Social Engineering Flashcards
A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:
phising
It’s a type of social engineering attack where attackers pose as trustworthy entities to trick individuals into revealing sensitive information, such as passwords or financial data, or to click on malicious links. It’s a common tactic used to gain unauthorized access to systems or compromise personal information.
smishing
specifically related to text messaging (SMS), it stands for “SMS phishing.” Attackers send deceptive text messages to trick recipients into providing sensitive information or clicking on malicious links. It’s similar to traditional phishing, but it targets mobile devices through SMS rather than email.
vishing
Correct, “vishing” stands for “voice phishing.” It’s a social engineering technique where attackers use phone calls to deceive individuals into providing sensitive information or performing certain actions. They might impersonate trusted entities like banks or government agencies and use various tactics to manipulate victims into divulging personal or financial information. Vishing can also involve automated voice messages prompting recipients to call back and provide information, or to visit a fake website or call a fake number.
What type of spam relies on text-based communication?
SPIM. It involves the unsolicited sending of messages over instant messaging platforms. It’s similar to email spam but occurs through instant messaging services.
SPIT
SPIT” stands for “Spam over Internet Telephony.”
An example of SPIT could be receiving unsolicited automated voice messages advertising a product or service over a Voice over Internet Protocol (VoIP) service. For instance, you might receive a call promoting a dubious investment opportunity or offering a fake prize in exchange for personal information. These messages are similar to traditional email spam but are transmitted through voice channels instead.
Bluesnarfing
Bluesnarfing is a type of cyberattack where unauthorized access is gained to a Bluetooth-enabled device, such as a smartphone, tablet, or laptop, to steal data. It typically involves exploiting vulnerabilities in the Bluetooth protocol to access the device’s data, such as contacts, text messages, emails, and files, without the user’s knowledge or consent. Attackers can use this stolen information for various malicious purposes, including identity theft, financial fraud, or corporate espionage.
spear phishing
Spear phishing is a targeted form of phishing where attackers tailor their messages to specific individuals or organizations. Unlike traditional phishing attacks that cast a wide net, spear phishing emails are customized to appear more credible and personalized, often using information obtained from social media or other sources.
Dumpster Diving
the term “Dumpster diving” is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.
pharming
Pharming is a cyberattack where attackers manipulate the Domain Name System (DNS) or compromise a user’s hosts file to redirect them to a fake website, typically designed to mimic a legitimate one. The goal of pharming is to trick users into visiting the fake website, where they may unknowingly enter sensitive information such as login credentials, credit card numbers, or personal details. This stolen information can then be used for various malicious purposes, such as identity theft or financial fraud. Pharming attacks can be particularly dangerous because they can be difficult for users to detect since they are redirected to fraudulent sites without their knowledge or consent.
elicitation
Elicitation is a technique used by attackers to gather information from individuals or organizations through subtle and indirect means. It involves skillfully extracting information by asking leading questions, engaging in casual conversation, or leveraging psychological tactics without arousing suspicion.
whaling
while both spear phishing and whaling are targeted phishing attacks, spear phishing focuses on specific individuals or groups within an organization, whereas whaling targets high-profile individuals or executives with greater authority and access to valuable resources.
typosquatting / url hijacking
Typosquatting, also known as URL hijacking, is a malicious tactic where attackers register domain names that are similar to legitimate ones but contain slight misspellings or typographical errors. These deceptive domain names are often used to trick users who mistype or misspell a website’s URL into visiting the attacker-controlled site instead of the intended destination.
data URL phishing
Data URL phishing, attackers embed malicious code or sensitive data within the URL itself, typically by encoding it using the data URI scheme. This technique allows attackers to bypass traditional security measures and deceive users into clicking on seemingly harmless links that actually lead to malicious content or websites.
prepending
Prepending is a type of data url phishing that involves adding this encoded data to the beginning of a URL, making it appear legitimate to unsuspecting users.
Virus hoax
An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message