Threat, Vulnerabilities and Mitigations: Social Engineer Flashcards
What is Phishing?
Phishing: Using a fake or fradulent email or website solicitations to gain sensitive information. These are email or message based or can be typo-squatting schemes where a threat actor creates a website address that’s seemingly for a popular site but which is misspelled slightly in such a way that’s common were people to enter it wrong or which they might not notice when selecting it in a message.
What is Smishing?
Smishing: Using text messages, seemingly from a legitmate company, to trick people into revealing sensitive information, such as credit-card numbers.
What is IM?
IM: Using instant messages (IMs) to perpetuate attachments that have viruses or which go to webpages that then infect devices.
What is Vishing?
Vishing: Using phone calls and voice messages to trick people into revealing sensitive information.
What is the hallmark of Social Engineering?
A hallmark of social-engineering attacks is that the threat actors use misinformation, disinformation, and impersonation.
How is Pretexting schemes work?
Pretexting schemes: Using contrived, deceitful scenarios to help sell their schemes. Watering hole attacks: Infecting websites so as to compromise a targeted person’s device.
How is Brand impersonation work?
+ Brand impersonation: Copying, nearly, a brand’s look and feel, but with slight changes so people don’t necessarily notice.
What is Image-based and file-based attacks?
+ Image-based and file-based attacks: Sending an image or file that encourages a person to select a link, which then can infect or turn over control of a computer or device
