GCGA Ch. 6 Recognizing Common Attacks (ST) Flashcards
(10 cards)
Social engineering
uses social tactics to gain information or trick users into performing actions they wouldn’t normally take. Social engineering attacks can occur in person, over the phone, while surfing the Internet, and via email. Many social engineers attempt to impersonate others.Social engineers and other criminals employ several psychology-based principles to help increase the effectiveness of their attacks. They are authority, intimidation, consensus, scarcity, urgency, familiarity, and trust.
Shoulder surfing
an attempt to gain unauthorized information through casual observation, such as looking over someone’s shoulder, or monitoring screens with a camera. Screen filters can thwart shoulder surfing attempts. Social engineers use pretexting by presenting a fake scenario before asking for information.
Hoax
a message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist.
Tailgating
the practice of one person following closely behind another without showing credentials. Access control vestibules (sometimes called mantraps) help prevent tailgating.
Dumpster divers
search through trash looking for information. Shredding or burning documents reduces the risks associated with dumpster diving.
Watering hole attacks
discover sites that a targeted group visits and trusts. Attackers then modify these sites to download malware. When the targeted group visits the modified site, they are more likely to download and install infected files.
Spam
unwanted or unsolicited email. Attackers often use spam in different types of attacks.
Phishing
the practice of sending email to users to trick them into revealing sensitive information, installing malware, or clicking on a link.
Spear phishing and whaling
types of phishing. Spear phishing targets specific groups of users, and whaling targets high-level executives.
Vishing
a form of phishing that uses voice over the telephone and often uses Voice over IP (VoIP). Some vishing attacks start with a recorded voice and then switch over to a live person.
