Social Engineering Flashcards
What is social engineering?
Manipulative strategy exploiting human psychology for unauthorized access to systems, data, or physical spaces.
6 Types of Motivational Triggers
Authority
Urgency
Social proof
Scarcity
Likability
Fear
4 Main forms of Impersonation
Impersonation
Brand Impersonation
Typosquatting
Watering Hole Attacks
What is Impersonation?
How to mitigate it?
An attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data.
Providing security awareness training to their employees on a regular basis.
What is Brand Impersonation?
How to protect against it?
A more specific form of Impersonation where an attacker pretends to represent a legitimate company or brand.
- Educate their users
- Use secure email gateways to filter phishing emails
- Monitor their brand’s online presence to detect any fraudulent activities
What is Typosquatting?
How to combat it?
Also known as URL Hijacking or cybersquatting
A form of cyber attack where an attacker will register a domain name that is similar to a popular website but contain some kind of typographical errors.
- Register common misspellings of their own domain names
- Use services that monitor for similar domain registrations
- Conduct user security awareness training .
What are Watering Hole Attacks?
How to mitigate them?
Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use.
- Keep systems and software updated.
- Use threat intelligence services to stay informed.
- Employ advanced malware detection and prevention tools.
What is Pretexting?
How to mitigate it?
Gives some amount of info that seems true so that the victim will give more info.
Employee training not to fall for pretext.
What are the 6 types of Phising Attacks?
Phising
Spear Phising
Whaling
Business Email Compromise (BEC)
Vishing
Smishing
What is Phishing?
Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal info , such as passwords and credit card numbers
What is Spear Phising?
Phishing focused on a specific group of individuals or organizations.
What is Whaling?
Spear Phishing that targets high-profile individuals i.e. CEOs or CFOs.
What is Business Email Compromise (BEC)?
Phishing Attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacker.
What is Vishing?
Attacker tricks their victims into sharing personal or financial info over the phone.
What is Smishing?
Using text messaging to trick individuals into providing their personal info.