Chapter 1.1 Flashcards
Using deceptive communication to fool people into revealing sensitive information.
Phishing
A more targeted form of phishing using inside information. Usually appears to come from a known associate.
Spear Phishing
Spear phishing a high value target, such as a CEO or CFO.
Whaling
A lie used to gain information?
Pretext
Adding character(s) to the beginning or end of a URL.
Prepending
Unauthorized registration of a domain name.
Cybersquatting
Cybersquatting using a mistyped URL.
Typosquatting
Redirecting a legitimate URL to a bogus site.
Pharming
Phishing over voice mail.
Vishing
Phishing over SMS.
Smishing
Gathering information on a victim.
Reconnaissance
Pretending to be someone you are not.
Impersonation
Evoke or draw out information from someone in reaction to one’s own action?
Elicit
Opening an account in someone else’s name, such as a credit card.
Identity Fraud
Gathering important information thrown out with the trash.
Dumper Diving
Gathering information by looking at someone’s screen directly without them knowing.
Shoulder Surfing
A threat that doesn’t exist but seems like it could be real.
Hoax
Targeting a 3rd-party site that victims commonly visit.
Watering Hole Attack
Unsolicited messages.
Spam
Intentionally slowing down sever traffic by flooding it with messages.
Tarpitting
Taking action to sway public opinion on political and social issues.
Influence Campaign
Following an authorized person to gain access to a place.
Tailgating
Sending a fake bill for a company to pay.
Invoice Scam
Gathering of usernames and passwords either stored on a computer or written down.
Credential Harvesting or Password Harvesting
What are the 7 social engineering principles? Hint: FAST_ICU
Familiarity, Authority, Scarcity, Trust, Intimidation, Consensus, Urgency
