Social Engineering Flashcards
An attempt by an attacker to convince someone to provide info or perform an action they wouldn’t normally do.
Social Engineering
Most common SE attack. Trick users into giving up personal information or click malicious links. #1 Attack for malware.
Phishing
Attackers trying to gain access to your usernames & passwords that might be stored on your local computer.
Credential Harvesting
Fake warning about a virus or other malicious code. Cause no damage, but their distribution causes fear and uncertainty. Use to spread “through email from a friend” but changed with social media.
Hoaxes
Attack strategy in which the attacker guesses or observes which websites an organization uses & infects one or more of them with malware.
Watering Hole Attack
Targets internet users who incorrectly type a URL into their web browser rather than using a search engine.
Typosquatting
Attacker tries to convince a victim to give up information to access a service or system. The attacker develops a story or pretext to fool the victim.
Pretexting
Strategic use of casual conversation to extract information without the arousing suspicious of the target.
Eliciting Information or Elicitation
SE attack intended to manipulate the thoughts of large groups of people.
Influence Campaign
Attack using mix of conventional or unconventional methods to carry out an influence campaign.
Hybrid Warfare
Computer controlled by an attacker which is used to send commands to systems compromised by malware and receive stolen data from a target network.
Command & Control
Adding words or phrases like ‘safe’ to a malicious file or suggesting topics via social engineering to uncover info.
Prepending
Type of phishing attack that happens through SMS text messaging on mobile.
Smishing
Type of phishing attack that targets high level executes.
Whaling
Phishing type of attack that relies on voice, phone calls, voicemails to steal confidential & corporate info.
Vishing
