1.1 Flashcards
(28 cards)
What is phishing
Social engineering with a touch of spoofing
What are the different ways phishing is delivered
Email, Text, Voice, etc
How to spot a phishing attempt
check url, spelling, different fonts, website graphics are different
What is TypoSquatting?
A type of URL hijacking that purposely uses misspelled domains for malicious purposes
What is prepending?
Adding an extra letter to the beginning of a url - ex. https://pprofessormesser.com
What is pretexting?
When attackers lie to get info out of a situation they created.
– Hi, we’re calling from Visa regarding an automated
payment to your utility service…
What is Pharming?
Redirecting a legit website to a fake/attackers bogus site
- Poisoned DNS server or client vulnerabilities
Combine Pharming with Phishing
Pharming - Redirecting everyone from a legit website to bogus site
Phishing - Collects access credentials from pharmed victims
side note:
- Difficult for anti-malware software to stop since everything appears legitimate to the user
What is Vishing?
Voice phishing - Done over the phone or voicemail
Whats the point of vishing?
For you to give up personal information that attackers can exploit
What is Smishing?
SMS Phishing - Done by texts
usually in the form of a link which attackers will use to get more information from you if clicked
What is Spear Phishing?
Targeted phishing at a specific individual or department within an organization that appears to be from a trusted source
What is Whaling?
Targeted phishing attack that targets high-profile employees
-CEO, CFO
What is impersonation?
Attackers pretending to be someone they aren’t
How to protect against impersonation?
Never give information like Passwords, or Personal Details
Verify before revealing information (Call back, verify through 3rd parties)
What is Dumpster Diving?
Searching through garbage for important information
How to protect against dumpster diving
Secure your garbage and shred/burn documents
What is Shoulder surfing?
Social engineering technique used to obtain information by looking over the victims shoulder
How to prevent shoulder surfing
Be aware of surroundings and use privacy filters on computer screens
What is a hoax?
A threat that doesn’t actually exist
- Often an email, facebook post, tweet, etc.
- Some will try to take your money
What is a watering hole attack?
An attack that infects a website often visited by the victim so the victim will become infected once visited again
How to defend against a watering hole attack?
Layered defense
Firewalls and IPS - Stop the network traffic before things get bad
Anti-virus/Anti-malware signature updates
What is spam?
Unsolicited messages from emails, online forums, etc.`
What is SPIM?
Spam over Instant Messaging
