Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cyber Security (CompTIA Security+) > Chapter 1.1 - Social Engineering > Flashcards

Chapter 1.1 - Social Engineering Flashcards

Compare and contrast different types of social engineering techniques

1
Q

Phishing

A

Social Engineering with a touch of spoofing
Usually by mail, text, etc.
Usually something wrong with the URL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Smishing (SMS Phishing)

A

Done by text message
Forwards links or asks for personal information
Examples: fake check, phone code verification, boss/ CEO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vishing (Voice Phishing)

A

Done over the phone or voicemail
Caller ID spoofing is common
Examples: fake security checks or bank updates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Spam

A

Unsolicited messages
Examples: emails or forums

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Mail Gateways

A

A filter that identifies spam and throws it away

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Spam Over Instant Messaging (SPIM)

A

Unsolicited messages over instant messaging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Spear Phishing

A

Targeted phishing with inside information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Whaling

A

Spear phishing/ targeting the higher ups of a company
Have a ton of information for a bigger catch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Dumpster Diving

A

Physically going through a dumpster to find important details (for an attack) people/ companies have thrown out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Shoulder Surfing

A

Physically peeking over someone’s shoulder to look at their screen to try and steal information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Pharming

A

Redirecting a legit website to a bogus site
Harvest large group of people instead of just one person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Tailgating

A

Use an authorized person to gain unauthorized access to a building

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Eliciting Information

A

Extracting information from the victim
Often used with vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Prepending

A

Add onto the beginning of a fake URL
Example: “https://pprofessormesser.com”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Prepending

A

Add onto the beginning of a fake URL
Example: “https://pprofessormesser.com”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Invoice Scams

A

Sending a fake invoice to the person/ department paying the bills at a company and the attacker ends up with the payment details

17
Q

Credential Harvesting

A

Attackers collecting login credentials
Opening a document that runs a macro to start harvesting
Called password harvesting

18
Q

Reconnaissance

A

Gather information on the victim
Usually background information
Examples: social media, corporate website

19
Q

Hoax

A

A threat that doesn’t actually exist but seems like it COULD be real

20
Q

Impersonation

A

Attacker pretends to be someone they are not
Uses details from reconnaissance

21
Q

Watering Hole Attack

A

Strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware
Eventually, some member of the targeted group will become infected

22
Q

Typosquatting

A

A type of URL hijacking
Purposely misspelling an URL
Example: “https:professormessor.com”

23
Q

Pretexting

A

Lying to a victim to get information
Example: “Hi, we are calling from Visa regarding…”

24
Q

Influence Campaigns

A

Sway public opinion on political and social issues

25
Q

Influence Campaigns - Hybrid Warfare

A

A military strategy that can influence elections and fake news
Usually called cyberwarfare
Attack an entity with technology

26
Q

Influence Campaigns - Social Media

A

Amplifying fake content on social media used by millions of people

27
Q

Social Engineering Principles - Authority

A

The social engineer is in charge
Example: “I am calling from the off of the CEO…”

28
Q

Social Engineering Principles - Intimidation

A

Things will be bad if you do not do this
Example: “If you don’t help me…”

29
Q

Social Engineering Principles - Consensus/ Social Proof

A

Convince the victim based on what’s normally expected
Example: “Your co-worker, Jill, did this for me…”

30
Q

Social Engineering Principles - Scarcity

A

The situation will not be this way for long
Example: Must make the change before time expires

31
Q

Social Engineering Principles - Familiarity/ Liking

A

Someone you know, we have common friends

32
Q

Social Engineering Principles - Trust

A

Someone who is safe
Example: “I am from IT, I am here to help”

33
Q

Social Engineering Principles - Urgency

A

Paired with scarcity
Example: Act quickly, don’t think

34
Q

Social Engineering Principles

A

Common methods used to increase social engineering for attacks

35
Q

Defending Waterhole Attack

A

Defense in depth
Firewalls and IPS
Anti-virus/ anti-malware signature updates

Cyber Security (CompTIA Security+) (41 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions