Terms Deck 1 Flashcards
social engineering
The process of taking advantage of human behavior to attack a network or gain access to resources that would otherwise be inaccessible. Social engineering emphasizes the well-known fact that poorly or improperly trained individuals can be persuaded, tricked, or coerced into giving up passwords, phone numbers, or other data that can lead to unauthorized system access, even when strong technical security measures can otherwise prevent such access.
phishing
An attempt to acquire sensitive information by masquerading as a trustworthy entity via electronic communication, usually email.
vishing
An attack in which the attacker uses fake caller ID to appear as a trusted organization and attempts to get the individual to enter account details by phone. Also known as voice phishing.
spam
Unsolicited messages typically sent to a large number of recipients.
spam over Internet messaging (SPIM)
A type of unsolicited messaging that is specifically sent over instant messaging platforms.
spear phishing
A targeted version of phishing.
dumpster diving
A technique used by an attacker that involves gathering useful information from discarded data.
shoulder surfing
Looking over someone’s shoulder to obtain information.
pharming
An attack that redirects victims to a bogus website.
tailgating
Following closely behind someone who has authorized physical access in an environment.
eliciting information
The use of varying techniques that can directly or indirectly lead to sensitive data loss or other compromise.
whaling
The use of spear phishing tactics against high-profile targets such as executives within a company.
identity fraud
The use of a person’s personal information without authorization to deceive or commit a crime.
hoax
A situation that seems like it could be legitimate but often results from people seeking to carry out various threats.
impersonation
A method by which someone assumes the character or appearance of someone else.
watering hole attack
An attack in which the attacker focuses on a site frequently visited by the target. Similar to spear phishing but does not use email.
typo squatting
An attack that most commonly relies on typographic errors made by users on the Internet. Also known as URL hijacking.
influence campaign
Coordinated actions that seek to affect the development, actions, and behavior of the targeted population.