1.1 Compare and contrast different types of social engineering techniques. Flashcards

1
Q

Smishing

A

Smishing is a type of phishing attack that uses social engineering to get personal information about someone using text messaging.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Phishing

A

type of social engineering attack often used to steal user data, including login credentials and credit card numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vishing

A

Voice phishing, or vishing, is the use of telephony to conduct phishing attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Spam

A

Spam is digital junk mail — unsolicited communications sent in bulk over the internet or through any electronic messaging system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Spam over instant messaging (SPIM)

A

Spim is spam delivered through instant messaging (IM) instead of through e-mail messaging. Although less ubiquitous than its e-mail counterpart, spim is reaching more users all the time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Spear phishing

A

Spear phishing is an email targeted at a specific individual or department within an organization that appears to be from a trusted source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Dumpster diving

A

Dumpster diving is looking for treasure in someone else’s trash. In the world of information technology (IT), dumpster diving is a technique used to retrieve information that could be used to carry out an attack or gain access to a computer network from disposed items.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Shoulder surfing

A

Shoulder surfing is an effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN at an ATM or pay for something using a credit card.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Pharming

A

Pharming is a cyberattack intended to redirect a website’s traffic to another, fake site by installing a malicious program on the computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Tailgating

A

Tailgating is a simple social engineering attack enabling hackers to gain access to a password-protected or otherwise off-limits physical location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Eliciting information

A

technique used to discreetly gather information. That is to say, elicitation is the strategic use of casual conversation to extract information from people (targets) without giving them the feeling that they are being interrogated or pressed for the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Whaling

A

Image result for what is Whaling
Whaling is a highly targeted phishing attack - aimed at senior executives - masquerading as a legitimate email. Whaling is digitally enabled fraud through social engineering, designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Prepending

A

o add something to the beginning of something else, especially a piece of data (= information) to the beginning of a computer instruction: If the remote machine is Windows based, prepend the address with smb://. Also, extra, and in addition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Identity fraud

A

Identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver’s license numbers, to impersonate someone else.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Invoice scams

A

nvoicing scams involve criminals trying to trick businesses into sending – or redirecting – a payment to a fraudulent account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Credential harvesting

A

Credential Harvesting (or Account Harvesting) is the use of MITM attacks, DNS poisoning, phishing, and other vectors to amass large numbers of credentials (username / password combinations) for reuse.

17
Q

Reconnaissance

A

reconnaissance is the practice of covertly
discovering and collecting information about a system. … Like many
cybersecurity terms, reconnaissance derives from military language,
where it refers to a mission with the goal of obtaining information
from enemy territory.

18
Q

Hoax

A

Hoaxes are emails typically arriving in chain letter fashion that often describe impossible events, highly damaging malware or urban legends. Their intent is to frighten and mislead recipients and get them to forward to friends.

19
Q

Impersonation

A

n impersonation attack is a type of fraud where an attacker poses as a trusted person to steal money or sensitive information from a company. Usually, these types of attacks come from individuals targeting high-level executives

20
Q

Watering hole attack

A

A watering hole attack works by identifying a website that’s frequented by users within a targeted organisation, or even an entire sector, such as defence, government or healthcare. That website is then compromised to enable the distribution of malware.

21
Q

Typosquatting

A

Typosquatting is a type of social engineering attack which targets internet users who incorrectly type a URL into their web browser rather than using a search engine. Typically, it involves tricking users into visiting malicious websites with URLs that are common misspellings of legitimate websites.

22
Q

Pretexting

A

Pretexting is form of social engineering in which an attacker tries to convince a victim to give up valuable information or access to a service or system. The distinguishing feature of this kind of attack is that the scam artists comes up with a story — or pretext — in order to fool the victim.

23
Q

Influence campaigns

A

Swaying the way people vote or think about someone, using fake accounts or a whole network of bullshit.

24
Q

Influence campaigns—- Hybrid warfare

A

like cyberwar, military changing the news we watch,
not happening on the battlefield but is on the internet.
also the use of social Medea platforms

25
Q

Authority

A

The social engineer is in charge e.g. I’m calling from the police or main office,

26
Q

Intimidation

A

e.g. there will be bad things if you do not do what I say

27
Q

Consensus

A

the social engineers may say “Bob did it last week can you do it for me this week”

28
Q

Scarcity

A

social engineers may say the clock is ticking we are running out of time, or this is the last one and your boss wants it.

29
Q

Urgency

A

works hand and hand with scarcity, make it sound like this needs to happen now.

30
Q

familiarity

A

A social attacker may let on he or she is your buddy and they might let on they know someone you know.

31
Q

Trust

A

attacker may try to gain trust