Phishing Drill Flashcards

1
Q

Phishing is…

A

the process of attempting to acquire sensitive information such as usernames, passwords, and credit card details. It’s done by masquerading as a trustworthy entity on bulk email, which tries to evade spam filters.

Emails claiming to be from popular social websites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It’s a form of criminally fraudulent social engineering.

For example, the cyber criminals (bad guys) put together and send an email that looks like it comes from Chase Bank, saying you need to pay your credit card. This is phishing because it’s an attempt by the bad guys to get you to click on something or fill something out that gives them your information—in this case, your banking login information.

Phishing is the major tool used by the bad guys to get users to click on something and lead them to confidential information, like usernames, passwords, social security numbers, names, etc. It’s not the only way to get the information, but it’s one of the main ways.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

spear phishing:

A

A small, focused, targeted phishing attack on a specific person or organization, with the goal to penetrate their defenses.

The attack is done after research has been done on the target, and has a specific personalized component designed to make the target do something against his or her own interest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

phishing attack surface:

A

The quantity of emails exposed on the internet. The more email addresses exposed, the bigger the attack footprint is and the higher the risk for phishing attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Phish-prone Percentage:

A

A term coined by KnowBe4 that indicates the percentage of employees that are prone to click on phishing links.

The customer starts with a baseline (a starting point used for comparison) percentage, which is the percentage of users who click on phishing links before being trained. Once trained, the test is done again 12 months later, to see the improvement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

social engineering:

A

The act of manipulating people into performing actions or divulging confidential information.

The term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access.

Phishing and spear phishing are forms of social engineering. The user is tricked into opening an email and clicking on links that open a way into the computer. This allows the bad guys to enter into the user’s computer and computer network. The bad guys end up taking out valuable and confidential content like names, addresses, phone numbers, social security numbers, usernames, and passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CEO fraud:

A

A spear phishing attack that targets high-risk users—people in Accounting, HR, or executive assistants—in which the hacker claims to be the CEO (or another executive) and urges an employee to do something that would not be authorized by the legitimate sender.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

vishing (voice phishing):

A

A phishing attack conducted by telephone. Vishing is the phone equivalent of a phishing attack.

There are two forms of this: human and automated. In the human example, a scam artist uses the anonymity of a phone call and pretends to be a representative of their target’s bank or credit card company, etc. They manipulate the victim to enter their PIN, credit card number, or bank account (and routing number) with the phone keypad. This allows the scammer to get instant access to another person’s bank credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

smishing:

A

Phishing conducted via Short Message Service (SMS), a telephone-based text messaging service.

A smishing text, for example, attempts to entice a victim into revealing personal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

email spoofing:

A

Spoofing (tricking or deceiving) computer systems or other computer users. Email spoofing involves sending messages from a bogus email address or faking the email address of another user. It’s a tactic used in phishing because people are more likely to open an email when they think it has been sent by a legitimate source.

Spoofing is a common tactic in CEO Fraud attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly