1.1

studied byStudied by 18 people
5.0(1)
Get a hint
Hint

Physical Attacks -

1 / 37

flashcard set

Earn XP

Description and Tags

38 Terms

1

Physical Attacks -

Tailgating

Shoulder Surfing

Dumpster Diving

New cards
2

Virtual Attacks

Phishing

Spear Phishing

Whaling

Vishing

Hoax

Watering Hole Attack

New cards
3

Social Engineering -

an attempt by an attacker to convince someone to provide info (like a password) or perform an action they wouldn’t normally perform (such as clicking on a malicious link)

Social engineers often try to gain access to the IT infrastructure or the physical facility.

New cards
4

Phishing -

commonly used to try to trick users into giving up personal information (such as user accounts and passwords), click a malicious link, or open a malicious attachment.

New cards
5

Spear phishing

targets specific groups of users

New cards
6

Whaling

targets high-level executives

New cards
7

Vishing

(voice phishing) phone-based

New cards
8

Smishing

uses sms(text) messaging on mobile

New cards
9

Spam -

Unsolicited email, generally considered an irritant

New cards
10

SPIM -

SPAM over instant messaging, also generally considered an irritant

New cards
11

Dumpster Diving -

Gathering important details (intelligence) from

things that people have thrown out in their trash.

(Legal, might target individuals or organizations)

New cards
12

Tailgating -

when an unauthorized individual might follow you in through that open door without badging in themselves.

New cards
13

Eliciting Information (Elicitation)

strategic use of casual conversation to extract information without the arousing suspicion of the target

New cards
14

Shoulder Surfing -

a criminal practice where thieves steal your personal data by spying over your shoulder

New cards
15

Pharming -

an online scam similar to phishing, where a website's traffic is manipulated, and confidential information is stolen.

New cards
16

Identity Fraud

use of another person's personal information, without authorization, to commit a crime or to deceive or defraud that person or other 3rd party

New cards
17

Prepending -

Prepending is adding words or phrases like “SAFE” to a malicious file or suggesting topics via social engineering to uncover information of interest.

New cards
18

Invoice Scams -

fake invoices with a goal of receiving money or

by prompting a victim to put their credentials

into a fake login screen.

New cards
19

Credential Harvesting -

attackers trying to gain access to your usernames and passwords that might be stored on your local computer

New cards
20

Countermeasures to Credential Harvesting -

email defense, anti-malware, EDR/XDR solutions that will check URLs and block the scripts often used to execute the attack

New cards
21

Passive discovery -

Techniques that do not send packets to the target; like Google hacking, phone calls, DNS and WHOIS lookups

New cards
22

Semi-passive discovery

Touches the target with packets in a non-aggressive fashion to avoid raising alarms of the target

New cards
23

Active Discovery -

More aggressive techniques likely to be noticed by the target, including port scanning, and tools like nmap and Metaspoit

New cards
24

Hoaxes -

Intentional falsehoods coming in a variety of forms ranging from virus hoaxes to fake news. Social media plays a prominent role in hoaxes today

New cards
25

Impersonation -

A form of fraud in which attackers pose as a known or trusted person to dupe the user into sharing sensitive info, transferring money, etc.

New cards
26

Watering Hole Attack -

Attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware

New cards
27

Typo squatting (URL Hijacking) -

a form of cybersquatting (sitting on sites under someone else’s brand or copyright) targeting users who type an incorrect website address

New cards
28

Pretexting -

an attacker tries to convince a victim to give up information of value, or access to a service or system.

New cards
29

Influence Campaigns -

A social engineering attack intended to manipulate the thoughts and minds of large groups of people

New cards
30

Hybrid Warfare

Attack using a mixture of conventional and unconventional methods and resources to carry out the campaign, can use social media and fake accounts

New cards
31

Principles of Social Engineering -

Authority

Intimidation

Consensus

Scarcity

Familiarity

Trust

Urgency

New cards
32

Authority -

Citing position, responsibility, or affiliation that grants the attacker the authority to make the request

New cards
33

Intimidation -

Suggesting you may face negative outcomes if you do not facilitate access or initiate a process.

New cards
34

Consensus -

Claiming that someone in a similar position or peer has carried out the same task in the past.

New cards
35

Scarcity (quantity) -

Limited opportunity, diminishing availability that requires we get this done in a certain amount of time, similar to urgency.

New cards
36

Familiarity (liking) -

Attempting to establish a personal connection, often citing mutual acquaintances, social proof

New cards
37

Trust -

Citing knowledge and experience, assisting the to target with a issue, to establish a relationship.

New cards
38

Urgency -

Time sensitivity that demands immediate action, similar to scarcity

New cards

Explore top notes

note Note
studied byStudied by 5 people
... ago
5.0(1)
note Note
studied byStudied by 13 people
... ago
5.0(1)
note Note
studied byStudied by 1 person
... ago
5.0(1)
note Note
studied byStudied by 16 people
... ago
5.0(1)
note Note
studied byStudied by 12 people
... ago
5.0(1)
note Note
studied byStudied by 16 people
... ago
5.0(1)
note Note
studied byStudied by 18 people
... ago
5.0(1)
note Note
studied byStudied by 245 people
... ago
5.0(2)

Explore top flashcards

flashcards Flashcard (86)
studied byStudied by 20 people
... ago
5.0(1)
flashcards Flashcard (102)
studied byStudied by 15 people
... ago
5.0(1)
flashcards Flashcard (59)
studied byStudied by 28 people
... ago
5.0(4)
flashcards Flashcard (53)
studied byStudied by 4 people
... ago
5.0(1)
flashcards Flashcard (49)
studied byStudied by 1 person
... ago
5.0(1)
flashcards Flashcard (179)
studied byStudied by 32 people
... ago
5.0(1)
flashcards Flashcard (82)
studied byStudied by 4 people
... ago
5.0(1)
flashcards Flashcard (41)
studied byStudied by 11 people
... ago
5.0(1)
robot