Social Engineering Techniques & Other Attack Types Flashcards
What are the variants of phishing
Spear Phishing, Whaling, Vishing, Smishing
What is Spear Phishing?
Phishing that targets certain employees
What is Whaling?
Phishing that targets high-level employees or senior management
What is Vishing?
Phishing that targets cell phones, telephones, and VoIP systems
What is Smishing
Phishing that uses SMS texting as the vector
What does a Visher do?
Vishing Attacks, like make a call spoofing the collection agency or claiming to be a lawyer trying to get personal information or personal health information or intellectual property
What are some of the key indicators to identify phishing in email?
Vague salutations - dear valued customer or dear employee
Suspicious looking domain names or display names - potentially misspelled
URL Paths or Hypertext with different actual link/IP address
Awkward Grammar
Urgent or intimidating subject line
Lack of contact info
Spoofed headers/logos
What is a phishing attack?
A cyber attack that uses disguised email as a vector
What is the goal of a phishing attack?
To trick the recipient into believing that the message is legitimate so they will click a link or download an attachment
What does BEC stand for?
Business Email Compromise
What is Business Email Compromise?
BEC is a form of attack that targets companies who outsource, conduct wire transfers, and have suppliers abroad
Name the common BEC schemes
phony invoices and transfers
c-suite fraud
email or webmail account compromise
attorney impersonation or hoaxing
data theft of personally identifiable information
What is pharming?
-blending of the words ‘phishing’ and ‘farming’ that describes a type of cybercrime like phishing
-happens when a website’s traffic is manipulated or spoofed, and confidential information is stolen
How can a pharming attack happen?
-attackers may install a virus or trojan on a target that changes the computer’s hosts file to direct traffic away from its intended target and toward a fake web site
-crackers may also poison a DNS server to re-direct multiple users to unintentionally go to the fake site, which in turn can be used to install malware on the victim’s computer
What is spam?
a slang term for unsolicited commercial email or junk email
What are the common types of email spam?
-advertisements
-chain letters
-spoofed emails relating to phishing campaigns
-hoaxes and money scams (ex. Nigernan prince)
-malware warnings
-unwanted porn email
What is a Negative SEO?
A “Negative SEO” search engine optimization attack is a form of spam that can actually hurt your business. It could be a competitor making Google think that you’re up to no good.
Name the common categories of spam
-email spam
-comment spam
-trackback spam
-negative SEO attacks
-spiders and Distriubuted Denial of Service(DDoS) (bots)
What is SPIM?
-spam overt instant messaging
-unsolicited instant messages
Why is Spim harmful?
-disrupts chatting
-can contain viruses or spyware
How can you prevent spim?
-blocking any messages from sources not on your contact list
-most anti-virus programs include spam and spim protection features
What is typosquatting?
-aka URL hijacking, sting sites, or fake URL
-involves sitting on sites under someone else’s brand or copywrite and targeting internet users who erroneously type a web site address into their browser address bar
-ex: facebool, gooogle, amason
What is tailgating/piggybacking?
When a physical access token meant for one person is used for two people, whether or not the person scanning knows
-access tokens/badges in this scenario are being used in a single-factor or multi-factor authentication scheme for physical access to buildings, rooms, or certain high security areas like data centers
-considered a violation of a security policy (AUP) combined with some enforcement policy if users do not comply
What is dumpster diving?
an attack where the goal is to reclaim important information by searching though trash containers and dumpsters
