Social Engineering Flashcards

1
Q

Spear Phishing

A

An attempt to fraudulently obtain information from a user, usually by email that targets a specific individual

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Whaling

A

A form of spear phishing that directly targets the CEO, CFO, CIO, CSO, or other high-value target in an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Smishing

A

Phishing conducted over text messaging (SMS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vishing

A

Phishing conducted over voice and phone calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Pharming

A

Phishing attempt to trick a user to access a different or fake website (usually by modifying hosts file)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Motivation Factors

A

Authority
People are more willing to comply with a request when they think it is coming from someone in authority
Use of recognizable brand names like a bank or PayPal could be considered a form of authority

Urgency
People are usually in a rush these days and urgency takes advantage of this fact

Social Proof
People are more likely to click on a link through social media or based on seeing others have already clicked on it

Scarcity
Technique that relies on the fear of missing out on a good deal that is only offered in limited quantities or a limited time

Likeability
A technique where the social engineer attempts to find common ground and shared interests with their target

Fear
The use of threats or demands to intimidate someone into helping you in the attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Diversion Theft

A

When a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Baiting

A

When a malicious individual leaves malware-infected removable media such as a USB drive or optical disc lying around in plain view

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Piggybacking

A

When an unauthorized person tags along with an authorized person to gain entry to a restricted area

(Tailgating with consent)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Watering Hole Attack

A

When an attacker figures out where users like to go, and places malware to gain access to your organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Prepending

A

A technical method used in social engineering to trick users into entering their username and passwords by adding an invisible string before the weblink they click

The prepended string (data:text) converts the link into a Data URI (or Data URL) that embeds small files inline of documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Influence Operations/Influence Campaign

A

The collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent

Influence operations is the military term, but CompTIA uses the term influence campaign

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Hybrid Warfare

A

A military strategy which employs political warfare and blends conventional warfare, irregular warfare and cyberwarfare with other influencing methods, such as fake news, diplomacy, and foreign electoral intervention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Clean Desk Policy

A

Policy where all employees must put away everything from their desk at the end of the day into locked drawers and cabinets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Pretexting

A

Lying to get info

Attacker is a character in a situation they create

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Typosquatting

A

https://professormessor.com (instead of https://professormessEr.com)
Purposely misspells domains for malicious purposes