Social Engineering Flashcards
What Is Phishing?
Sent Usually In Email Form but can use other method of delivery
Trying To Get You To Press A Link To Gather Personal Information
Social Engineering With Spoofing
What Is Spoofing?
When You Hide Your True Identity and Pretend To Be Someone Else to Trick The Recipient
What Is Typosquatting?
This is a type of URL hijacking, its where the URL looks similar to the real website or what the user is expecting
True Site - www.google.co.uk
Fake Site - www.gogle.co.uk
What Is Prepending?
This Is Where the hacker adds something onto the beginning of the URL so fool the recipient
What Is Pretexting?
Hacker Lying to Gain Information
Hacker Might be a character in a situation they create
Pretending to be from Amazon, Bank or Similar to gain information
What Is Pharming?
Redirection Of A Real Site To A Fake Site
This might be due to a website, DNS or client vulnerability
What Is Vishing?
Same as Phishing but over Voice (phone) instead
They may use Caller ID Spoofing to show a real number but they might be calling from a different number
The goal Is the same as phishing, its an attempt to gain person infomation
What Is Smishing?
Same as Phishing but over text
They spoof the caller ID to pretend to be from an actual legit company or person you recognise
They attempt to gain personal information via reply or links
Why Would Hackers Use Phishing?
They need to gain information on a person, they may not attempt to attack straight away but will gather information first to make the phish more likely to succeed
What Is Spearphishing?
This is a targeted phishing attempt on a certain person / company
What Is Whaling?
When they target a CEO or someone with full control over an accounts system to gain entry
What Would Be Considered Pre Text In Impersonation?
This would be where they set a trap before they attack
There would be an actor and a story
Essentially The Bit Before The Attack
What Is Impersonation?
Hackers Pretend To Be Someone They Are Not
They Will Impersonate Someone You May Trust OR Believe
This is why they use Pre Text Before An Attack
What Is Eliciting Information?
Where the hacker extracts information from the victim
They often don’t know its even happening as they believe the hacker
This is common with Vishing
What Is Dumpster Diving?
Checking Whats Been Thrown Out
The Attacker Will Review The Trash And See What Information It Has
This can then be used for attack
Is Dumpster Diving Legal?
It can be, it depends on where you are but generally if something is chucked away as rubbish you can collect it
What Is Shoulder Surfing?
Someone Checking Whats On Your Screen
Essentially ‘looking over there shoulder’
What Can You Do To Limit Shoulder Surfing?
Use Privacy Filters
Be aware of surroundings
Ensure Monitors Are Not In View
What Is A Computer Hoaxes
A threat that doesnt exist but could be real
What Are Types Of Computer Hoaxes
Fake Virus Pop Up
Fake Malware Warning
Email Stating You Have Won Money and TO Contact Somone to Claim
Essentially A Fake Issue Or Similar to get the victim to call or purchase something
What Is A Watering Hole Attack?
A watering hole attack works by identifying a website that’s frequented by users within a targeted organisation, or even an entire sector, such as defence, government or healthcare.That website is then compromised to enable the distribution of malware.
The attacker identifies weaknesses in the main target’s cyber-security, then manipulates the watering hole site to deliver malware that will exploit these weaknesses
Why Use A Watering Hole Attack?
This would be used if a network is very secure and the hackers are trying to find a way in, by using a 3rd party site they are not gaining access via the main network but rely on the users to visit the 3rd party side to then gain access to the main network
What Is Defence In Depth?
This is layered defence to cover all entry points in a network
What IS Spam?
Unsolicited Message
This could be via email, advert, pop up
Spam can also be used in phishing to get personal information
What is SPIM?
Spam over instant message
How To Reduce Mail Spam
Spam System / Spam Filter
What Tools Would A Spam System Use To Detect and Reduce Spam?
rDNS - Reverse DNS, ensure the senders domain matches the IP address its come from
Allow and Block List - does require user management but only allowing emails from safe senders
SMTP Standard Checking - Running checks on sending email system to ensure it complies with RFC standard
What is Tarpitting?
This slows down the mail server on purpose to frustrate the spammer so they skip over your network
What Is An Influence Campaigns?
This is where hackers create fake users and content and spread it around as such can influence real people
What Is Tailgating?
Uses an authorised person to gain unauthorised access
What Is Credential Harvesting?
Might Be Known As Password Harvesting
Its where hackers attempt to access credentials on your network
They will try and run a script on a local computer via a link in an email or similar
