Phishing

Question 1

Phishing

Answer 1

The process of attempting to obtain sensitive information such as usernames, passwords, and credit card details is done by pretending to be a trustworthy identity in bulk emails.
→ It is not the only method hackers use, but the main way.
→ All forms of phishing are a form of social engineering

Question 2

Spear phishing

Answer 2

Small, focused, targeted phishing attack on a specific person or organisation. Goal: Penetrating defences.

Question 3

Phishing attack surface

Answer 3

The number of emails exposed on the internet. More emails exposed = bigger attack footprint = higher risk of phishing attacks

Question 4

Phish-prone percentage

Answer 4

A term made up by kb, this percentage indicates the percentage of employees who are prone to clicking on phishing links.

Question 5

CEO fraud

Answer 5

Spear phishing attack that attacks high-risk employees (HR, Accounting, Executive assistants). The hacker claims to be the CEO. Urges employees to do something that the real sender would not authorize.

Question 6

Social engineering

Answer 6

The act of manipulating people into performing actions or revealing confident information.

Question 7

Smishing

Answer 7

Phishing via SMS

Question 8

Email spoofing

Answer 8

Sending messages from a fake email address or pretending to be another user. People think it comes from a trusted source and are more likely to open it.