Phishing Flashcards
What is phishing?
The process of attempting to acquire sensitive information such as usernames, passwords, and credit card details. It is done by masquerading as a trustworthy entity on a bulk email, which tries to evade spam filters.
Emails claiming to be from popular social websites, Banks, auction sites, or IT administrators are commonly used to lower the unsuspecting public. It is a form of criminally fraudulent social engineering.
What is Spear phishing?
A small, focused, targeted phishing attack on a specific person or organization, with the goal to penetrate their defenses the attack is done after research has been done on the Target and has specific personalized component designed to make the target do something against his or her own interest.
What is a phishing attack surface?
The quantity of emails exposed on the internet. The more email address is exposed, the bigger the attack footprint is and the higher the risk for phishing attacks.
What is a Phish-prone Percentage?
A term coined by KnowBe4 that indicates the percentage of employees that are prone to click on phishing links.
The customer starts with a baseline percentage, which is the percentage of users who click on fishing links before being trained. Once trained, the test is done again 12 months later to see the improvement.
What is social engineering?
The act of manipulating people into performing actions or divulging confidential information.
This term typically applies to trickery or deception for the purpose of information gathering fraud or computer system access.
What is CEO fraud?
A spear fishing attack that targets high-risk users: people in accounting, HR, or executive assistance in which the hacker claims to be the CEO (or another executive) and urges an employee to do something that would not be authorized by the legitimate sender.
What is smishing?
Phishing conducted via Short Message Service (SMS), a telephone based text messaging service.
What is email spoofing?
Tricking or deceiving computer systems or other computer users.
It involves sending messages from a bogus email address or faking the email address of another user.