2.3 Malware Detection, Removal and Prevention Flashcards
Define social engineering
Any attempt to manipulate users to reveal confidential information or perform actions detrimental to a system’s security
Phishing
A social engineering attack where the malicious actor communicates with he victim from a supposedly reputable source to lure the victim into divulging sensitive information
What can the response rate be up to for generic phishing campaigns?
60-70% (with good grammar)
30-40% (with bad grammar)
Spearphishing
A more targeted version of phishing using mainly the same techniques
Whaling
Focused on key executives within an organisation or other key leaders, executives and managers in the company
What is the most effective form of phishing in a pentest?
Whaling
Smishing
Phishing over SMS
Vishing
Message being communicated to the target using the voice functions of a telephone
BEC
An attacker takes over or impersonates a high-level executive’s email account
Pharming
Tricking users into divulging private information by redirecting a victim to a website controlled by the attacker of pentester
How can attackers execute pharming?
Redirects, popups, URL masking, background processes