Chapter 1.1 - Social Engineering Flashcards
Compare and contrast different types of social engineering techniques
Phishing
Social Engineering with a touch of spoofing
Usually by mail, text, etc.
Usually something wrong with the URL
Smishing (SMS Phishing)
Done by text message
Forwards links or asks for personal information
Examples: fake check, phone code verification, boss/ CEO
Vishing (Voice Phishing)
Done over the phone or voicemail
Caller ID spoofing is common
Examples: fake security checks or bank updates
Spam
Unsolicited messages
Examples: emails or forums
Mail Gateways
A filter that identifies spam and throws it away
Spam Over Instant Messaging (SPIM)
Unsolicited messages over instant messaging
Spear Phishing
Targeted phishing with inside information
Whaling
Spear phishing/ targeting the higher ups of a company
Have a ton of information for a bigger catch
Dumpster Diving
Physically going through a dumpster to find important details (for an attack) people/ companies have thrown out
Shoulder Surfing
Physically peeking over someone’s shoulder to look at their screen to try and steal information
Pharming
Redirecting a legit website to a bogus site
Harvest large group of people instead of just one person
Tailgating
Use an authorized person to gain unauthorized access to a building
Eliciting Information
Extracting information from the victim
Often used with vishing
Prepending
Add onto the beginning of a fake URL
Example: “https://pprofessormesser.com”
Prepending
Add onto the beginning of a fake URL
Example: “https://pprofessormesser.com”
Invoice Scams
Sending a fake invoice to the person/ department paying the bills at a company and the attacker ends up with the payment details
Credential Harvesting
Attackers collecting login credentials
Opening a document that runs a macro to start harvesting
Called password harvesting
Reconnaissance
Gather information on the victim
Usually background information
Examples: social media, corporate website
Hoax
A threat that doesn’t actually exist but seems like it COULD be real
Impersonation
Attacker pretends to be someone they are not
Uses details from reconnaissance
Watering Hole Attack
Strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware
Eventually, some member of the targeted group will become infected
Typosquatting
A type of URL hijacking
Purposely misspelling an URL
Example: “https:professormessor.com”
Pretexting
Lying to a victim to get information
Example: “Hi, we are calling from Visa regarding…”
Influence Campaigns
Sway public opinion on political and social issues