Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security_cert > Social Engineering > Flashcards

Social Engineering Flashcards

1
Q

Phishing - combination of social engineering and spoofing

A

Spoofing - (disguising one computer resource as another)
Attacker sets up spoof website to imitate target bank or eCommerce provider secure website.Attacker emails users of genuine site informing them their account must be updated, supplying a desguised link that actually lads to spoofed site. When user authenticates with the spoofed site, their log on details are captured
Spawn a pop-up window to enter user credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Spear Phishing and Whaling

A

Spear Phishing is the attacker has some information that makes the target more likely to be fooled by the attack.
Attacker might know a document with users name
Whaling is a spear phishing attack aimed at upper levels of management (CEOs and other “big beasts”.
Senior managers are more vulnerable because of their reluctance to learn basic security procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vishing - Phishing conducted through a voice channel (Telephone or VOIP)

Tailgating (Piggybacking) - entering secure area without authorization

A

Someone fraudulently representing bank calls a user to verify bank account information.
It is difficult to refuse a call from someone rather than an email.
SMiShing refers to fraudulent SMS texts
Tailgating - performed by following closely behind someone at a checkpoint.
Can be performed as an insider allowing access without recording entry in building’s entry log.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Impersonation - Pretending to be someone else

Dumpster diving-combing through organization’s and individual’s refuse to find useful documents.

A

Impersonation is one of basic social engineering techniques.
Classic is someone phoning into a department claiming to adjust someting on users system remotely and get user to reveal password.
Attacker must be convincing and persuasive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Shoulder Surfing

Hoax-

Watering Holes

A

Shoulder surfing is stealing a password by watching user type it. Attacker does not have to be in close proximity, use high-powered binoculars or CCTV to directly observe target remotely.
Hoax - email that states some sort of security problem and offer tool to fix it. The tool is a Trojan horse.
Criminals use sophisticated scams to trick users to reveal log-in credentials or financial account details.
Watering Holes - directed social engineering attack, group uses an unsecured 3rd party website.
Example: attacker compromises retail website, install malware on retail employee’s computers and penetrate their systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Principles of Social Engineering

A 
Authority
Intimidation
Consensus
Scarcity
Familiarity
Trust
Urgency
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security_cert (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions