Practice Test 1 Flashcards
smishing
Smishing is a type of phishing attack that occurs via SMS (Short Message Service) or text message. Attackers use deceptive text messages to trick recipients into revealing sensitive information or clicking on malicious links.
The practice of using a telephone system to manipulate user into disclosing confidential information is known as:
Vishing
During a vishing attack, attackers may impersonate trusted entities such as banks, government agencies, or tech support representatives. They use various tactics to manipulate their victims, such as creating a sense of urgency or fear, offering fake incentives, or pretending to have important information about the victim.
SPIM AND SPIT
SPIM stands for “Spam over Instant Messaging,” referring to unsolicited messages sent through instant messaging (IM) platforms. SPIM is similar to email spam but occurs within instant messaging applications.
SPIT stands for “Spam over Internet Telephony,” which involves unsolicited, unwanted, or irrelevant advertising messages sent over internet telephony, such as VoIP (Voice over Internet Protocol) calls. SPIT can be disruptive and intrusive, much like email spam or telemarketing calls.
Phishing scams targeting a specific group of people are referred to as:
spear phishing
“Dumpster diving”
Sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks.
Pharming
Pharming is a cyber attack where attackers redirect website traffic to a fraudulent website by altering the DNS (Domain Name System) records or by compromising a DNS server. This can lead users to unwittingly disclose sensitive information, such as usernames, passwords, or financial details, to the attackers.
Tailgating
Tailgating, also known as piggybacking, is a physical security threat where an unauthorized person follows an authorized individual into a restricted area or facility without proper authentication or authorization. This often occurs when someone holds the door open for another person without verifying their identity or credentials, allowing them to gain unauthorized access to a secure area.
Elicitation
Elicitation is a social engineering technique used by attackers to gather information from individuals or organizations through casual conversation, manipulation, or other means without raising suspicion. Attackers use elicitation to extract sensitive information, such as passwords, company policies, or security procedures, by exploiting human psychology and communication skills.
bracketing
Bracketing is a technique used in penetration testing or ethical hacking where varying degrees of attacks are launched against a target system to identify its vulnerabilities and weaknesses. This involves testing the system with both low-impact and high-impact attacks to assess its resilience and potential points of entry for malicious actors.
Confidential bait
“Confidential bait” is a social engineering tactic where attackers use fake or enticing information, often presented as confidential or sensitive, to manipulate individuals into divulging valuable information or taking specific actions. This could include enticing emails or messages claiming to contain privileged information or insider knowledge, designed to trick recipients into providing sensitive data or performing actions that compromise security.
Deliberate false statements
“Deliberate false statements” are intentionally misleading or untrue statements made with the intention to deceive or mislead others. In the context of security, this could involve attackers spreading false information to manipulate individuals or organizations into taking actions that compromise their security or divulging sensitive information.
Whaling
Whaling is a type of phishing attack that specifically targets high-profile individuals or executives within an organization. Attackers aim to deceive these individuals into divulging sensitive information, such as login credentials or financial data, or to trick them into performing certain actions that could compromise the organization’s security. Whaling attacks often involve sophisticated social engineering techniques tailored to the target’s role and responsibilities.
typosquatting
Typosquatting, also known as URL hijacking, is a malicious practice where attackers register domain names that are similar to legitimate websites but contain typographical errors or common misspellings. The goal is to capitalize on user mistakes when typing a website address into a browser, leading them to the attacker’s fraudulent website instead of the intended destination. Typosquatting can be used for various nefarious purposes, including phishing, malware distribution, or collecting sensitive information.
virus hoax
A virus hoax is a false warning or alarm about a non-existent computer virus or malware threat. These hoaxes typically spread through email, social media, or online forums, often containing exaggerated or entirely fabricated claims about the capabilities or effects of a supposed virus. Virus hoaxes can cause unnecessary panic, waste resources as users attempt to mitigate non-existent threats, and sometimes even lead to the installation of actual malware as users download fake security software in response to the hoax.
watering hole attacks
Watering hole attacks are a type of cyber attack where attackers compromise websites that are frequently visited by their intended targets. The goal is to infect the visitors’ devices with malware by exploiting vulnerabilities in their browsers or plugins. This technique allows attackers to target specific groups or organizations by compromising websites they are likely to visit, hence the analogy to predators waiting near a watering hole for their prey.