Security + Social Engineering Flashcards
Privilege escalation
technique that allows an attacker to gain higher-level access to a system or network than they originally had.
Shoulder surfing
technique used in cyber security to steal personal information by looking over a victim's shoulder
.
Phishing
when attackers send scam emails (or text messages)
that contain links to malicious websites.
Spear phishing
tactic that involves sending emails to specific people or departments
within an organization, appearing to come from a trusted source,
smishing
uses **fake mobile text messages **to trick people into *downloading malware*
,
sharing sensitive information or sending money to cybercriminals
Vishing
uses the PHONE
to trick people into sharing sensitive information.
Pharming
redirects a user’s traffic to a fake website
without their knowledge or consent.
The goal is to steal sensitive information
Whaling
targets high-ranking executives
or other people with significant authority in an organization.
SPIM
Spam over Instant Messaging
SPIT (Spam over Internet Telephony
)
fills a voicemail box
with bogus voicemails.
Tailgating
occurs when an **unauthorized person ** gains access to a secure area by following someone
who has legitimate credentials.
Virus hoax
The **message is forwarded **to you by a friend or colleague. The message usually does not contain an attachment.
Watering hole attack
targets a group of users by infecting websites
they frequently visit.
The goal is to infect the target’s computer with malware
2019 Holy Water Campaign
In 2019, a watering-hole attack, called Holy Water Campaign, targeted Asian religious and charity groups. Victims were prompted to update Adobe Flash which triggered the attack. It was creative and distinct due to its fast evolution. The motive remains unclear.
Dumpster diving
the act of extracting information from discarded physical or digital waste
Impersonation
where an adversary pretends to be a **trusted person **or organization to gain access to sensitive resources.