Lesson 4 - Evaluating Human and Physical Vulnerabilities Flashcards
A social engineering tactic where a team will communicate, whether directly or indirectly, a like or half-truth in order to get someone to believe a falsehood
Pretexting
What is the term for acquiring data from a target during a social engineering attack
Elicitation
What is the name of the attack when a bad actor gains control of an email account and uses it to convince other employees to perform fraudulent actions
Business Email Compromise (BEC)
Malicious actor tricks the user into performing undesired actions such as deleting files
Hoax
What is the set of tools in Kali Linux that has built-in features to help launch a phishing campaign
Social Engineering Toolkit (SET)
Name of the impersonation attack in which a request for a website, typically e-commerce site is redirected to a similar-looking but fake website
Pharming
What is the social engineering attack when someone uses for example a USB stick enticing you to plug it in
Baiting
Phone based Phishing is referred to as _________
Vishing
Unsolicited phone phishing is referred to as ________
Spam over Internet Telephony (SPIT)
What are the types of Instant Messaging Phishing types:
Instant Messaging Spam
Smishing
The type of attack where they target a group or org by discovering what websites they frequent and inject malicious code into those sites
Watering Hole Attack
Why are supply chain attacks more impactful
They have a wider range of impact of both target org and associated clients and vendors
What is the term related to Supply Chain Attacks where it harms an associated vendor and who is liable
Downstream liability and the original target org is liable.
Use Target example
What is the name where an attacker registers and users a domain name for example similar to the one hoping for a misspelling such as amazen.com
Typosquatting which is a form or URL Hijacking
What is it when someone copies the actions of others in order to appear competent or cooperative in the eyes of others
Social Proof
