Lesson 4: Identifying Social Engineering and Malware

Vocabulary flashcards covering social engineering techniques and malware indicators from Lesson 4.

Social engineering

Means of eliciting information or getting someone to perform actions, often called hacking the human.

Phishing

A social engineering technique that uses spoofed messages to persuade a user to interact with a malicious resource or provide credentials.

Spear phishing

Targeted phishing tailored to an individual or organization using known details.

Whaling

Spear phishing directed at high-level executives or ‘big fish.’

Vishing

Phishing conducted via voice calls to obtain sensitive information.

SMiShing

Phishing delivered through SMS/text messages.

Pretexting

Impersonation using a crafted story to obtain information or access.

Impersonation

Pretending to be someone else to gain trust or obtain credentials; includes pretexting.

Tailgating

Following an authorized person into a secure area to gain entry.

Piggy backing

Entering a secure area with an employee’s permission, often by holding the door.

Dumpster diving

Searching through trash for sensitive information or discarded media.

Shoulder surfing

Watching someone enter credentials or sensitive data, often from a distance.

Lunchtime attack

Attacking when a user leaves a workstation unattended and logged in.

Typosquatting

Registering lookalike domains to mislead users or facilitate phishing/pharming.

Pharming

Redirecting users from a legitimate site to a malicious one by corrupting name resolution.

Watering hole

Compromising a site commonly visited by the target to infect visitors.

Credential harvesting

Stealing account credentials through phishing, pharming, or other methods.

Backdoor

An access method that bypasses normal authentication to control a host.

RAT (Remote Access Trojan)

Backdoor malware that covertly provides remote control of a compromised host.

Bot

Malware under the attacker’s control.

Botnet

A network of bots controlled by one malware instance for coordinated actions.

C2 / Command and Control

The channel used by attackers to communicate with compromised systems.

Rootkit

Malware that hides its presence at a kernel or system level to avoid detection.

Trojan

Malware disguised as legitimate software that installs without user consent.

Virus

Malware that replicates and spreads by infecting files; can be non-resident, memory-resident, boot, or script/macro based.

Worm

Self-propagating malware that spreads over networks without user action.

Polymorphic

Viruses that dynamically change their code to evade detection.

Multipartite

Viruses that spread via multiple vectors.

PUA / PUP (Potentially Unwanted Program/Application)

Software installed alongside legitimate software that may be unwanted or confusing.

Adware

Software that displays ads or tracks user activity; can modify browser settings.

Spyware

Malware that monitors activity, captures data, or exfiltrates information.

Keylogger

Spyware that records keystrokes to steal credentials or confidential data.

Fileless malware

Malware that runs in memory without writing to disk, often using legitimate tools.

Sandbox

Isolated environment to safely analyze suspicious code or malware.

Cuckoo sandbox

A turnkey sandbox solution used for malware analysis.

PowerShell / WMI

System scripting tools commonly used by fileless malware to execute payloads.

Cryptojacking / Crypto-mining

Malware that uses the victim’s resources to mine cryptocurrency.

Ransomware

Malware that encrypts files and demands payment for decryption.

Crypto-malware

Ransomware that may also hijack resources for cryptocurrency mining.

Time bomb / Logic bomb

Malware triggered by a specific time or event.

Malvertising

Infected or malicious advertising delivered through legitimate websites.

Phishing variants (Spear phishing, Whaling, Vishing, SMiShing)

Different vectors of phishing targeted at individuals or groups.

Pharming

Passive redirection to a malicious site via DNS/name resolution manipulation.

Typosquatting (domain lookalikes)

Registering similar domains to deceive users and harvest credentials.