4 Social Engineering and Password Attacks Flashcards
What is social engineering?
Techniques used to manipulate individuals into divulging confidential information
Name three techniques related to phishing.
- Smishing
- Vishing
- Spoofing
What is the purpose of misinformation and disinformation campaigns?
To change opinions and shift narratives
What is pretexting in the context of social engineering?
Using impersonation to provide a believable reason for a request
What are business email compromise and brand impersonation?
Techniques used to make malicious communications appear legitimate
What is a watering hole attack?
Attacks that focus on sites frequently visited by the target
Define typosquatting.
Exploiting users’ typing errors when entering URLs
How can passwords be acquired?
Through online attacks against live systems or offline using captured password stores
What are brute-force attacks?
Attacks that attempt to recover passwords using methods like spraying and dictionary attacks
What makes password attacks easier for attackers?
- Unencrypted or plain-text passwords
- Improper or unsecure storage methods like MD5 hashes
True or False: Password cracking can only be performed online.
False
Fill in the blank: Phishing techniques include _______.
[smishing and vishing]
What is the goal of malicious actors using impersonation?
To acquire information, gain access or credentials, or persuade individuals to take action