1.1 - Social Engineering Flashcards
Define Phishing.
A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.
Define Typosquatting.
A type of social engineering attack which targets internet users who incorrectly type a URL into their web browser rather than using a search engine.
Define Pretexting.
When the social engineer comes up with a story before interacting. Attacker acts as a character in a situation that they create. Lying to get information.
Define Prepending.
Adding a letter to the beginning of a URL or adding a trustworthy value to the beginning of an email like “RE:” or “MAILSAFE:PASSED”.
Define Pharming.
Redirecting a legit website to a bogus site. This can be caused by a poisoned DNS server or client vulnerabilities being taken advantage of.
Define Vishing.
Phishing that is done over the phone. Caller ID spoofing is common.
Define Smishing.
Phishing that is done by SMS. Often forwards links or asks for personal information. Can spoof numbers to seem official.
How might a social engineer prepare to Phish?
Reconnaissance:
Gathering information on the victim
Background information:
Lead generation sites
Social media
Corporate website
Attacker builds believable pretext
Where you work
Where you bank
Recent financial transactions
Family and friends
Define Spear phishing.
Targeted phishing with inside information. Focusing on information tied to an individual.
Define Whaling.
Targeted phishing with the possibility of a large catch. Often focuses on high-level executives or people whose position includes high-level information, credentials, or access to resources.
Define Dumpster Diving.
The act of going through an individual or organization’s garbage in order to gather valuable information.
Is dumpster diving legal in the U.S.?
Yes unless it is on private property behind a no trespassing sign.
Give three ways that you can protect information that could be obtained while someone is dumpster diving.
- Secure your garbage (i.e. fence and a lock)
- Destroy vital documents (shred or burn)
- Check what is in the trash
Define Shoulder Surfing.
Trying to get vital information from someone’s screen by either standing over their shoulder or viewing it from afar.
What are two ways to prevent data loss from shoulder surfing?
- Control your input
- Use privacy filters