Threats, Attacks and Vulnerabilities - Common Attack Types Flashcards
A form of spear phishing that attempts to target high-level executives.
Whaling
A phishing attack that attempts to target specific groups of users, or even a single user.
Spear phishing
The practice of sending email to users with the purpose of tricking them into revealing personal information or clicking on a link.
Phishing
A Trojan that masquerades as a free antivirus program.
Rogueware (or scareware)
The practice of using social tactics to trick users into giving up information or performing actions they wouldn’t normally take.
Social Engineering
A social engineering tactic whose goal is to convince an authorised user to provide some information or help the attacker defeat a security control.
Impersonation
Looking over the shoulder of someone to gain information.
Shoulder surfing
A message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist.
Hoax
The practice of one person following closely behind another without showing credentials.
Tailgating
An effective tactic used to prevent tailgating.
Mantrap
The practice of searching through trash or recycling containers to gain information from discarded documents.
Dumpster diving
A type of attack used to discover which web sites a group of people are likely to visit and then infects those web sites with malware that can infect the visitors.
Watering hole attacks
Unwanted or unsolicited email.
Spam
The use of a phone system to trick users into giving up personal and financial information.
Vishing