Social Engineering Flashcards
Phishing
Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in a digital communication.
Smishing
SMS phishing
Vishing
Vishing is a social engineering attack that attempts to trick victims into giving up sensitive information over the phone.
Spear phishing
Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons.
Whaling
A whaling attack is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization, with the aim of stealing money or sensitive information or gaining access to their computer systems for criminal purposes.
Dumpster diving
Dumpster Diving is investigating a person or business’s trash to find information that can be used to attack a computer network. Dumpster divers locate financial statements, government records, medical bills, résumés, and the like simply through exploring the victim’s rubbish.
Shoulder surfing
Shoulder surfing occurs when someone watches over your shoulder to nab valuable information such as your password, ATM PIN, or credit card number, as you key it into an electronic device.
Social Engineering
Authority, Intimidation, Consensus, Scarcity, Familiarity, Trust, Urgency
Pharming
Pharming is a cyberattack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.
ipconfig /displaydns
C:\Windows\System32\drivers\etc\hosts
Spam
Spam email is unsolicited and unwanted junk email sent out in bulk to an indiscriminate recipient list. Typically, spam is sent for commercial purposes. It can be sent in massive volume by botnets, networks of infected computers.
Spim
Spam over internet messengers
Tailgating, Piggybacking
In these types of attacks, someone without the proper authentication follows an authenticated employee into a restricted area. The attacker might impersonate a delivery driver and wait outside a building to get things started.
Man traps
A mantrap, air lock, sally port or access control vestibule is a physical security access control system comprising a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens.
Prepending attack
Adding and extension or phrase to email header to fool user, adding information to manipulate user, suggesting topics via conversation to try to get information.
Identity Fraud
When a stolen identity is used, identity theft.
Invoice Scams
Companies look legitimate and try to get you to pay fake invoices.
Credential / Password Harvesting
Credential harvesting, also known as password harvesting, is the process of gathering valid usernames, passwords, private emails, and email addresses through infrastructure breaches.
Reconnaissance
Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities. … In a computer security context, reconnaissance is usually a preliminary step toward a further attack seeking to exploit the target system.
Hoax
A fraud.
Impersonnation
An impersonation attack is a form of fraud in which attackers pose as a known or trusted person to dupe an employee into transferring money to a fraudulent account, sharing sensitive information (such as intellectual property, financial data or payroll information), or revealing login credentials that attackers can used to hack into a company’s computer network.
Watering Hole Attack
A watering hole attack is a targeted attack designed to compromise users within a specific industry or group of users by infecting websites they typically visit and luring them to a malicious site. The end goal is to infect the users computer and gain access to the organizations network.
Typo Squatting
Typosquatting, also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else’s brand or copyright) that targets Internet users who incorrectly type a website address into their web browser (e.g., “Gooogle.com” instead of “Google.com”).
Pretexting
Pretexting is form of social engineering in which an attacker tries to convince a victim to give up valuable information or access to a service or system. The distinguishing feature of this kind of attack is that the scam artists comes up with a story — or pretext — in order to fool the victim.
Influence Campaign
Traditionally focused on social media and other online centric mediums to turn public opinion in the direction of their choosing; part of hybrid warfare.
