Chapter 1 Social Engineering Techniques Flashcards
Social Engineering
An attack against a user and typically involves some form of social interaction.
Phishing
A type of social engineering in which an attacker attempts to obtain sensitive information by pretending a trusted entity.
Smishing
- A version of Phishing Attack that uses Short Message Service (SMS).
- The attacks sends the user a link to click which begins the nex phase of the attack.
Vishing
- Attackers using voice simulated technology to obtain information over voice communication.
SPAM
- Bulk of unsolicited emails.
- One should always consider the source before clicking any links or directly responding.
SPIM (Spam over Instant Message)
- Spam message delivered via an instant message.
- Purpose is getting an unsuspecting user to click malicious content or links to initiate an attack.
Spear Phising
Targets a specific person or group of people with something in common.
Dumpster Diving
Going through the victim’s trash in hopes of finding valuable information that be used in a penetration attempt.
Shoulder Surfing
The attacker directly observes the individual entering sensitive information on a form, keyboard, or keypad.
Pharming
Consists of misdirecting users to fake websites made to look official.
Tailgating
The simple tactic of following closely behind a person who has just used their own access card or pin to gain physical access to a room or building.
Eliciting Information
Posing as a trusted entity, an attacker can get a password reset, information about some system, or other useful information.
Whaling
Where the target is a high value person, such as a CEO or CFO.
Prepending
The act of supplying information that another will act upon.
Identity Fraud
- The use of fake credentials to achieve an end
- Can be done online
- Works when the person is expecting the person
