Phishing

Question 1

Phishing

Answer 1

Pretends to be from a trusted source

Check address, will have different URL

Something usually isn’t “quite right”

To avoid type URL of site directly into browser; don’t click from an email.

Question 2

Typosquatting

Answer 2

Using URL that is slightly different or misspelled.

Example:
professormessor.com instead of the correct professormesser.com

Question 3

Prepending

Answer 3

Adding an additional character to the beginning of the email to make it seem like a legitimate email.

Example:
pprofessormesser.com instead of professormesser.com

Question 4

Pretexting

Answer 4

Lying to get information.
Acting like a well known company ie; Amazon, Netflix, Visa

Question 5

Pharming

Answer 5

Redirects legitimate site to a bogus site.

Does this by using a poisoned server or client vulnerability.P

Question 6

Pharming with Phishing

Answer 6

Pharming redirects users to illegitimate site from an actual site.

Phishing takes those users and collects their data.

Difficult for anti-malware to detect because original site may be legitimated.

Question 7

Vishing

Answer 7

Using voicemail to phish.

Caller ID is spoofed appearing local.
Usually in the form of fake security checks or bank updates.

Question 8

Smishing (Short Message Services of SMS Phishing)

Answer 8

Done by text.
Forwards links.
Asks for personal information.

Question 9

Variations of Phishing

Answer 9

Fake check scam.
Phone verification code scam.
Boss/CEO scam
List of scams on Reddit.com/r/scams

Question 10

Reconnaissance

Answer 10

To gather information on a victim or target.
Gather through:
- Lead generation sites.
- LinkedIn, Twitter, Facebook, Instagram, etc.

Attacker builds credible pretext:
-Where you work.
-Where you bank.
-Recent financial transactions.
-Family and friends.

Question 11

Spear Phishing

Answer 11

Directed phishing.
Going after a specific person.

Whaling is a form where you go after a high-level person:
- CEO
-CFO