual or department within an organization that appears to be from a trusted source.
Dumpster diving
Dumpster diving is looking for treasure in someone else’s trash. In the world of information technology (IT), dumpster diving is a technique used to retrieve information that could be used to carry out an attack or gain access to a computer network from disposed items.
Shoulder surfing
Shoulder surfing is an effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN at an ATM or pay for something using a credit card.
Pharming
Pharming is a cyberattack intended to redirect a website’s traffic to another, fake site by installing a malicious program on the computer.
Tailgating
Tailgating is a simple social engineering attack enabling hackers to gain access to a password-protected or otherwise off-limits physical location.
Eliciting information
technique used to discreetly gather information. That is to say, elicitation is the strategic use of casual conversation to extract information from people (targets) without giving them the feeling that they are being interrogated or pressed for the information.
Whaling
Image result for what is Whaling
Whaling is a highly targeted phishing attack - aimed at senior executives - masquerading as a legitimate email. Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.
Prepending
o add something to the beginning of something else, especially a piece of data (= information) to the beginning of a computer instruction: If the remote machine is Windows based, prepend the address with smb://. Also, extra, and in addition
Identity fraud
Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver’s license numbers, to impersonate someone else.
Invoice scams
nvoicing scams involve criminals trying to trick businesses into sending – or redirecting – a payment to a fraudulent account.
Credential harvesting
Credential Harvesting (or Account Harvesting) is the use of MITM attacks, DNS poisoning, phishing, and other vectors to amass large numbers of credentials (username / password combinations) for reuse.
Reconnaissance
reconnaissance is the practice of covertly
discovering and collecting information about a system. … Like many
cybersecurity terms, reconnaissance derives from military language,
where it refers to a mission with the goal of obtaining information
from enemy territory.
Hoax
Hoaxes are emails typically arriving in chain letter fashion that often describe impossible events, highly damaging malware or urban legends. Their intent is to frighten and mislead recipients and get them to forward to friends.
Impersonation
n impersonation attack is a type of fraud where an attacker poses as a trusted person to steal money or sensitive information from a company. Usually, these types of attacks come from individuals targeting high-level executives
Watering hole attack
A watering hole attack works by identifying a website that’s frequented by users within a targeted organisation, or even an entire sector, such as defence, government or healthcare. That website is then compromised to enable the distribution of malware.
Typosquatting
Typosquatting is a type of social engineering attack which targets internet users who incorrectly type a URL into their web browser rather than using a search engine. Typically, it involves tricking users into visiting malicious websites with URLs that are common misspellings of legitimate websites.
Pretexting
Pretexting is form of social engineering in which an attacker tries to convince a victim to give up valuable information or access to a service or system. The distinguishing feature of this kind of attack is that the scam artists comes up with a story — or pretext — in order to fool the victim.
Influence campaigns
Swaying the way people vote or think about someone, using fake accounts or a whole network of bullshit.
Influence campaigns—- Hybrid warfare
like cyberwar, military changing the news we watch,
not happening on the battlefield but is on the internet.
also the use of social Medea platforms
Authority
The social engineer is in charge e.g. I’m calling from the police or main office,
Intimidation
e.g. there will be bad things if you do not do what I say
Consensus
the social engineers may say “Bob did it last week can you do it for me this week”
Scarcity
social engineers may say the clock is ticking we are running out of time, or this is the last one and your boss wants it.
Urgency
works hand and hand with scarcity, make it sound like this needs to happen now.
familiarity
A social attacker may let on he or she is your buddy and they might let on they know someone you know.
Trust
attacker may try to gain trust