1.1 Compare and contrast different types of social engineering techniques Flashcards
Phising
the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Smishing
the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.
Vishing
the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers.
Spam
This is unsolicited emails we get. These emails are getting us or wanting us to click some links to buy something
Spam over instant messaging (SPIM)
This is unsolicited instant messaging. This is when you pop open your IM and suddenly you’re getting messages all over the place.
Spear Phishing
the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.
Dumpster diving
Dumpster diving is the process of searching trash to obtain useful information about a person/business that can later be used for the hacking purpose
Shoulder surfing
Shoulder surfing is a practice where thieves steal your personal data by spying over your shoulder as you use a computer, laptop, ATM, public kiosk or other electronic device.
Pharming
A cyberattack intended to redirect a website’s traffic to another, fake site by installing a malicious program on the computer. Can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.
Tailgating
the passage of unauthorised personnel, either forced or accidental, behind that of an authorised user.
Eliciting Information
A technique used to discreetly gather information. The strategic use of casual conversation to extract information from people (targets) without giving them the feeling that they are being interrogated or pressed for the information.
Whaling
a highly targeted phishing attack - aimed at senior executives - masquerading as a legitimate email.
What is the difference between Spear Phising and Whaling?
whaling exclusively targets high-ranking individuals within an organization, while spear phishing usually goes after a category of individuals with a lower profile.
Prepending
adding code to the beginning of a presumably safe file. It activates when the file is opened.
Identity Fraud
A crime in which an imposter obtains key pieces of personally identifiable information (PII), such as Social Security or driver’s license numbers, to impersonate someone else.