Cybersecurity Vocab. Flashcards
Domain hijacking
Domain hijacking is a type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Brandjacking is another term for domain hijacking.
typosquatting
Typosquatting relies on users navigating to misspelled domains. An attacker registers a domain name with a common misspelling of an existing domain. Users who misspell a URL in the web browser arrive at the attacker’s website.
kiting
Kiting is the act of continually registering, deleting, and reregistering a name within the five-day grace period without having to pay for it.
tasting
Tasting is a Domain Name Server (DNS) exploit that involves registering a domain temporarily to see how many hits it generates within the five-day grace period.
hoax attack
In a hoax attack, an email alert or web pop-up will claim to have identified some sort of security problem, such as a virus infection, and offer a tool to fix the problem. The tool, of course, will be some sort of Trojan application.
pharming
Pharming relies on corrupting the way the victim’s computer performs Internet name resolution, so that they redirected them from the genuine site to the malicious one.
tailgating
Tailgating is a means of entering a secure area without authorization, by following close behind the person that has permission to open the door or checkpoint.
Spam
Spam or bulk unsolicited messages, usually sent in the form of email advertisements or other appealing material, may deliver malware or lure a user to another form of attack.
whaling
Whaling is a spear phishing attack directed specifically against upper levels of management in the organization (CEOs and other “big fish”).
spear phishing
Spear phishing is a phishing scam where the attacker has some information that makes an individual target more likely to be fooled by the attack.
spyware attack
Spyware is a program that monitors user activity and sends the information to someone else. This can occur with or without the user’s knowledge.
phishing attack
Phishing is a combination of social engineering and spoofing, where the attacker sets up a spoof website to imitate a trusted one.
rogueware attack
Rogueware is a fake antivirus web pop-up that claims to have detected viruses on the computer and prompts the user to initiate a full scan, which installs the attacker’s Trojan.
vishing
Vishing describes a phishing attack conducted through a voice channel (telephone or VoIP, for instance).
SMiShing
SMiShing refers to fraudulent SMS texts. Other vectors could include instant messaging or social media sites.
Phishing
Phishing is a type of email-based social engineering attack. The attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim. Pharming is a means of redirecting users from a legitimate website to a malicious one.
Pharming
Pharming relies on corrupting the way the victim’s computer performs Internet name resolution, which redirects the user from the genuine site to the malicious one.
domain hijacking
Domain hijacking is a type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity. Brandjacking is another term for domain hijacking.
kiting
Kiting is the act of continually registering, deleting, and reregistering a name within the five-day grace period without having to pay for it.
tasting
Tasting is a Domain Name Server (DNS) exploit that involves registering a domain temporarily to see how many hits it generates within the five-day grace period.
shoulder surfing
Shoulder surfing refers to stealing a password or PIN (or other secure information) by watching the user type it, either in close proximity or remotely.
lunchtime attack
If a user leaves a workstation unattended while logged on, an attacker can physically gain access to the system (often described as a lunchtime attack).
credential harvesting
Credential harvesting is a campaign specifically designed to steal account credentials. The attacker has more interest in selling the database of captured logins than trying to exploit them directly.
watering hole attack
A watering hole attack relies on the circumstance that users may use an unsecure third-party website, like a local pizza firm, which the attacker has compromised.
colocation
A colocation is a data center that contains racks with networking equipment owned by different companies.
authority
Many people find it difficult to refuse a request by someone they perceive as superior to them. Social engineers can try to exploit this behavior to intimidate their target by pretending to be someone of authority.
consensus
With consensus/social proof impersonation, an attacker fools users into believing that a malicious website is legitimate by posting fake reviews. The victims believe the reviews and place their trust in the website.
urgency
Creating a false sense of urgency can disturb people’s ordinary decision-making process. The social engineer can try to pressure his or her target by demanding a quick response.
liking
One of the tools of social engineers is to be likable and to present the requests they make as completely reasonable.
piggy backing
Piggy backing is a situation where the attacker enters a secure area with an employee’s permission.