Other Social Engineering Attacks Flashcards
Tailgating
Use an authorized person to gain access to a building. Blend in with the same clothing from a third party vendor (janitors clothes). Hang out in the smoking section and follow someone else in. Hands full doughnut trick. Once inside, they have nearly full access.
Policy for visitors
You should be able to identify anyone using a company ID or visitor badge. One scan one person policy for entrance. Access control vestibules only allow one person at a time with a badge.
Invoice Scams
Starts with spear phishing. The attacker sends a fake invoice that looks official to the person responsible for paying the bills. It can be addressed to the CEO with a spoofed address. It may include a link to pay the bill where they intend to collect the bank info.
Credential Harvesting
Also called password harvesting. Attackers collect login credentials. They want to find them in Chrome, Firefox, Outlooks, etc. They are transported often through macro’s in Microsoft Word but can come from other vectors.