Social Engineering Flashcards
Social Engineering
strategy that exploits human psychology to gain access
Social Engineering Factors (A U S S L F)
Authority, Urgency, Social Proof, Scarcity, Likability, and Fear
Impersonation
the adversary assumes the identity of another person to gain access
Brand Impersonation
where an attacker pretends to represent a legitimate company
Typo squatting
when an attacker registers a domain name similar to a popular website but not exact
Watering Hole Attack
an attack where you target the dependency website of the target to attack from there
Pretext
giving information that may be true to bait revealing more information
Phishing
Fraudulent attack using deceptive emails from trusted sources to trick users and harvest their information
Spear Phishing
a targeted version of phishing focused on a specific group of individuals
Difference between phishing and spear phishing
phishing is a spray and pray, spear phishing targets users
Whaling Spear Phishing
targets high profile targets
Business Email Compromise (BEC)
a phishing attack that uses internal email accounts within a company
Vishing
the phone based phishing attempt
Smishing
the ms-based phishing attempt
Anti-Phishing Campaign
tool for educating employees about phishing risk and prevention
Fraud
the wrongful or criminally deceitful intention to result in financial or personal gain
Identity Fraud
the use of one person of another person’s personal information
Identity Fraud vs Theft
In Fraud, the attacker takes the person’s credit card number and makes charges; In theft, the attacker is trying to assume the identity of the victim
Scam
a fraudulent or deceptive act/operation
Invoice Scam
a person is tricked into paying for a fake invoice that they didn’t order
Influence Campaign
used to create misinformation and disinformation
Misinformation
inaccurate information shared unintentionally
Disinformation
intentional spread of false information
Diversion Theft
manipulating a situation or creating a distraction to steal information
