1.1 Social Engineering Flashcards

1
Q

Define Phishing

A

Tricking someone into providing personal or valuable information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Smishing

A

Phishing via text/SMS messages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vishing

A

Phishing via voice calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Spam (2 types)

A
  1. Non-malicious unsolicited advertisements which consume hardware resources and flood users’ inboxes
  2. Malicious containing link to launch other attacks, such as phishing or malware downloads
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Spam over Instant Messaging (SPIM)

A

Spam-like messages delivered via instant messaging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Spear Phishing

A

A phishing attack targeting a specific person and crafted using reconnaissance and pretexting to make it more believable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define Dumpster Diving

A

Obtaining valuable information from documents disposed in the garbage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Shoulder Surfing

A

Obtaining valuable information from looking at someone’s screen or monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define Pharming

A

Compromising a DNS server so that users are directed to an alternate malicious site, instead of the valid site for the URL requested

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define Tailgating

A

Gaining unauthorized access to a restricted area by following someone in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define Eliciting information

A

the subtle extraction of information during an apparently normal and innocent conversation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define Whaling

A

spear phishing attack targeting an executive, such as getting bank information from the CFO or head of accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Define Prepending

A

Creating a malicious URL by adding character(s) to the beginning of it, i.e. wwellsfargo.com, to fool people

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define Identity Fraud

A

Gaining information to setup or access accounts as the identity of another person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define Invoice scams

A

Sending valid-looking invoices to the accounting department to obtain payment for services not actually rendered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define Credential Harvesting

A

Using macros or malware to steal credentials saved in other applications, such as Chrome, silently in the background

17
Q

Define Reconnaissance

A

gathering information, either passively or actively, to prepare an attack
i.e. looking at someone’s social media or running a port scan

18
Q

Define Hoax and provide 2 examples

A
  1. a situation that is not real, but looks real, for malicious intent
  2. pop-up to download false virus protection or software updates
19
Q

Define Impersonation

A

A threat actor pretending to be someone else to facilitate an attack or obtain information

20
Q

Define Watering hole attack

A

Using a third-party to attack an organization, i.e. infecting the online ordering website of a restaurant nearby that employees regularly order from

21
Q

Define Typosquatting

A

Using common spelling mistakes of valid URLs to create malicious websites, i.e. weellsfargo.com

22
Q

Define Pretexting

A

Creating a believable lie to facilitate an attack, such as a phishing attack

23
Q

Influence Campaign - Hybrid warfare & Social Media

A

Influencing policy changes by creating fake social media accounts to spread a narrative that is then picked up and spread by valid influential sources, can be used instead of military action to change an opposing nation/state

24
Q

Define Strategy - Authority

A

Invoking a source of authority to elicit information or an action, i.e. calling from the CEO’s office, or IT support

25
Q

Define Strategy - Intimidation

A

Using intimidation to elicit information or an action, i.e. payroll won’t go out if you don’t….

26
Q

Define Strategy - Consensus

A

Saying something like “Co-worker Jill did this for me last week so can you …. ?”

27
Q

Define Strategy - Scarcity

A

Something will go away if you don’t do this for me now

28
Q

Define Strategy - Familiarity

A

You’re my buddy, we both know Bob, so do this for me as a favor for Bob

29
Q

Define Strategy - Trust

A

Trick the person into trusting you, hey I’m helping everyone in the company with this

30
Q

Define Strategy - Urgency

A

Creating a scenario where action needs to be taken now