Section 5.40 Phishing Attacks Flashcards

Objectives 2.2 Explain common threat vectors and attack surfaces Objectives 5.6 Given a scenario, implement security awareness practices

1
Q

6 phishing attack examples

Different Types of Phishing Attacks

A
  1. Phishing
  2. Spear Phishing
  3. Whaling
  4. Business email compromise (BEC)
  5. Vishing
  6. Smishing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Different Types of Phishing Attacks

Phishing

A

Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information, such as passwords and credit card numbers.

e.g If you click on a link which you think is google and you enter username and password the attacker can use these details for malicious activity

Spray and pray approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Spear Phishing

A

More targeted form of phishing that is used by cybercriminals who are more tightly focused on a specific group of individuals or organizations. This has a higher success rate

e.g Attacker has emails of the customers of a bank. The attacker then sends them an email which seems legit asking for private information

Targeted approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Whaling

A

Form of spear phishing that targets high-profile individuals, like CEOs or CFOs

Attacker isn’t trying to catch the little fish in an organization, but instead they want to catch one of the executives, board members, or higher level managers in the company since the rewards are potentially much greater

Often used as an initial step to compromise an executive’s account for subsequent attacks within their organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Business email compromise (BEC)

A

Sophisticated type of phishing attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacker

Taking over a legitimate business email accounts through social
engineering or cyber intrusion techniques to conduct unauthorised fund transfers, redirect payments, or steal sensitive information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vishing

A

Attacker tricks their victims into sharing personal or financial information over the phone

e.g Attacker acting as a Bank exec calling customer to gain priivate information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Smishing

A

Involves the use of text messages to trick individuals into providing their personal information

SMS

SMS Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly