Topic 1.0 Flashcards
Define phishing
Phishing is a cybercrime in which a target or targets are contacted (typically by email) by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Define smishing
Smishing—or SMS phishing—is a social engineering tactic cyber criminals use to trick people into divulging sensitive information over text messages.
Define Social Engineering
Social engineering refers to means of either eliciting information from someone or getting them to perform some action for the threat actor.
Social Engineering Principles:
Familiarity/Liking
Some people have the sort of natural charisma that allows them to persuade others to do as they request. One of the basic tools of a social engineer is simply to be affable and likable, and to present the requests they make as completely reasonable and unobjectionable. This approach is relatively low-risk as even if the request is refused, it is less likely to cause suspicion and the social engineer may be able to move on to a different target without being detected.
Social Engineering Principles
Consensus/Social Proof
The principal of consensus or social proof refers to the fact that without an explicit instruction to behave in a certain way, many people will act just as they think others would act.
The helpdesk takes a call in which the caller states that she cannot connect to the e-commerce website to check order status. She would also like a user name and password. The user gives a valid customer company name but it’s not listed as a contact in the customer database. The user does not know the correct company code or customer ID. Is this likely to be a social engineering attempt or is it a false alarm?
This is likely to be a social engineering attempt. The helpdesk should not give out any information for the account without confirming the caller’s identity.
They purchasing manager is browsing a list of products on the vendors website with the window open, claiming that anti-maware has been detected in several thousand files on his computer that are infected with viruses. Instructions in the official looking window indicate the user should click a link to install software that will remove these infections. What type of social engineering attempt is this or is it a false alarm?
This is a social, entering attempt, utilizing a watering hole attack and/or malvertising.
Your CEO calls to request market research data immediately be forwarded to her personal email address. You recognize her voice, but a proper request form has not been filled out and use of third-party email is prohibited. She states that normally she would fill out the form and should not be an exception, but she urgently needs the data to prepare for a round table at a conference she is attending. What type of social engineering techniques could this use, or is it a false alarm?
If social engineering, this is spear phishing (the attack uses specific detail) over a voice channel (vishing). It is possible that it uses deep fake technology for voice mimicry. The use of a sophisticated attack for a relatively low-value data asset seems unlikely, however. A fairly safe approach would be to contact the CEO back on a known mobile number.
Your company manages marketing data and private information for many high-profile clients. You are hosting an open day for prospective employees. With the possibility of social engineering attacks in mind, what precautions should employees take when the guests are being shown around the office?
Employees should specifically be wary of shoulder surfing attempts to observe passwords and the like.
A customer responds to an email advertisement that appears to link to my store.com. The customer logs into the website with their username and password. The website has the same homepage the customer is familiar with, but it is actually a page set up by an attacker to gain credentials. The attacker can then login to my store.com with the user’s credentials, and shop using the saved credit card on file. Which type of attack has occurred in this scenario?
A. Denial of Service (DoS)
B. DNS client cache poisoning
C. Pharming
D. Pollution
C. Pharming
A Pharming attack occurs when the attacker compromises the process of Domain Name System (DNS) resolution to replace the valid IP address for a trusted website. The attacker can then receive all of the packets directed to the site designed to fool the user into thinking it is genuine.
A system administrator has just entered their credentials to enter a secure server room. As the administrator is entering the door, someone is walking up to the door with their hands full of equipment and appears to be struggling to move items around while searching for their credentials. The system administrator quickly begins to assist by getting the items out of the person’s hands, and they walk into the room together. The person is not an employee, but someone attempting to gain unauthorized access to the server room. What type of social engineering has occurred?
A. Familiarity/liking
B. Consensus/social proof
C. Authority and intimidation
D. Identity fraud
B. Consensus/social proof
Consensus/social proof revolves around the belief that without an explicit instruction to behave in a certain way, people will follow social norms. It is typically polite to assist someone with their hands full.
An employee is having coffee at an outdoor coffee shop and it’s not taking precautions against someone watching their screen while working on a company project. A person a few tables over watches the employee enter their credentials and then takes photos of the work they are completing with their smart phone. Which form of social engineering is being used in the situation?
A. Vishing
B. Lunchtime attack
C. Shoulder surfing
D. Man-in-the-middle attack
C. Shoulder surfing
Shoulder surfing is doing a password by watching the user type it. Although Tucker was not looking over the employee shoulder, the login credentials were obtained through observation.
Which of the following depict ways a malicious attacker can gain access to a target’s network? (Select all that apply.)
A. Ethical hacking
B. Phishing
C. Shoulder surfing
D. Mantrap
B and C: Phishing, Shoulder surfing
Social Engineering Principals
Authority and Intimidation
Many people find it difficult to refuse a request by someone they perceive as superior in rank or expertise. Social engineers can try to explain this behavior to intimidate their target by pretending to be a senior executive. An attack might be launched by impersonating, someone who would often be deferred to such as a police officer, judge, or doctor. Another technique is used using spurious, technical arguments and jargon. Social engineering can explain the fact that few people are willing to admit ignorance. Compared to using a familiarity/liking sort of approach, this sort of adversarial tactic might be riskier to the attacker as there is a greater chance of arousing suspicion and the target reporting the attack attempt.
Social Engineering Principals
Scarcity and Urgency
Often also deployed by salespeople, creating a false sense of scarcity or urgency can disturb people’s ordinary decision-making process. The social engineer can try to pressure his or her target by demanding a quick response. For example, the social engineer might try to get the target to sign up for a “limited time” or “invitation-only” trial and request a username and password for the service (hoping that the target will offer up a password he or she has used for other accounts). Fake antivirus products generate a sense of urgency by trying to trick users into thinking that their computer is already infected with malware.
Define vishing
Vishing is a form of phishing conducted via voice services, typically VOIP.
What is spam (not the delicious lunch meat)
Spam is unwanted email
What is Spim?
Spim is spam via instant messaging.
What is pretexting?
Pretexting is a tactic attackers use and involves creating scenarios that increase the success rate of a future social engineering attack will be successful.
In many cases, pretexting may involve interacting with people either in person or via a fraudulent email address as they launch the first phase of a future attempt to infiltrate a network or steal data using email.
What is prepending?
In Cybersecurity, prepending refers to when an attacker prepends, or attaches, a trustworthy value like “RE:” or “MAILSAFE: PASSED” to a message in order to make the message appear more trustworthy.