3.6 Cyber Security Flashcards
What is cyber security
Cyber security consists of the processes, practises and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access
Social engineering is?
+ 3 examples
Social engineering is manipulating people into handing over confidential information such as a PIN or password. There are several forms:
- blagging
- phishing
- shouldering
(–pharming, but is it)
Define blagging
Blagging is the act of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.
Example of blagging
For example, a person may receive an email that appears to be from a friend telling them that they’re in trouble and asking them to send money.
What’s phishing
Phishing is a technique of fraudulently obtaining private information, often using email or SMS, by pretending to be a business
How to spot phishing (2)
They can often look convincing, but may contain spelling errors or URLs that do not match the business’s website.
What can phishing emails have (2) - bad
When a person clicks on these links and logs in, it sends their username and password to someone who will use it to access their real accounts.
This information might be used to steal a person’s money or identity, or the email may contain malware.
What to do if receives phishing email
Banks will never send emails asking for personal information or usernames and passwords. If someone receives an email that they think might be phishing, they should report it to the business the sender is claiming to be.
What’s shouldering
Shouldering is observing a person’s private information over their shoulder eg cashpoint machine PIN numbers.
How shouldering prevented (2)
A person can prevent this by using their hand to cover the keypad as they type their PIN, or being aware of people around them when typing in PINs.
Software helps protect against shouldering by masking what is typed, showing an asterisk on the screen instead of the symbol that was entered.
What’s pharming
Pharming is a cyber attack intended to redirect a website’s traffic to a fake website.
What happens when a person logs in to a fake site - pharming
When a person logs in, it sends their username and password to someone who will use it to access their real accounts.
1 way that a pharming cyberattack can redirect traffic from a genuine website to a fake one.
One example is if the Domain Name Servers (DNS) of the website, which match the website address with the IP address of the webserver, are hacked and the IP address is changed to become the address of the pharming site.
3 different threats to computer systems include:
social engineering
malicious code
human error
What’s a cyber threat
Any risk posed to a computer system from an internet source is considered a cyber threat. These threats are often combined to increase the probability of harm to a system. By taking steps to understand what the potential risks are, people and businesses are able to better protect their systems and data.
Blagging also known as
Pretexting
Shouldering also known as
Shoulder surfing
Malicious code/malware
- what
- purpose (2)
- Malicious code is software written to harm or cause issues with a computer.
- This is also referred to as malware and comes in a number of different forms.
- In all its forms, the code has been written to either harm or steal data from your computer system.
There are a number of types of malware, which include: (5)
viruses trojans ransomware spyware adware
What’s a virus
A virus is a piece of malware that infects a computer, and then replicates itself to be passed onto another computer.
Trojan
A Trojan appears to be a piece of harmless software, often given away for free, that contains malicious code hidden inside. This only appears once the gifted software is installed. It was named after the Greek myth of the Trojan horse.
Ransomeware
Ransomware hijacks the data on a computer system by encrypting it and demanding that the owners pay money for it to be decrypted.