1.1 Social Engineering Techniques Flashcards
What is Phishing?
Attackers pretending to be a service provider to extract your information
What is Typosquatting?
A type of URL hijacking
https://professormessor.com
https://professormesser.com
What is Pretexting?
Lying in a situation to get information
Another type of URL Hijacking
What is Pharming?
Redirecting a group of people to a bogus website
What is Vishing?
Phishing over a voice call
What is Smishing?
Phishing over text messages (SMS)
What is Reconnaissance?
The attacker doing research to build a solid phishing attempt
What is Spear Phishing?
A specific attack against an indivdual or group of people
What is Whaling?
Spear phishing against the CEO or head accountant due to their access to documents and files
What is the pretext phase?
Setting the trap
What is the act of Eliciting Information?
Getting the victim at ease to make extracting information easy
What are some ways an attacker can use a victims information?
Credit card fraud
Bank fraud
Loan fraud
Government benefits fraud
How do you protect against Vishing attacks?
Don’t disclose personal details
Always verify before revealing info
What is Dumpster Diving?
Gathering important details from things people throw in their trash
How can you protect yourself from Dumpster Diving?
Cut documents into small pieces
Burning documents
What is Shoulder Surfing
Gathering information by looking over someone’s shoulder to their PC
How to you protect yourself from Shoulder Surfing?
Be aware of your surroundings
Privacy filter
Keep monitor out of sight
What are Computer Hoaxes?
A threat that doesn’t actually exist
How do you debunk a Computer Hoax?
Cross reference hoaxes
Spam filters
What are Watering Hole Attacks?
Installing malware on a website that a group of people visit
How do you defend against the Water Hole?
Defense in Depth (Layered defense)
Firewalls and IPS
Antivirus/Antimalware
What does SPIM stand for?
Spam over instant messaging
What are some examples of Spam
Commercial advertising
Non-commercial messages
Phishing attempts
How does a mail gateway protect against Spam?
A personal spam filter can be used in the cloud or a filter on the screened subnet
What is rDNS?
Reverse DNS; blocks emails where the sender’s domain does not match the IP address
What is Tarpitting?
The act of intentionally slowing down the server to increase time between sent and received messages
What is Recipient Filtering?
Blocking all emails not addressed to a valid recipient email address
What is Hybrid Warfare also known as?
Cyber warfare
How can Hybrid Warfare be utilized?
Changing the thinking of another country
What is Tailgating?
Unathorized personnel gaining access to a building by closely following someone else
How can we prevent tailgating?
Mantraps
Visitor policy
One scan, one person
What are Invoice Scams?
Spear phishing
A fake invoice is sent
What is Credential Harvesting?
Attackers attempting to gain usernames and passwords stored on a local computer or browser
What are the components of Social Engineering?
Being involved in organizations
Posing as an “aggressive customer”
Posing with authority
Social proof
Scarcity/Urgency
Familiarity
Trust
