Other Social Engineering Attacks Flashcards

1
Q

Tailgating

A

Use an authorized person to gain access to a building. Blend in with the same clothing from a third party vendor (janitors clothes). Hang out in the smoking section and follow someone else in. Hands full doughnut trick. Once inside, they have nearly full access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Policy for visitors

A

You should be able to identify anyone using a company ID or visitor badge. One scan one person policy for entrance. Access control vestibules only allow one person at a time with a badge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Invoice Scams

A

Starts with spear phishing. The attacker sends a fake invoice that looks official to the person responsible for paying the bills. It can be addressed to the CEO with a spoofed address. It may include a link to pay the bill where they intend to collect the bank info.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Credential Harvesting

A

Also called password harvesting. Attackers collect login credentials. They want to find them in Chrome, Firefox, Outlooks, etc. They are transported often through macro’s in Microsoft Word but can come from other vectors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly