1.1 Social Engineering Techniques Flashcards
What is it called when somebody attains a password or sensitive information by discretely observing it being entered, often using phone cameras, binoculars, or a telescope?
Shoulder Surfing
Phishing that uses phone calls as a vector
Vishing
This tactic involves spoofing an ip or MAC address, masquerading as a legitimate entity, or spoofing phone, email, and SMS communication in order to attain information
Impersonation
This form of warfare involves traditional forms of warfare as well as the incorporation of the cyber realm in a non-traditional way.
Hybrid Warfare
What is it called when spam is carried out over an instant messenger service?
SPIM
Phishing targeting an important figure or C-Team person in an organization
Whaling
This type of attack uses DNS poisoning to redirect web traffic to a spoofed website in order to install malware
Pharming
This attack type often targets companies who outsource, perform wire xfers, or use suppliers from abroad by creating phony invoices, using C-Team fraud, compromising their email accounts, or impersonating an attorney or trusted person.
Business email compromise (BEC)
What kind of information can be attained from Dumpster Diving?
Credit card info
Receipts
IP Address Lists
Important Names
Addresses
What is the goal of an attacker who uses impersonation to gather data an a person in order to attempt further cyber attacks?
Eliciting Information
Phishing that uses SMS as a vector
Smishing
What is the best way to mitigate and prevent Social Engineering attacks?
Proper employee training and awareness
What is a web server called that has been compromised and is being used to target web traffic in order to deploy malware or collect data?
Watering Hole
This type of attack involves somebody closely following an authorized person into a physical area secured by a badge reader or keypad
Tailgating
This type of campaign, also known as a misinformation operation, involves collecting tactical information, determining key stakeholders, and launching propaganda campaigns, often to gain a competitive advantage
Influence Campaigns
What kind of information will an attacker gather when performing reconnaisance for a phishing attack?
Workplace
Bank info
Financial Transactions
Family and friends
What do you call a threat that doesn’t actually exist but could be elicited as being true, resulting the in the waste of organization resources and time?
Hoax
Phishing that targets a specific person or group of people within an organization
Spear Phishing
What are some of the biggest reasons that social engineering is an effective attack vector?
Lack of initial and continual employee training
Weak or out-of-date AUPs
Poor perimeter controls
A user types www.gooogle.com into their address bar and get redirected to a malicious website that freezes up their browser and warns that their computer has been infected. What type of attack is this?
Typosquatting
URL Hijacking
Sting Site
Fake URL
Unsolicited email, Trackback, negative SEO attacks, spiders, and malware warnings are all categories of what type of attack?
Spam
This type of scam involves a false email from a seemingly reputable entity or a high-level manager requesting a payment and may even include a link to a “pay” website.
Invoice Scam
