Phishing Flashcards
Phishing
The process of attempting to acquire sensitive information such as usernames, passwords, and credit card details. It’s done by masquerading as a trustworthy entity on bulk email, which tries to evade spam filters.
Emails claiming to be from popular social websites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.
For example, the cyber criminals (bad guys) put together and send an email that looks like it comes from Chase Bank, saying you need to pay your credit card. This is phishing because it’s an attempt by the bad guys to get you to click on something or fill something out that gives them your information—in this case, your banking login information.
Spear Phishing
A small, focused, targeted phishing attack on a specific person or organization, with the goal to penetrate their defenses.
The attack is done after research has been done on the target, and has a specific personalized component designed to make the target do something against his or her own interest.
Phishing Attack Surface
The quantity of emails exposed on the internet. The more email addresses exposed, the bigger the attack footprint is and the higher the risk for phishing attacks.
Phish-Prone Percentage
A term coined by KnowBe4 that indicates the percentage of employees that are prone to click on phishing links.
The customer starts with a baseline (a starting point used for comparison) percentage, which is the percentage of users who click on phishing links before being trained. Once trained, the test is done again 12 months later, to see the improvement.
Social Engineering
The act of manipulating people into performing actions or divulging confidential information.
The term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access.
Phishing and spear phishing are forms of social engineering. The user is tricked into opening an email and clicking on links that open a way into the computer. This allows the bad guys to enter into the user’s computer and computer network. The bad guys end up taking out valuable and confidential content like names, addresses, phone numbers, social security numbers, usernames, and passwords.
CEO Fraud
A spear phishing attack that targets high-risk users—people in Accounting, HR, or executive assistants—in which the hacker claims to be the CEO (or another executive) and urges an employee to do something that would not be authorized by the legitimate sender.
Smishing
Phishing conducted via Short Message Service (SMS), a telephone-based text messaging service.
A smishing text, for example, attempts to entice a victim into revealing personal information.
Email Spoofing
Spoofing (tricking or deceiving) computer systems or other computer users. Email spoofing involves sending messages from a bogus email address or faking the email address of another user. It’s a tactic used in phishing because people are more likely to open an email when they think it has been sent by a legitimate source.
Spoofing is a common tactic in CEO Fraud attacks.