Social Engineering Flashcards
Attack against user and involves some form of social interaction
Social Engineering
Why is social engineering effective?
it preys on people’s basic desire to be helpful and the desire to avoid confrontations.
Attacker sends emails masquerading as a trusted entity (such as a bank) to a bulk of recipients in an attempt to obtain sensitive information. This attack is generally not targeted at any particular group, but rather, just sent in bulk, casting a wide net and hoping to get who they can.
Phishing
This term refers to a phishing attack that is targeted at a specific group. If an attacker were to obtain a list of
specific users and their email addresses, they could exploit this to target those specific users. In the instance of a bank, if I were to receive a message from a bank that I didn’t use, I’d probably know the email was a phishing email. But if the email were to
come from my bank, I might be more susceptible to respond. With spear phishing, the success rate of the attacks increases significantly.
Spear Phishing
Phishing attack to a high value target such as CXO of a company
Whaling
Phishing attempts using variations of voice communication technology.
Vishing
Act of going through trash to find valuable information that might be used in penetration attempts.
Dumpster Diving
Indirect interaction that attackers use to observe individuals entering sensitive information.
Shoulder surfing
Regular occurrence on most social media sites - suggestion to make change
Hoax
First identified by RSA, this type of attack involves infecting a website with malware. As users visit the site, they unknowingly pull down malware to their system. Named for the way predators wait for prey near their watering hole, attackers similarly plant malware at sites frequently visit.
Watering Hole Attack
