Email Monitoring Flashcards
Unsolicited and unwanted junk email sent out in bulk to an indiscriminate
recipient list
Spam
The fraudulent practice of sending emails purporting to be from reputable
companies in order to induce individuals to reveal personal information, such as
passwords and credit card numbers
Phishing
A form of social engineering in which an individual lies and provides a false motive
to obtain privileged data
Pretext
An email spoofing attack targeting a specific organization or individual by seeking
unauthorized access to sensitive information
Spear Phishing
An attack in which an adversary successfully assumes the
identity of one of the legitimate parties in a system or in a
communications protocol
Impersonation
An impersonation attack in which the attacker gains control of an employee’s
account and uses it to convince other employees to perform fraudulent actions
Business Email Compromise (BEC)
A record of the email servers involved in transferring an email message from a
sender to a recipient
Email Header Analysis
An attacker must also craft some sort of payload to complete the exploit when a victim
opens a message
Email Content Analysis
Allows a body of an email to support different formats, such as HTML, rich text
format (RTF), binary data encoded as Base64 ASCII characters, and attachments
Multipurpose Internet Mail Extensions (MIME)
An exploit or attachment that contains some sort of malicious code implemented
within the message body
Malicious Payload
Message data contains scripts or objects that target some vulnerability
in the mail client
Exploit
Message contains a file attachment in the hope that the user will
execute or open it
Attachment
A link can be composed of a friendly string plus the URL or a shortened URL to
hide the identity of the real target
Embedded Link
Spoofing attacks can be mitigated by configuring authentication for email server systems
Email Server Security
DNS record identifying hosts authorized to send mail for the domain with only
one being allowed per domain
Sender Policy Framework (SPF)