Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

05 Assets, Threats, and Vulnerabilities > MD4 Phishing for information > Flashcards

MD4 Phishing for information Flashcards

1
Q

Phishing

A

Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software. Phishing leverages many communication technologies, but the term is mainly used to describe attacks that arrive by email.

Phishing attacks don’t just affect individuals. They are also harmful to organizations. A single employee that falls for one of these tricks can give malicious attackers access to systems. Once inside, attackers can exploit sensitive data like customer names and product secrets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Phishing kits

A

Attackers who carry out these attacks commonly use phishing kits. A phishing kit is a collection of software tools needed to launch a phishing campaign. People with little technical background can use one of these kits.

Each of the tools inside are designed to avoid detection. As a security professional, you should be aware of the three main tools inside a phishing kit, so that you can quickly identify when they’re being used and put a stop to it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 tools of Phishing Kits

  1. malicious attachments
A

The first is malicious attachments. These are files that are infected and can cause harm to the organization’s systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

3 tools of Phishing Kits

  1. fake-data collection forms
A

Phishing kits also include fake-data collection forms. These forms look like legitimate forms, like a survey. Unlike a real survey, they ask for sensitive information that isn’t normally asked for in an email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

3 tools of Phishing Kits

  1. Fraudulent web links
A

The third resource they include are fraudulent web links. These open to malicious web pages that are designed to look like trusted brands. Unlike actual websites, these fraudulent sites are built to steal information, like login credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Smishing

A

Smishing is the use of text messages to obtain sensitive information or to impersonate a known source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Vishing

A

Vishing is the exploitation of electronic voice communication to obtain sensitive information or impersonate a known source. During vishing attacks, criminals pretend to be someone they’re not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

anti-phishing policies

A

anti-phishing policies spread awareness and encourage users to follow data security procedures correctly. Employee training resources also help inform employees about things to look for when an email looks suspicious.

Another line of defense against phishing is securing email inboxes. Email filters are commonly used to keep harmful messages from reaching users. For example, specific email addresses can be blocked using a blocklist. Organizations often use other filters, like allowlists, to specify IP addresses that are approved to send mail within the company.

Organizations also use intrusion prevention systems to look for unusual patterns in email traffic. Security analysts use monitoring tools like this to spot suspicious emails, quarantine them, and produce a log of events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

05 Assets, Threats, and Vulnerabilities (50 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions