1.1 Compare and contrast different types of social engineering techniques Flashcards

1
Q

Phising

A

the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Smishing

A

the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vishing

A

the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Spam

A

This is unsolicited emails we get. These emails are getting us or wanting us to click some links to buy something

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Spam over instant messaging (SPIM)

A

This is unsolicited instant messaging. This is when you pop open your IM and suddenly you’re getting messages all over the place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Spear Phishing

A

the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Dumpster diving

A

Dumpster diving is the process of searching trash to obtain useful information about a person/business that can later be used for the hacking purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Shoulder surfing

A

Shoulder surfing is a practice where thieves steal your personal data by spying over your shoulder as you use a computer, laptop, ATM, public kiosk or other electronic device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Pharming

A

A cyberattack intended to redirect a website’s traffic to another, fake site by installing a malicious program on the computer. Can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Tailgating

A

the passage of unauthorised personnel, either forced or accidental, behind that of an authorised user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Eliciting Information

A

A technique used to discreetly gather information. The strategic use of casual conversation to extract information from people (targets) without giving them the feeling that they are being interrogated or pressed for the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Whaling

A

a highly targeted phishing attack - aimed at senior executives - masquerading as a legitimate email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the difference between Spear Phising and Whaling?

A

whaling exclusively targets high-ranking individuals within an organization, while spear phishing usually goes after a category of individuals with a lower profile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Prepending

A

adding code to the beginning of a presumably safe file. It activates when the file is opened.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Identity Fraud

A

A crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver’s license numbers, to impersonate someone else.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Invoice Scam

A

These scams happen when adversaries trick individuals into transferring funds by acting as legitimate companies.

17
Q

Credential Harvesting

A

the use of MITM attacks, DNS poisoning, phishing, and other vectors to amass large numbers of credentials (username / password combinations) for reuse.

18
Q

Reconnaissance

A

The practice of covertly discovering and collecting information about a company, network, or system.

19
Q

Hoax

A

A threat that doesn’t actually exist, But they seem like they COULD be real. Often an email, but can be a Facebook wall post, or tweet, or…
Will attempt take your money, but not necessarily through electronic means.

20
Q

Impersonation

A

A form of fraud in which attackers pose as a known or trusted person to dupe an employee into transferring money to a fraudulent account, sharing sensitive information (such as intellectual property, financial data or payroll information), or revealing login credentials that attackers can used to hack into a company’s computer network.

21
Q

Watering Hole Attack

A

A security exploit where the attacker infects websites that are frequently visited by members of the group being attacked, with a goal of infecting a computer used by one of the targeted group when they visit the infected website.

22
Q

Typosquatting

A

A type of attack which targets internet users who incorrectly type a URL into their web browser rather than using a search engine. Typically, it involves tricking users into visiting malicious websites with URLs that are common misspellings of legitimate websites.

23
Q

Pretexting

A

A type of social engineering attack that involves a situation created by an attacker in order to lure a victim into a vulnerable situation and to trick them into giving private information, specifically information that the victim would typically not give. Has been described as the first stage of social engineering, and has been used by the FBI to aid in investigations. A specific example of is reverse social engineering, in which the attacker tricks the victim into contacting the attacker first

24
Q

What are the two methods of influence campaigns?

A

Social media and Hybrid warfare

25
Q

Influence Campaigns: Social Media

A

This might be a completely legitimate person who’s trying to present a particular political perspective or a social issue, but this might also be someone trying to manipulate how people are thinking in a particular area. This is very commonly an attacker from a nation-state that is trying to change the way that people are voting and the way that people are thinking in a particular country.

Sometimes, these bad actors will spend a lot of money on advertising as a way to change the opinion of people who may be reading things online. Some of the most powerful influence campaigns use more than just a single person. They use an entire system to amplify that message and get it into the eyes and the ears of many people.

26
Q

Influence Campaigns: Hybrid Warfare

A

You might have one country that is trying to change the way that people are thinking in another country. And if people change the way they’re thinking, then they’ll ask their elected officials to vote on particular policies in a particular way. This is not a new process. Militaries all over the world have tried to make this happen in different countries. But the internet changes the way that they’re able to get that message out.

27
Q

What are the Principles of Social Engineering and influence?

A
  • Authority
  • Intimidation
  • Consensus
  • Scarcity
  • Familiarity
  • Trust
  • Urgency
28
Q

Social Engineering Principles: Authority

A

A social engineering principle where the social engineer pretends to be someone who either has a higher clearance or a special clearance in order to get the target to provide information or access that they normally would not give.
– I’m calling from the help desk/office of the CEO/police/Lawyers/Government etc

29
Q

Social Engineering Principle: Intimidation

A

A principle of Social Engineering where the attacker says something catastrophic will happen if the target doesn’t do a certain task or give information that they normally would not give. And it may not be something that is directly focused on you, it may instead be a situation that is intimidating. They might say that bad things will happen if you don’t help, or it could be something as simple as saying, the payroll checks aren’t going to go out unless I get this information from you.

30
Q

Social Engineering Principle: Consensus or Social Proof

A

A social engineer using other people and what they’ve done to try to justify what they’re doing. They might tell you that your coworker was able to provide this information last week. They’re not in the office now so it’s something that maybe you could provide for them

31
Q

Social Engineering Principle: Scarcity and Urgency

A

This particular situation is only going to be this way for a certain amount of time, we have to be able to resolve this issue before this timer expires. Act without thinking because time is running out.

32
Q

Social Engineering Principle: Familiarity

A

They become your friend. They talk about things that you like, and by doing that, they make you familiar with them on the phone and make you want to do things for them. Someone you know, we have common friends. We went to the same school, grew up in the same town etc..

33
Q

Social Engineering Principle: Trust

A

He’s going to try to tell you that he’s going to be able to solve all of your problems. He’s going to be able to fix all of these issues. You just need to provide the information he’s asking for.
someone who is safe. I’m from IT, and I’m here to help.