4 Social Engineering and Password Attacks Flashcards
What are common threat vectors and attack surfaces?
Phishing, Vishing, Smishing,
Misinformation/disinformation, Impersonation,
Business email compromise, Pretexting,
Watering hole, a targeted attack designed to compromise users within a specific industry or group of users by infecting websites they typically visit and luring them to a malicious site.
Brand impersonation,
Typosquatting. when people - often criminals - register a common misspelling of another organization’s domain as their own. For example: tailspintoy.com instead of tailspintoys.com (note the missing “s”).
What are indicators of malicious activity?
Password attacks (Spraying, Brute force)
What are key principles to socially engineer an individual? (7) A I C SP F T U
Authority
Intimidation
Consensus-based social engineering - might point out that everyone else in a department had already clicked on a link, or might provide fake testimonials
“social proof” in some categorization schemes.
Scarcity
Familiarity-based attacks rely on you liking the individual or even the organization the individual is claiming to represent.
Trust - build a connection with their targets
Urgency
What is Phishing?
fraudulent acquisition of information, often focused on credentials like usernames and passwords, as well as sensitive personal information like credit card numbers and related data.
What is Smishing?
phishing via SMS (text) messages
What is Vishing
phishing via telephone.
What is social engineering?
The practice of manipulating people through various strategies to accomplish desired actions.
What principle relies on the fact that most people obey someone who appears to be in charge?
Authority
What principle in social engineering uses fear to coerce individuals into taking action?
Intimidation
What is consensus-based social engineering also known as?
Social proof
Which principle makes something appear more desirable because it may be the last available?
Scarcity
What do familiarity-based attacks rely on?
The target liking the individual or organization.
What is the difference between trust and familiarity in social engineering?
Trust builds a connection with the individual, while familiarity relies on something being normal.
What principle creates a sense of urgency in social engineering?
Urgency
True or False: Most social engineering efforts combine multiple principles into a single attack.
True
What is phishing?
The fraudulent acquisition of information, often focused on credentials or sensitive personal information.
What is smishing?
Phishing via SMS (text) messages.
What does vishing refer to?
Phishing via voice or voicemail messages.
What is spear phishing?
Phishing that targets specific individuals or groups in an organization.
What is whaling in the context of phishing?
Phishing that targets senior employees like CEOs and CFOs.
What are common defenses against phishing?
Awareness training and technical filtering methods.
What is the main goal of misinformation and disinformation campaigns?
To turn public opinion in directions of their choosing.
What is the difference between misinformation and disinformation?
Misinformation is incorrect information, while disinformation is intentionally false information.
What does the acronym MDM stand for?
Misinformation, Disinformation, and Malinformation.