Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

SYO-601 > Social Engineering > Flashcards

Social Engineering Flashcards

1
Q

What is phishing?

A

Phishing is a cyber attack method where attackers use deceptive emails or messages to trick individuals into revealing sensitive information, such as passwords or financial details.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a cyber attack method where attackers use deceptive emails or messages to trick individuals into revealing sensitive information, such as passwords or financial details.

A

Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Smishing

A

Smishing is a form of phishing that involves using SMS or text messages to deceive individuals into disclosing personal information or clicking on malicious links.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Vishing

A

Vishing, or voice phishing, is a social engineering attack that uses phone calls to trick individuals into providing confidential information or performing actions detrimental to security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a form of phishing that involves using SMS or text messages to deceive individuals into disclosing personal information or clicking on malicious links.

A

Smishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a social engineering attack that uses phone calls to trick individuals into providing confidential information or performing actions detrimental to security.

A

Vishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Spam

A

Spam refers to unwanted and unsolicited electronic messages, often in the form of emails, sent to a large number of users for advertising or malicious purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What refers to unwanted and unsolicited electronic messages, often in the form of emails, sent to a large number of users for advertising or malicious purposes.

A

spam

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SPIM

A

Spam over instant messaging. SPIM is the unsolicited distribution of messages over instant messaging platforms, similar to email spam but delivered through instant messaging services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the unsolicited distribution of messages over instant messaging platforms, similar to email spam but delivered through instant messaging services.

A

Spim

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Spear phishing

A

Spear phishing is a targeted phishing attack where cybercriminals customize deceptive messages to a specific individual or organization, increasing the likelihood of success.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a targeted phishing attack where cybercriminals customize deceptive messages to a specific individual or organization, increasing the likelihood of success.

A

Spear phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Dumpster diving

A

Dumpster diving is a physical security attack where attackers search through discarded materials, such as trash bins or recycling, to find sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a physical security attack where attackers search through discarded materials, such as trash bins or recycling, to find sensitive information.

A

Dumpster diving

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Shoulder surfing

A

Shoulder surfing is a type of security threat where an attacker observes a user’s sensitive information, such as passwords or PINs, by looking over their shoulder.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a type of security threat where an attacker observes a user’s sensitive information, such as passwords or PINs, by looking over their shoulder.

A

Shoulder surfing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Pharming

A

Pharming is a cyber attack that redirects website traffic to a fraudulent site, often without the user’s knowledge, to harvest sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is a cyber attack that redirects website traffic to a fraudulent site, often without the user’s knowledge, to harvest sensitive information.

A

Pharming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Tailgating

A

Tailgating occurs when an unauthorized person follows an authorized individual into a secure area, taking advantage of the momentary lapse in security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What occurs when an unauthorized person follows an authorized individual into a secure area, taking advantage of the momentary lapse in security.

A

Tailgating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Eliciting information

A

Eliciting information is the practice of extracting sensitive or confidential details from individuals through conversation or manipulation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the practice of extracting sensitive or confidential details from individuals through conversation or manipulation.

A

Eliciting information

22
Q

Whaling

A

Whaling is a form of phishing that targets high-profile individuals, such as executives or CEOs, with the aim of stealing sensitive information or gaining unauthorized access.

23
Q

What is a form of phishing that targets high-profile individuals, such as executives or CEOs, with the aim of stealing sensitive information or gaining unauthorized access.

A

Whaling

24
Q

Prepending

A

Prepending can mean one of three things:
1. Adding an expression or phrase, such as adding “SAFE” to a set of email headers to attempt to fool a user into thinking it has passed an antispam tool
2. Adding information as part of another attack to manipulate the outcome (manipulate caller ID information to make a call appear legitimate)
3. Suggesting topics via a social engineering conversation to lead a target toward related information the social engineer is looking for

25
Q

What is this an example of? A social engineering technique where attackers manipulate caller ID information to make a call appear more legitimate or trustworthy.

A

Prepending

26
Q

Identity fraud

A

Identity fraud involves the unauthorized use of someone else’s personal information, such as name and financial details, for deceptive or criminal purposes.

27
Q

What involves the unauthorised use of someone else’s personal information, such as name and financial details, for deceptive or criminal purposes.

