1.1

5.0(1)
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/37

flashcard set

Earn XP

Description and Tags

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

38 Terms

1
New cards

Physical Attacks -

Tailgating

Shoulder Surfing

Dumpster Diving

2
New cards

Virtual Attacks

Phishing

Spear Phishing

Whaling

Vishing

Hoax

Watering Hole Attack

3
New cards

Social Engineering -

an attempt by an attacker to convince someone to provide info (like a password) or perform an action they wouldn’t normally perform (such as clicking on a malicious link)

Social engineers often try to gain access to the IT infrastructure or the physical facility.

4
New cards

Phishing -

commonly used to try to trick users into giving up personal information (such as user accounts and passwords), click a malicious link, or open a malicious attachment.

5
New cards

Spear phishing

targets specific groups of users

6
New cards

Whaling

targets high-level executives

7
New cards

Vishing

(voice phishing) phone-based

8
New cards

Smishing

uses sms(text) messaging on mobile

9
New cards

Spam -

Unsolicited email, generally considered an irritant

10
New cards

SPIM -

SPAM over instant messaging, also generally considered an irritant

11
New cards

Dumpster Diving -

Gathering important details (intelligence) from

things that people have thrown out in their trash.

(Legal, might target individuals or organizations)

12
New cards

Tailgating -

when an unauthorized individual might follow you in through that open door without badging in themselves.

13
New cards

Eliciting Information (Elicitation)

strategic use of casual conversation to extract information without the arousing suspicion of the target

14
New cards

Shoulder Surfing -

a criminal practice where thieves steal your personal data by spying over your shoulder

15
New cards

Pharming -

an online scam similar to phishing, where a website's traffic is manipulated, and confidential information is stolen.

16
New cards

Identity Fraud

use of another person's personal information, without authorization, to commit a crime or to deceive or defraud that person or other 3rd party

17
New cards

Prepending -

Prepending is adding words or phrases like “SAFE” to a malicious file or suggesting topics via social engineering to uncover information of interest.

18
New cards

Invoice Scams -

fake invoices with a goal of receiving money or

by prompting a victim to put their credentials

into a fake login screen.

19
New cards

Credential Harvesting -

attackers trying to gain access to your usernames and passwords that might be stored on your local computer

20
New cards

Countermeasures to Credential Harvesting -

email defense, anti-malware, EDR/XDR solutions that will check URLs and block the scripts often used to execute the attack

21
New cards

Passive discovery -

Techniques that do not send packets to the target; like Google hacking, phone calls, DNS and WHOIS lookups

22
New cards

Semi-passive discovery

Touches the target with packets in a non-aggressive fashion to avoid raising alarms of the target

23
New cards

Active Discovery -

More aggressive techniques likely to be noticed by the target, including port scanning, and tools like nmap and Metaspoit

24
New cards

Hoaxes -

Intentional falsehoods coming in a variety of forms ranging from virus hoaxes to fake news. Social media plays a prominent role in hoaxes today

25
New cards

Impersonation -

A form of fraud in which attackers pose as a known or trusted person to dupe the user into sharing sensitive info, transferring money, etc.

26
New cards

Watering Hole Attack -

Attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware

27
New cards

Typo squatting (URL Hijacking) -

a form of cybersquatting (sitting on sites under someone else’s brand or copyright) targeting users who type an incorrect website address

28
New cards

Pretexting -

an attacker tries to convince a victim to give up information of value, or access to a service or system.

29
New cards

Influence Campaigns -

A social engineering attack intended to manipulate the thoughts and minds of large groups of people

30
New cards

Hybrid Warfare

Attack using a mixture of conventional and unconventional methods and resources to carry out the campaign, can use social media and fake accounts

31
New cards

Principles of Social Engineering -

Authority

Intimidation

Consensus

Scarcity

Familiarity

Trust

Urgency

32
New cards

Authority -

Citing position, responsibility, or affiliation that grants the attacker the authority to make the request

33
New cards

Intimidation -

Suggesting you may face negative outcomes if you do not facilitate access or initiate a process.

34
New cards

Consensus -

Claiming that someone in a similar position or peer has carried out the same task in the past.

35
New cards

Scarcity (quantity) -

Limited opportunity, diminishing availability that requires we get this done in a certain amount of time, similar to urgency.

36
New cards

Familiarity (liking) -

Attempting to establish a personal connection, often citing mutual acquaintances, social proof

37
New cards

Trust -

Citing knowledge and experience, assisting the to target with a issue, to establish a relationship.

38
New cards

Urgency -

Time sensitivity that demands immediate action, similar to scarcity