Social Engineering Flashcards
Spear Phishing
An attempt to fraudulently obtain information from a user, usually by email that targets a specific individual
Whaling
A form of spear phishing that directly targets the CEO, CFO, CIO, CSO, or other high-value target in an organization
Smishing
Phishing conducted over text messaging (SMS)
Vishing
Phishing conducted over voice and phone calls
Pharming
Phishing attempt to trick a user to access a different or fake website (usually by modifying hosts file)
Motivation Factors
Authority
People are more willing to comply with a request when they think it is coming from someone in authority
Use of recognizable brand names like a bank or PayPal could be considered a form of authority
Urgency
People are usually in a rush these days and urgency takes advantage of this fact
Social Proof
People are more likely to click on a link through social media or based on seeing others have already clicked on it
Scarcity
Technique that relies on the fear of missing out on a good deal that is only offered in limited quantities or a limited time
Likeability
A technique where the social engineer attempts to find common ground and shared interests with their target
Fear
The use of threats or demands to intimidate someone into helping you in the attack
Diversion Theft
When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location
Baiting
When a malicious individual leaves malware-infected removable media such as a USB drive or optical disc lying around in plain view
Piggybacking
When an unauthorized person tags along with an authorized person to gain entry to a restricted area
(Tailgating with consent)
Watering Hole Attack
When an attacker figures out where users like to go, and places malware to gain access to your organization
Prepending
A technical method used in social engineering to trick users into entering their username and passwords by adding an invisible string before the weblink they click
The prepended string (data:text) converts the link into a Data URI (or Data URL) that embeds small files inline of documents
Influence Operations/Influence Campaign
The collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent
Influence operations is the military term, but CompTIA uses the term influence campaign
Hybrid Warfare
A military strategy which employs political warfare and blends conventional warfare, irregular warfare and cyberwarfare with other influencing methods, such as fake news, diplomacy, and foreign electoral intervention
Clean Desk Policy
Policy where all employees must put away everything from their desk at the end of the day into locked drawers and cabinets
Pretexting
Lying to get info
Attacker is a character in a situation they create
