Social Engineering Flashcards
What is phishing?
Phishing is a cyber attack method where attackers use deceptive emails or messages to trick individuals into revealing sensitive information, such as passwords or financial details.
What is a cyber attack method where attackers use deceptive emails or messages to trick individuals into revealing sensitive information, such as passwords or financial details.
Phishing
Smishing
Smishing is a form of phishing that involves using SMS or text messages to deceive individuals into disclosing personal information or clicking on malicious links.
Vishing
Vishing, or voice phishing, is a social engineering attack that uses phone calls to trick individuals into providing confidential information or performing actions detrimental to security.
What is a form of phishing that involves using SMS or text messages to deceive individuals into disclosing personal information or clicking on malicious links.
Smishing
What is a social engineering attack that uses phone calls to trick individuals into providing confidential information or performing actions detrimental to security.
Vishing
Spam
Spam refers to unwanted and unsolicited electronic messages, often in the form of emails, sent to a large number of users for advertising or malicious purposes.
What refers to unwanted and unsolicited electronic messages, often in the form of emails, sent to a large number of users for advertising or malicious purposes.
spam
SPIM
Spam over instant messaging. SPIM is the unsolicited distribution of messages over instant messaging platforms, similar to email spam but delivered through instant messaging services.
What is the unsolicited distribution of messages over instant messaging platforms, similar to email spam but delivered through instant messaging services.
Spim
Spear phishing
Spear phishing is a targeted phishing attack where cybercriminals customize deceptive messages to a specific individual or organization, increasing the likelihood of success.
What is a targeted phishing attack where cybercriminals customize deceptive messages to a specific individual or organization, increasing the likelihood of success.
Spear phishing
Dumpster diving
Dumpster diving is a physical security attack where attackers search through discarded materials, such as trash bins or recycling, to find sensitive information.
What is a physical security attack where attackers search through discarded materials, such as trash bins or recycling, to find sensitive information.
Dumpster diving
Shoulder surfing
Shoulder surfing is a type of security threat where an attacker observes a user’s sensitive information, such as passwords or PINs, by looking over their shoulder.
What is a type of security threat where an attacker observes a user’s sensitive information, such as passwords or PINs, by looking over their shoulder.
Shoulder surfing
Pharming
Pharming is a cyber attack that redirects website traffic to a fraudulent site, often without the user’s knowledge, to harvest sensitive information.
What is a cyber attack that redirects website traffic to a fraudulent site, often without the user’s knowledge, to harvest sensitive information.
Pharming
Tailgating
Tailgating occurs when an unauthorized person follows an authorized individual into a secure area, taking advantage of the momentary lapse in security.
What occurs when an unauthorized person follows an authorized individual into a secure area, taking advantage of the momentary lapse in security.
Tailgating
Eliciting information
Eliciting information is the practice of extracting sensitive or confidential details from individuals through conversation or manipulation.
What is the practice of extracting sensitive or confidential details from individuals through conversation or manipulation.
Eliciting information
Whaling
Whaling is a form of phishing that targets high-profile individuals, such as executives or CEOs, with the aim of stealing sensitive information or gaining unauthorized access.
What is a form of phishing that targets high-profile individuals, such as executives or CEOs, with the aim of stealing sensitive information or gaining unauthorized access.
Whaling
Prepending
Prepending can mean one of three things:
1. Adding an expression or phrase, such as adding “SAFE” to a set of email headers to attempt to fool a user into thinking it has passed an antispam tool
2. Adding information as part of another attack to manipulate the outcome (manipulate caller ID information to make a call appear legitimate)
3. Suggesting topics via a social engineering conversation to lead a target toward related information the social engineer is looking for
What is this an example of? A social engineering technique where attackers manipulate caller ID information to make a call appear more legitimate or trustworthy.
Prepending
Identity fraud
Identity fraud involves the unauthorized use of someone else’s personal information, such as name and financial details, for deceptive or criminal purposes.
What involves the unauthorised use of someone else’s personal information, such as name and financial details, for deceptive or criminal purposes.
Identity fraud
Invoice scams
Invoice scams involve fraudulent invoices or bills sent to individuals or businesses with the intention of tricking them into making unauthorised payments.
What involves fraudulent invoices or bills sent to individuals or businesses with the intention of tricking them into making unauthorised payments.
Invoice scams
Credential harvesting
Credential harvesting is the process of collecting usernames and passwords, often through phishing or other deceptive means, to gain unauthorized access to accounts.
What is the process of collecting usernames and passwords, often through phishing or other deceptive means, to gain unauthorized access to accounts.
Credential harvesting
Reconnaissance
Reconnaissance is the preliminary phase of an attack where attackers gather information about a target, including vulnerabilities and potential entry points.
What is the preliminary phase of an attack where attackers gather information about a target, including vulnerabilities and potential entry points.
Reconnaissance
Hoax
A hoax is a deceptive or misleading message or situation intended to trick individuals, often spread through various communication channels.
What is a deceptive or misleading message or situation intended to trick individuals, often spread through various communication channels.
Hoax
Impersonation
Impersonation is the act of pretending to be someone else, often with the intent to deceive or gain unauthorized access to information.
What is the act of pretending to be someone else, often with the intent to deceive or gain unauthorised access to information.
Impersonation
Watering hole attack
A watering hole attack involves compromising a website or online resource frequented by a target audience, exploiting their trust to deliver malware or conduct cyber attacks.
What involves compromising a website or online resource frequented by a target audience, exploiting their trust to deliver malware or conduct cyber attacks.
Watering hole attack
Typosquatting
Typosquatting is a cyber attack where attackers register domain names with slight misspellings of legitimate sites to trick users who make typographical errors.
What is a cyber attack where attackers register domain names with slight misspellings of legitimate sites to trick users who make typographical errors.
Typosquatting
Pretexting
Pretexting is a social engineering tactic where attackers create a fabricated scenario or pretext to trick individuals into revealing information or performing actions.
What is a social engineering tactic where attackers create a fabricated scenario or pretext to trick individuals into revealing information or performing actions.
Pretexting
Pretexting is often used in combination with which other social engineering attack?
Impersonation
Influence campaigns
Influence campaigns involve organized efforts to shape public opinion, often using social media and other communication channels to spread specific narratives or messages.
What involves organised efforts to shape public opinion, often using social media and other communication channels to spread specific narratives or messages.
Influence campaigns
What is an example of hybrid warfare?
In hybrid warfare, a state actor might use a combination of cyber attacks, disinformation spread through media outlets, and psychological operations to weaken the morale and resilience of an opponent’s population.
What is this an example of:
A state actor might use a combination of cyber attacks, disinformation spread through media outlets, and psychological operations to weaken the morale and resilience of an opponent’s population.
Hybrid warfare
What are tactics of influence campaigns using social media?
In the context of social media, influence campaigns involve organised efforts to shape public opinion, spread specific narratives, or manipulate social and political discourse. Tactics may include the creation and dissemination of content, the use of bots and trolls, and the amplification of certain messages to sway public sentiment.
What is an example of an influence campaign using social media?
A foreign actor might use social media platforms to disseminate false information, create divisive content, and exploit existing social and political tensions within a target country to foster discord and disrupt societal cohesion.
Define Hybrid Warfare
In hybrid warfare there is a convergence of cyber and traditional warfare, where influence campaigns, particularly those involving disinformation, play a pivotal role in shaping public opinion, often utilising social media as a key platform.
What principles do social engineering attacks use to maximise effectiveness? (7)
- Authority
- Intimidation
- Consensus
- Scarcity
- Familiarity
- Trust
- Urgency
