Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

istm 655 > Social Engineering > Flashcards

Social Engineering Flashcards

1
Q

Define Social Engineering

A

At its core it is manipulating a person into knowingly or unknowingly giving up information; essentially ‘hacking’ into a person to steal valuable information.
- Psychological manipulation
- Trickery or deception for the purpose of information gathering
It is a way for criminals to gain access to information systems. The purpose of social engineering is usually to secretly install spyware, other malicious software or to trick persons into handing over passwords and/or other sensitive financial or personal information
the most effective routes to stealing confidential data from organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

List the 6 types of Social Engineering Attacks

A
  1. Phishing
  2. Vishing and Smishing
  3. Pretexting
  4. Baiting
  5. Tailgating and Piggybacking
  6. Quid Pro Quo
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List 3 different types of phishing

A
  1. Deceptive Phishing
  2. Spear Phishing
  3. Whaling
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Deceptive Phishing

A
  • Legitimate Links
  • Company Logos & Theme
  • Copy of Landing/Login Page
  • Shortened URL & Redirects
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Spear Phishing

A

an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Whaling

A
  • Similar to spear phishing
  • Aimed at executives of a company
  • Goal is to gain access to an administrator account
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

List 5 ways to prevent Phishing

A
  1. Employee awareness !
  2. Multistep verification
  3. Data protection policies
  4. Social media education
  5. Anti-phishing tools and organizations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Vishing

A

the use of telephony to conduct phishing attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define Smishing (SMS phishing)

A

the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define Pretexting

A

cybercriminal stages a scenario that baits victims into providing valuable information they wouldn’t have otherwise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Baiting

A

relies on
- curiosity or greed of the victim
- promise of an item or good that hackers use to entice victims

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define Quid Pro Quo

A

Hacker requesting the exchange of critical data or login credentials in exchange for a service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Solution to QPQ

A

dont give personal account information unless you initiated the exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Google Dorking

A

A hacking technique that makes use of Google’s advanced search services to locate valuable data or hard-to-find content.
- A search string or custom query that uses advanced search operators to find information not readily available on a website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What can Google Dorking be used to retrieve

A
  • usernames and passwords
  • email address lists
  • sensitive documents
  • personally identifiable information
  • personally identifiable financial information
  • website vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the NSA recommended steps for secure conversion and redaction of Word Documents

A
  1. Create a copy of the original document.
  2. Turn off “Track Changes” on the copy and remove all visible comments.
  3. Delete any sensitive information from the document that you wish to redact.
  4. Use the Microsoft Office Document Inspector to check for any unwanted metadata. (File -> Info -> Check for issues)
  5. Save the new document and convert it to a PDF file.
  6. Use the Sanitize Document tool in Acrobat Professional as a second check before releasing the redacted PDF.
17
Q

List some ways to Protect Yourself

A

-A security aware culture can help employees identify and repel social engineering attacks
- Recognize inappropriate requests for information
- Take ownership for corporate security
- Understand risk and impact of security breeches
- Social engineering attacks are personal
- Password management
- Two factor authentication
- Physical security
- Understand what information you are putting on the - - Web for targeting at social network sites
- Network defenses to repel virus
- Virus protection (McAfee, Norton, Symantec, etc…)
- Email attachment scanning
- Firewalls, etc…
- Organizations must decide what information is sensitive
- Security must be periodically tested
- Contact your security office immediately if you have any concerns at work

istm 655 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions