Chapter 1 Threats, Attacks, and Vulnerabilities Flashcards
What is Social Engineering?
An attack against a user, and typically involves some form of social interaction
What is Phishing?
A type of social engineering in which an attacker attempts to obtain sensitive information from users by masquerading as a trusted entity in an email or instant message
What is Smishing?
An attack using Short Message Service (SMS) on victims cell phones
What is Vishing?
A variation of phishing that uses voice communication technology to obtain the information the attacker is seeking
What is Spam?
Bulk unsolicited email
What is Spam over Instant Messaging (SPIM)?
Spam delivered via an instant messaging application
What is Spear Phishing?
A phishing attack that targets a specific person or group of people with something in common
What is Dumpster Diving?
The process of going through a targets trash in hopes of finding valuable info that might be used in a penetration attempt
What is Shoulder Surfing?
The process of looking over the shoulder of the target while they input sensitive and private information into a form or website login etc.
What is Pharming?
Consists of misdirecting users to fake websites made to look official
What is Tailgating (piggybacking)
The simple tactic of following closely behind a person who has just used their own access card or PIN to gain physical access to a room or building
What is Whaling?
Custom built attacks when the target is ahigh-value person, such as a CEO
What is Prepending?
The act of adding something else to the beginning of an item, In social engineering adding something like stating that they were sent by the targets boss
What is Identity Fraud?
The use of fake credentials to achieve an end
What are Invoice Scams?
Use of a fake invoice in an attempt to get a company to pay for things it has not ordered
What is Credential Harvesting
Involves the collection of credential information, such as user IDs, passwords, and so on, enabling an attacker a series of access passes to the system
What is Reconnaissance?
The actions of surveying a battlefield to gain information prior to hostilities
What is impersonation?
An attacker assumes a role that is recognized by the person being attacked
What is a watering hole attack?
The infecting of a target website with malware
What is typosquatting?
An attack form that involves capitalizing upon common typographical errors
What is pretexting?
A form of social engineering in which the attacker uses a narrative to influence the victim into giving up some item of information
What is an influence campaign?
The use of collected info and selective publication of material to key individuals in an attempt to alter perceptions and change peoples minds on a topic
What is intimidation?
Can be either subtle, through perceived power, or more direct, through the use of communications that build an expectation of superiority
What is a Consensus?
A group wide decision
