Social Engineering Flashcards
what is Phishing?
The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
What is typosquatting?
preying on people making typos in the url bar.
example: ffacebook.com or facebok.com
What is pharming?
Basically mass phishing.
Typically redirection from a Poisoned DNS server or when a website has been completely taken over.
What is vishing?
Voice Phishing
Commonly combined with caller id spoofing
What is smishing?
sms phishing
spoofing is a problem here as well
texting phishing
What is spear phishing?
targeted phishing with inside information gained through reconnaissance
what is whaling?
targeting a c level executive with a phishing attack. typically the ceo or cfo
What is shoulder surfing?
In its simplest terms it is looking at what someone is doing on their screen or any device without them knowing
It can be from right behind them, or from one building to another with binoculars.
What is a watering hole attack?
After a bit of research attackers will exploit a 3rd party that your employees interact with or “drink from”.
Such as a local sandwich shop that is common for lunch.
It would infect all users visiting the website but they are only after specific targets from your company.
What is spim?
Spam over instant messaging.
What is tailgating?
Using an authorized person to gain unauthorized access to a building or area.
What is a invoice scam?
Starts with a bit of spear phishing.
An attacker Finds out who pays the invoices in an organization and sends a fake invoice to be paid.
Spoofing will typically be involved in the “from” field.
What is credential harvesting?
Also called password harvesting.
Taking stored passwords from your local machine, there are a lot of them stored on each local machine.
A user will open an email with a malicious Microsoft Word doc, a macro will run automatically, which will go into the operating system, extract the credentials, and then send them off to the attacker.
