Chapter 1 - Social Engineering Techniques Flashcards
what is social engineering?
an attack against a user that involves a form of social interaction.
phishing attack
an attacker attempts to obtain sensitive information through a trusted entity such as email or instant messaging
smishing attack
is an attack done by text message (SMS phishing)
vishing attack
a phishing attack that is done over the phone or voicemail to obtain personal information
SPAM
unsolicited email sent in bulk
typosquatting
a type of URL hijacking- https://yutube.com
Pretexting
the attacker creates a false narrative to influence the victim to give up some type of information
Prepending
adding to the beginning of text-https://yyoutube.com
pharming
misdirecting users to a fake website made to look real
what is the difference between pharming and phishing?
pharming- harvest large groups of people
phishing- collect access to credentials
Reconnaissance
a military term that is used to gather information on the victim
spear phishing
used to target a specific person or group of people
Whaling attack
the attacker’s target is a high value person such as a CEO or CFO
Impersonation
attackers pretending to be someone they aren’t
Eliciting information
extracting information from the victim
example: help desk
identity fraud
using a victim’s personal or financial information without permission. (pretending to be you)
credit card fraud
an account is opened in your name or credit card information is being used
bank fraud
attacker gains access to your account or opens a new account
loan fraud
victims information is used for a loan or lease
government benefits fraud
attacker obtains benefits on victims behalf
dumpster diving
going through a targets trash to find valuable information
shoulder surfing
obtaining personal information by looking over the victim’s shoulders
Computer hoax
A threat that doesn’t actually exist; a fake warning
watering hole attack
involves the infecting of a target website with malware that victims commonly visit
What is SPIM?
Spam Over Instant Messaging
Influence Campaigns
is used to sway public opinion on political and social issues
hybrid warfare
a military strategy that is use to change the way people think in another country
cyberwarfare
is used to attack an entity with technology
Tailgating
using an authorized person to gain unauthorized access to a building
invoice scams
attacker uses a fake invoice in an attempt to get a company to pay for things
credential harvesting
the collection of login credentials
authority
the power or right to give orders, make decisions, and enforce obedience.
intimidation
to frighten or threaten someone, usually in order to persuade the person to do something he or she does not wish to do
Consensus/Social proof
to convince based on what’s normally expected; a general agreement
Scarcity
when something needs to be done in a certain amount of time
Urgency
when something needs to be done immediately
Familiarity
to have close acquaintance with or knowledge of something.
Trust
someone who is safe and reliable ;to believe that someone is good and honest and will not harm you.
