Chapter 1 - Social Engineering Techniques Flashcards
(38 cards)
what is social engineering?
an attack against a user that involves a form of social interaction.
phishing attack
an attacker attempts to obtain sensitive information through a trusted entity such as email or instant messaging
smishing attack
is an attack done by text message (SMS phishing)
vishing attack
a phishing attack that is done over the phone or voicemail to obtain personal information
SPAM
unsolicited email sent in bulk
typosquatting
a type of URL hijacking- https://yutube.com
Pretexting
the attacker creates a false narrative to influence the victim to give up some type of information
Prepending
adding to the beginning of text-https://yyoutube.com
pharming
misdirecting users to a fake website made to look real
what is the difference between pharming and phishing?
pharming- harvest large groups of people
phishing- collect access to credentials
Reconnaissance
a military term that is used to gather information on the victim
spear phishing
used to target a specific person or group of people
Whaling attack
the attacker’s target is a high value person such as a CEO or CFO
Impersonation
attackers pretending to be someone they aren’t
Eliciting information
extracting information from the victim
example: help desk
identity fraud
using a victim’s personal or financial information without permission. (pretending to be you)
credit card fraud
an account is opened in your name or credit card information is being used
bank fraud
attacker gains access to your account or opens a new account
loan fraud
victims information is used for a loan or lease
government benefits fraud
attacker obtains benefits on victims behalf
dumpster diving
going through a targets trash to find valuable information
shoulder surfing
obtaining personal information by looking over the victim’s shoulders
Computer hoax
A threat that doesn’t actually exist; a fake warning
watering hole attack
involves the infecting of a target website with malware that victims commonly visit
