1.1 Social Engineering Flashcards
Define Phishing
Tricking someone into providing personal or valuable information
Smishing
Phishing via text/SMS messages
Vishing
Phishing via voice calls
Define Spam (2 types)
- Non-malicious unsolicited advertisements which consume hardware resources and flood users’ inboxes
- Malicious containing link to launch other attacks, such as phishing or malware downloads
Define Spam over Instant Messaging (SPIM)
Spam-like messages delivered via instant messaging
Define Spear Phishing
A phishing attack targeting a specific person and crafted using reconnaissance and pretexting to make it more believable
Define Dumpster Diving
Obtaining valuable information from documents disposed in the garbage
Define Shoulder Surfing
Obtaining valuable information from looking at someone’s screen or monitor
Define Pharming
Compromising a DNS server so that users are directed to an alternate malicious site, instead of the valid site for the URL requested
Define Tailgating
Gaining unauthorized access to a restricted area by following someone in
Define Eliciting information
the subtle extraction of information during an apparently normal and innocent conversation
Define Whaling
spear phishing attack targeting an executive, such as getting bank information from the CFO or head of accounting
Define Prepending
Creating a malicious URL by adding character(s) to the beginning of it, i.e. wwellsfargo.com, to fool people
Define Identity Fraud
Gaining information to setup or access accounts as the identity of another person
Define Invoice scams
Sending valid-looking invoices to the accounting department to obtain payment for services not actually rendered
Define Credential Harvesting
Using macros or malware to steal credentials saved in other applications, such as Chrome, silently in the background
Define Reconnaissance
gathering information, either passively or actively, to prepare an attack
i.e. looking at someone’s social media or running a port scan
Define Hoax and provide 2 examples
- a situation that is not real, but looks real, for malicious intent
- pop-up to download false virus protection or software updates
Define Impersonation
A threat actor pretending to be someone else to facilitate an attack or obtain information
Define Watering hole attack
Using a third-party to attack an organization, i.e. infecting the online ordering website of a restaurant nearby that employees regularly order from
Define Typosquatting
Using common spelling mistakes of valid URLs to create malicious websites, i.e. weellsfargo.com
Define Pretexting
Creating a believable lie to facilitate an attack, such as a phishing attack
Influence Campaign - Hybrid warfare & Social Media
Influencing policy changes by creating fake social media accounts to spread a narrative that is then picked up and spread by valid influential sources, can be used instead of military action to change an opposing nation/state
Define Strategy - Authority
Invoking a source of authority to elicit information or an action, i.e. calling from the CEO’s office, or IT support
Define Strategy - Intimidation
Using intimidation to elicit information or an action, i.e. payroll won’t go out if you don’t….
Define Strategy - Consensus
Saying something like “Co-worker Jill did this for me last week so can you …. ?”
Define Strategy - Scarcity
Something will go away if you don’t do this for me now
Define Strategy - Familiarity
You’re my buddy, we both know Bob, so do this for me as a favor for Bob
Define Strategy - Trust
Trick the person into trusting you, hey I’m helping everyone in the company with this
Define Strategy - Urgency
Creating a scenario where action needs to be taken now
