1.1 Social engineering attacks Flashcards
What is phishing ?
Social engineering with a touch of spoofing (dellivered by mail, ect)
How to spot phishing attack ?
check the URL, spelling, fonts, graphic
How phishing attack are so successful?
By trycking us using typosquatting (type of URL hijacking = pretend to be a legitimate URL)
What is pharming and it can be related to phishing?
redirection a legit website to a bogus site. It is done by poisonning the DNS server. So the pharming tqke plqce to redirect ppl on the attacker website and phishing take place when the victim enter its credentials. It is difficult to recognise by anti malware
What is Vishing ?
Voice phishing is done via phone, qsking for personal info
How to conduct a phishing attack ?
1/ Reconnaissance: gather info on the victim
2/ Background info (corporate web site etc)
3/ Attacker builds a believable pretext
What is spear phishing attack and whaling ?
Target phishing with inside information to make the attack more believable. Whaling is a spear phishing attack that target the CEO or CFO
What is impersonation ?
attackers pretend to be someone they are not, they use info gathered during the reconnaissance phase and pretend to be a person in higher rank to get info on the victims. It can be done via Vishing.
What can be the consequences of impersonation ?
The attacker can use to victims info fo credit card fraud, bank fraud, loan fraud and government benefit fraud (tax etc)
How to protect against impersonation?
nerver give information
verify before revealing info
What is dumpster diving attack ?
attacker trying to get information by the stuffs you thrown in a trash
How to prevent from dumpster diving?
- secure the garbage with locker
- shred your document
What is shoulder surfing ?
looking over someone shoulder to have access to important info (password, sensitive info etc)
How to prevent shoulder surfing?
1/ control your iput and be aware of your surrounding
2/ use privacy filters
3/ keep monitor out of the sight (window etc)
What is Hoaxes attack ?
a threat that doesn’t actually exist
What is watering hole attack?
computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects
How to prevent from watering hole attacks?
defense in depth
firewals and IPS
anti-virus/anti malware signature update
What is spam ?
unsolicited message (email, forum, sms etc) that can be commercial advertising, phishing attempts etc.
How to prevent from spam?
1/ set up a mail gateway to filter the emails before it is transfered into the internal mail server
How to identify a spam?
- set up an allowed list form trusted senders
- block anything that does not follow RFC standard
-reverse DNS: block email where sneder’s domain doesn’t match the IP - block email not adressed to a valid recipient email adress
What is hacking public opinion ?
-influence campaign to change ppl opinion, it is enabled with social media (liking, sharing etc)
What is the process of hacking public opinion?
- create fake users
-create contet and post on social media
-amplify the message - real users share the message
-mass media picks up the story
What is hybrid warfare?
a type of hacking public opinion attack where a country is trying to influence another country (cyberwar)
What is tailgating?
use an authorized person to gain unauthorized acces to a building
Why social engineering attack are effective?
- constantly changing
- may involve multiple people
- may be in person or electronically
What are the principle of social engineering?
- use of authority (calling from help desk, CEO etc)
- intimidation (there will be bad things if you don’t help)
- consensus/social proof
-scarcity and urgency (that need to be done immediatly)