A

Identity fraud

28
Q

Invoice scams

A

Invoice scams involve fraudulent invoices or bills sent to individuals or businesses with the intention of tricking them into making unauthorised payments.

29
Q

What involves fraudulent invoices or bills sent to individuals or businesses with the intention of tricking them into making unauthorised payments.

A

Invoice scams

30
Q

Credential harvesting

A

Credential harvesting is the process of collecting usernames and passwords, often through phishing or other deceptive means, to gain unauthorized access to accounts.

31
Q

What is the process of collecting usernames and passwords, often through phishing or other deceptive means, to gain unauthorized access to accounts.

A

Credential harvesting

32
Q

Reconnaissance

A

Reconnaissance is the preliminary phase of an attack where attackers gather information about a target, including vulnerabilities and potential entry points.

33
Q

What is the preliminary phase of an attack where attackers gather information about a target, including vulnerabilities and potential entry points.

A

Reconnaissance

34
Q

Hoax

A

A hoax is a deceptive or misleading message or situation intended to trick individuals, often spread through various communication channels.

35
Q

What is a deceptive or misleading message or situation intended to trick individuals, often spread through various communication channels.

A

Hoax

36
Q

Impersonation

A

Impersonation is the act of pretending to be someone else, often with the intent to deceive or gain unauthorized access to information.

37
Q

What is the act of pretending to be someone else, often with the intent to deceive or gain unauthorised access to information.

A

Impersonation

38
Q

Watering hole attack

A

A watering hole attack involves compromising a website or online resource frequented by a target audience, exploiting their trust to deliver malware or conduct cyber attacks.

39
Q

What involves compromising a website or online resource frequented by a target audience, exploiting their trust to deliver malware or conduct cyber attacks.

A

Watering hole attack

40
Q

Typosquatting

A

Typosquatting is a cyber attack where attackers register domain names with slight misspellings of legitimate sites to trick users who make typographical errors.

41
Q

What is a cyber attack where attackers register domain names with slight misspellings of legitimate sites to trick users who make typographical errors.

A

Typosquatting

42
Q

Pretexting

A

Pretexting is a social engineering tactic where attackers create a fabricated scenario or pretext to trick individuals into revealing information or performing actions.

43
Q

What is a social engineering tactic where attackers create a fabricated scenario or pretext to trick individuals into revealing information or performing actions.

A

Pretexting

44
Q

Pretexting is often used in combination with which other social engineering attack?

A

Impersonation

45
Q

Influence campaigns

A

Influence campaigns involve organized efforts to shape public opinion, often using social media and other communication channels to spread specific narratives or messages.

46
Q

What involves organised efforts to shape public opinion, often using social media and other communication channels to spread specific narratives or messages.

A

Influence campaigns

47
Q

What is an example of hybrid warfare?

A

In hybrid warfare, a state actor might use a combination of cyber attacks, disinformation spread through media outlets, and psychological operations to weaken the morale and resilience of an opponent’s population.

48
Q

What is this an example of:

A state actor might use a combination of cyber attacks, disinformation spread through media outlets, and psychological operations to weaken the morale and resilience of an opponent’s population.

A

Hybrid warfare

49
Q

What are tactics of influence campaigns using social media?

A

In the context of social media, influence campaigns involve organised efforts to shape public opinion, spread specific narratives, or manipulate social and political discourse. Tactics may include the creation and dissemination of content, the use of bots and trolls, and the amplification of certain messages to sway public sentiment.

50
Q

What is an example of an influence campaign using social media?

A

A foreign actor might use social media platforms to disseminate false information, create divisive content, and exploit existing social and political tensions within a target country to foster discord and disrupt societal cohesion.

51
Q

Define Hybrid Warfare

A

In hybrid warfare there is a convergence of cyber and traditional warfare, where influence campaigns, particularly those involving disinformation, play a pivotal role in shaping public opinion, often utilising social media as a key platform.

52
Q

What principles do social engineering attacks use to maximise effectiveness? (7)

A
  • Authority
  • Intimidation
  • Consensus
  • Scarcity
  • Familiarity
  • Trust
  • Urgency
53
Q
A

SYO-601 (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions