1.1 Compare and contrast different types of social engineering tecchniques Flashcards
The process of attempting to obtain sensitive information in electronic communications.
Phishing
A social engineering attack that occurs over or through text messaging services.
Smishing
Phishing done over any telephony or voice communication system.
Vishing
Any type of email that is undesirable and/or unsolicited.
Spam
The transmission of unwanted communications over any messaging system that is supported by or occurs over the Internet.
Spim
A more targeted form of phishing where the message is crafted and directed specifically to an individual or group of individuals.
Spear Phishing
The act of digging through trash to obtain information about a target organization or individual.
Dumpster Diving
The observation of another users keyboard or viewing another users display.
Shoulder Surfing
The malicious redirection of a valid website’s URL or IP address to a fake website that hosts a false version of the original valid site.
Pharming
When an unauthorized entity gains access to a facility under the authorization of a valid worker but without their knowledge.
Tailgaiting
The activity of gathering or collection information from systems or people.
Eliciting Information
A form of spear phishing that targets specific high-value individuals, such as the CEO or other C-level executives, administrators, or high-net worth clients.
Whaling
The adding of a term, expression, or phrase to the beginning or header of some other communication.
Prepending
When you falsely claim to be someone else through the use of stolen information from the victim.
Identity Fraud
A social engineering attack that attempts to steal funds from an organization or individuals through the presentation of a false invoice often followed by strong inducements to pay.
Invoice Scams
The activity of collecting or stealing account credentials.
Credential Harvesting
Collecting information about a target, often for the purposes of figuring out the best plan of attack against that target.
Reconnaissance
A form of social engineering designed to convince targets to perform an action that will cause problems or reduce their IT security.
Hoax
The act of taking on the identity of someone else
Impersonation
A form of targeted attack against a region, a group, or an organization. It’s waged by poising a commonly accessed resource.
Watering Hole Attack
A practice employed to capture and redirect traffic when a user mistypes the domain name or IP address of an intended resource.
Typosquatting
A false statemen crafted to sound believable to convince you to act or respond.
Pretexting
Social engineering attacks that attempt to guide, adjust, or change public opinion, often waged by nation-states against their real or perceived foreign enemies.
Influence Campaigns
The combination of classical military strategy with modern capabilities, including digital influence campaigns, psychological warfare efforts, political tactics, and cyber warfare capabilities.
Hybrid Warfare (non-linear warfare)
