1.1 Social Engineering Flashcards
Define Phishing
Tricking someone into providing personal or valuable information
Smishing
Phishing via text/SMS messages
Vishing
Phishing via voice calls
Define Spam (2 types)
- Non-malicious unsolicited advertisements which consume hardware resources and flood users’ inboxes
- Malicious containing link to launch other attacks, such as phishing or malware downloads
Define Spam over Instant Messaging (SPIM)
Spam-like messages delivered via instant messaging
Define Spear Phishing
A phishing attack targeting a specific person and crafted using reconnaissance and pretexting to make it more believable
Define Dumpster Diving
Obtaining valuable information from documents disposed in the garbage
Define Shoulder Surfing
Obtaining valuable information from looking at someone’s screen or monitor
Define Pharming
Compromising a DNS server so that users are directed to an alternate malicious site, instead of the valid site for the URL requested
Define Tailgating
Gaining unauthorized access to a restricted area by following someone in
Define Eliciting information
the subtle extraction of information during an apparently normal and innocent conversation
Define Whaling
spear phishing attack targeting an executive, such as getting bank information from the CFO or head of accounting
Define Prepending
Creating a malicious URL by adding character(s) to the beginning of it, i.e. wwellsfargo.com, to fool people
Define Identity Fraud
Gaining information to setup or access accounts as the identity of another person
Define Invoice scams
Sending valid-looking invoices to the accounting department to obtain payment for services not actually rendered