Lesson 10 - Chapter 3: Social Engineering and Spam Flashcards
What is social engineering?
the process of tricking or manipulating people inside an organization to gain access to its network/steal information
(network login, credit card number, company customer data, etc)
Social engineering attacks are usually… ?
used as one step in a larger plot to gain access (so if you discover one, ramp up your search for other attacks)
What is infiltration?
someone entering the building under disguise (cleaning personnel, repair techs, messengers, etc)
What is Phishing?
the act of trying to get people to give their security information (usernames, passwords, bank details, etc) by pretending to be someone else electronically
What does a phishing attack look like?
an example is a bad guy sends you an email from “your credit card company” asking for your username and password
What is Spear Phishing?
a targeted phishing attack (specific person like a celebrity or politician)
What is voice phishing (vishing)?
VoIP (Voice over IP), like voice messages expressing an urgent need for information by someone posing as a rep of a reputable company
What is whaling?
an attacker targets an authentic, important individual in a senior position in a company and tries to mislead the whale into disclosing sensitive information
(grant access to an internal network, paying money to the fraudster, etc)
What are 7 tips for spotting phishing messages?
- check the e
- check to see if it
- look for g
- be s
- check the u
- do not f
- ignore u
- Check the email address it’s from
- Check to see if it addresses you by name (not generic customer)
- Look for grammar/spelling mistakes and unprofessional language (threats of ending service)
- Be skeptical of attachments
- Check the URL behind a hyperlink (hover over it)
- Do not follow hyperlinks
- Ignore urgent requests to act
What’s the most common telephone scam?
“I forgot my username and password”
(attacker learned someone’s account name through an infiltration method)
(Don’t tell them the password over the phone just in case, have it be sent to their recovery method)
What is shoulder surfing?
an attacker observing a user’s screen or keyboard for information over their shoulder
What is tailgating? What is it also called?
also called piggybacking
an unauthorized person enters a secured facility by walking directly behind one or more people being admitted
What is impersonation?
Using disguises, pretending to be someone else
What is dumpster diving?
searching through refuse for information (and a form of intrusion)
(shred documents, use licensed shredding company for sensitive documents)
Be careful of what when it comes to clicking/opening emails?
be careful of spoofed email addresses or hacked friend’s email accounts