1.1 Compare and contrast different types of social engineering tecchniques Flashcards
The process of attempting to obtain sensitive information in electronic communications.
Phishing
A social engineering attack that occurs over or through text messaging services.
Smishing
Phishing done over any telephony or voice communication system.
Vishing
Any type of email that is undesirable and/or unsolicited.
Spam
The transmission of unwanted communications over any messaging system that is supported by or occurs over the Internet.
Spim
A more targeted form of phishing where the message is crafted and directed specifically to an individual or group of individuals.
Spear Phishing
The act of digging through trash to obtain information about a target organization or individual.
Dumpster Diving
The observation of another users keyboard or viewing another users display.
Shoulder Surfing
The malicious redirection of a valid website’s URL or IP address to a fake website that hosts a false version of the original valid site.
Pharming
When an unauthorized entity gains access to a facility under the authorization of a valid worker but without their knowledge.
Tailgaiting
The activity of gathering or collection information from systems or people.
Eliciting Information
A form of spear phishing that targets specific high-value individuals, such as the CEO or other C-level executives, administrators, or high-net worth clients.
Whaling
The adding of a term, expression, or phrase to the beginning or header of some other communication.
Prepending
When you falsely claim to be someone else through the use of stolen information from the victim.
Identity Fraud
A social engineering attack that attempts to steal funds from an organization or individuals through the presentation of a false invoice often followed by strong inducements to pay.
Invoice Scams
The activity of collecting or stealing account credentials.
Credential Harvesting
Collecting information about a target, often for the purposes of figuring out the best plan of attack against that target.
Reconnaissance
A form of social engineering designed to convince targets to perform an action that will cause problems or reduce their IT security.
Hoax
The act of taking on the identity of someone else
Impersonation
A form of targeted attack against a region, a group, or an organization. It’s waged by poising a commonly accessed resource.
Watering Hole Attack
A practice employed to capture and redirect traffic when a user mistypes the domain name or IP address of an intended resource.
Typosquatting
A false statemen crafted to sound believable to convince you to act or respond.
Pretexting
Social engineering attacks that attempt to guide, adjust, or change public opinion, often waged by nation-states against their real or perceived foreign enemies.
Influence Campaigns
The combination of classical military strategy with modern capabilities, including digital influence campaigns, psychological warfare efforts, political tactics, and cyber warfare capabilities.
Hybrid Warfare (non-linear warfare)
Principles of Social Engineering
Authority, intimidation, consensus, scarcity, familiarity, trust, and urgency
A form of spear phishing that is often focused on convincing members of accounting to transfer funds, pay invoices, or purchase products from a message that appears to originate from a boss, manager, or executive.
Business Email Compromise (BEC)
When an unauthorized entity gains access to a facility under the authorization of a valid worker by tricking the victim into providing consent.
Piggybacking
The act of stealing someone’s identity. This can refer to the initial act of information gathering or elicitation. This can also refer to when those stolen credentials and details are used to tale over someone’s account.
Identity Theft
The practice of displaying a link or advertisement that looks like that of a well-known product, service or site, but when clicked redirects the user to an alternate location, service or product.
URL Hijacking
A means to redirect a user’s click or selection on a web page to an alternate often malicious target instead of the intended and desired location.
Clickjacking
A form of attack in which the attacker takes over an existing communication session.
Session Hijacking (TCP/IP Hijacking)
The collection of information about an individual or an organization to disclose the collected data publicly for the purpose of changing the perception of the target.
Doxing
A form of attack that exploits human nature and human behavior.
Social Engineering