Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CNS > 2. Phishing > Flashcards

2. Phishing Flashcards

1
Q

What is the purpose of phishing attacks?

A

To provoke people into actions that compromise information security or get them to either reconfigure access control mechanisms or to install malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the difference between phishing, spear phishing and whaling?

A

Phishing → Mass messaging , most often via e mail, to many regular users in order to harvest access credentials , privileges , information

Spear phishing → Phishing against interesting individuals that are selected due to their position , knowledge or status. Attacks often designed based on observational knowledge

Whaling → Spearfishing against very important key personal (CEOs, generals, top politicians and other key figures)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the difference between smishing and vishing?

A

Smishing → Phishing through various electronic messenger services (SMS, WhatsApp, Telegram, Skype etc).

Vishing → Voice calling with deep faked synthetic ‘real’ voice of a person in order to persuade victim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

After successfully sending phishing messages to the victim - how does the phishing attack compromise the victim’s information security? How does the attacker gain access to the target systems?

A
  • Victim clicks the phishing link
  • Phishing website opens
  • Victim submits information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name the principles of influence that get exploited in phishing messages.

A

SiSo CARS

● Authority - People’s tendency to comply with requests from figures perceived as knowledgeable or in positions of authority. Phishing messages may impersonate trusted organizations or individuals to gain credibility and trust.
● Liking/Similarity - The tendency to comply with requests from individuals who are liked, admired, or considered similar. Phishing messages may try to establish a personal connection, use friendly language, or mimic the communication style of the target’s acquaintances.
● Scarcity - The perception that limited availability or scarcity of something increases its value. Phishing messages may create a sense of urgency or scarcity to prompt immediate action, such as claiming limited-time offers or account closures.
● Reciprocation - The tendency for individuals to feel obligated to give back or repay a favor. Phishing messages may promise a reward or offer something of value in exchange for personal information.
● Commitment/Consistency - People’s desire to be consistent with their previous beliefs, commitments, or actions. Phishing messages may exploit this principle by referencing previous interactions, pretending to follow up on past requests, or mimicking familiar communication styles.
● Social proof - The influence of others’ actions or opinions on an individual’s behavior. Phishing messages may use fake testimonials, social media references, or references to popular trends to convince individuals to take action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the technological causes that enable phishing attacks in messaging and communication?

A

Unauthenticated messaging
● Use of passwords without second authentication factor
● Lack of hardware supported or biometric supported authentication
Poor identity management concepts based on transferable and remotely usable credentials and identity attributes
Mass distribution services that send poorly authenticated attack messages to a large audiences in very short time
No message spam filtering with anti phishing technology
Poor computer security against malware , exploit or automated attacks

Cheap automation also

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Factors enabling phishing

A
  • Poor security technology
  • Cheap automation
  • Poor user awareness
  • Lack of training
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How will artificial intelligence support phishing?

A
  • to generate Phishing URLs that bypass intrusion detection .
  • to generate Phishing content that is automatically personalized to the target.
  • to adapt topics in Phishing mail to current viral topics on social media.
  • to fake persons used in Phishing contexts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name four countermeasures that when deployed in an organization are effective against phishing attacks.

A
  • Message spam filtering
  • Training of users
  • Web filtering
  • Website take-downs

Deployment of hard authentication & malware prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How does a phishing training platform get used for raising employee awareness in an organization?

A
  • Used to run controlled assessment or awareness phishing campaigns
  • Tools generate e-mails and landing web pages , collect click rates, generate statistics about success
  • OSINT
  • Email customization
  • Domain selection
  • Click events
  • Evaluation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CNS (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions