Phishing Flashcards
Phishing
The process of attempting to obtain sensitive information such as usernames, passwords, and credit card details is done by pretending to be a trustworthy identity in bulk emails.
→ It is not the only method hackers use, but the main way.
→ All forms of phishing are a form of social engineering
Spear phishing
Small, focused, targeted phishing attack on a specific person or organisation. Goal: Penetrating defences.
Phishing attack surface
The number of emails exposed on the internet. More emails exposed = bigger attack footprint = higher risk of phishing attacks
Phish-prone percentage
A term made up by kb, this percentage indicates the percentage of employees who are prone to clicking on phishing links.
CEO fraud
Spear phishing attack that attacks high-risk employees (HR, Accounting, Executive assistants). The hacker claims to be the CEO. Urges employees to do something that the real sender would not authorize.
Social engineering
The act of manipulating people into performing actions or revealing confident information.
Smishing
Phishing via SMS
Email spoofing
Sending messages from a fake email address or pretending to be another user. People think it comes from a trusted source and are more likely to open it.