Chapter 1.1 - Social Engineering Flashcards

Compare and contrast different types of social engineering techniques

1
Q

Phishing

A

Social Engineering with a touch of spoofing
Usually by mail, text, etc.
Usually something wrong with the URL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Smishing (SMS Phishing)

A

Done by text message
Forwards links or asks for personal information
Examples: fake check, phone code verification, boss/ CEO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vishing (Voice Phishing)

A

Done over the phone or voicemail
Caller ID spoofing is common
Examples: fake security checks or bank updates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Spam

A

Unsolicited messages
Examples: emails or forums

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Mail Gateways

A

A filter that identifies spam and throws it away

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Spam Over Instant Messaging (SPIM)

A

Unsolicited messages over instant messaging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Spear Phishing

A

Targeted phishing with inside information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Whaling

A

Spear phishing/ targeting the higher ups of a company
Have a ton of information for a bigger catch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Dumpster Diving

A

Physically going through a dumpster to find important details (for an attack) people/ companies have thrown out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Shoulder Surfing

A

Physically peeking over someone’s shoulder to look at their screen to try and steal information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Pharming

A

Redirecting a legit website to a bogus site
Harvest large group of people instead of just one person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Tailgating

A

Use an authorized person to gain unauthorized access to a building

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Eliciting Information

A

Extracting information from the victim
Often used with vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Prepending

A

Add onto the beginning of a fake URL
Example: “https://pprofessormesser.com”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Prepending

A

Add onto the beginning of a fake URL
Example: “https://pprofessormesser.com”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Invoice Scams

A

Sending a fake invoice to the person/ department paying the bills at a company and the attacker ends up with the payment details

17
Q

Credential Harvesting

A

Attackers collecting login credentials
Opening a document that runs a macro to start harvesting
Called password harvesting

18
Q

Reconnaissance

A

Gather information on the victim
Usually background information
Examples: social media, corporate website

19
Q

Hoax

A

A threat that doesn’t actually exist but seems like it COULD be real

20
Q

Impersonation

A

Attacker pretends to be someone they are not
Uses details from reconnaissance

21
Q

Watering Hole Attack

A

Strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware
Eventually, some member of the targeted group will become infected

22
Q

Typosquatting

A

A type of URL hijacking
Purposely misspelling an URL
Example: “https:professormessor.com”

23
Q

Pretexting

A

Lying to a victim to get information
Example: “Hi, we are calling from Visa regarding…”

24
Q

Influence Campaigns

A

Sway public opinion on political and social issues

25
Influence Campaigns - Hybrid Warfare
A military strategy that can influence elections and fake news Usually called cyberwarfare Attack an entity with technology
26
Influence Campaigns - Social Media
Amplifying fake content on social media used by millions of people
27
Social Engineering Principles - Authority
The social engineer is in charge Example: "I am calling from the off of the CEO..."
28
Social Engineering Principles - Intimidation
Things will be bad if you do not do this Example: "If you don't help me..."
29
Social Engineering Principles - Consensus/ Social Proof
Convince the victim based on what's normally expected Example: "Your co-worker, Jill, did this for me..."
30
Social Engineering Principles - Scarcity
The situation will not be this way for long Example: Must make the change before time expires
31
Social Engineering Principles - Familiarity/ Liking
Someone you know, we have common friends
32
Social Engineering Principles - Trust
Someone who is safe Example: "I am from IT, I am here to help"
33
Social Engineering Principles - Urgency
Paired with scarcity Example: Act quickly, don't think
34
Social Engineering Principles
Common methods used to increase social engineering for attacks
35
Defending Waterhole Attack
Defense in depth Firewalls and IPS Anti-virus/ anti-malware signature updates