Phishing Flashcards
Social Engineering (Context of Information Security)
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.
Spoofing (Context of Information Security)
A spoofing attack is a situation in which a person or program successfully identifies as another by falsifying data, to gain an illegitimate advantage. e.g. A fake identical website
Typosquatting
A spoofing attack that takes the URL of a website but with misspelling/typo.
https: //Leo.com (Real)
https: //Loe.com (Typosquatting)
https: //Lleo.com (Prepending)
Pretexting
- Lying to get information.
- Attacker calls and acts as if they are a representative of a company. e.g. utility service or phone carrier
Pharming
Redirecting a legit website to a bogus website by using a poisoned DNS server or client vulnerability
Phishing
Collecting access credentials
Vishing
Voice phishing - spoofing a phone number. Fake security checks or bank updates
Smishing (SMS phishing)
Spoofing via text message or links asking for personal information
Attacker Reconnaissance
They gather information about you on Facebook, Twitter, Instagram etc. and build a believable pretext about you before they attempt their phishing attack. Where you work, where you bank, family and friends.
Spear phishing
Very specific targeted phishing attack
Whaling
Spear fishing a VIP such as a CEO, CFO, etc. Generally people with critical access or knowledge