GCS 5-4: Assets-Threats

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/26

flashcard set

Earn XP

Description and Tags

Google Cybersecurity Course 5 (Assets, Threats, and Vulnerabilities) Module 4 (Threats to asset security)

Last updated 6:02 PM on 6/26/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

27 Terms

1
New cards

Social engineering

A manipulation technique that exploits human error to gain private information, access, or valuables.

2
New cards

Stages of social engineering

  1. Prepare

  2. Establish trust

  3. Use persuasion tactics

  4. Disconnect from the target

3
New cards

Preventing social engineering

  • Implementing managerial controls

  • Staying informed of trends

  • Sharing your knowledge with others

4
New cards

Twitter Hack 2020

A breach carried out by a 17-yeer-old hacker on Twitter’s network. It occurred on July 15, 2020. They made phone calls to Twitter employees pretending to be from the IT department. They gained control of high-profile accounts and tweeted out a “double your bitcoin” scam.

5
New cards

Baiting, phishing, quid pro quo, tailgaiting, watering hole

Common types of social engineering

6
New cards

Baiting

A social engineering tactic that tempts people into compromising their security. A common example is USB baiting that relies on someone finding an infected USB drive and plugging it into their device.

7
New cards

Phishing

A social engineering tactic that is the use of digital communications to trick people into revealing sensitive data or deploying malicious software. It is one of the most common forms of social engineering, typically performed via email.

8
New cards

Quid pro quo

A social engineering tactic that is a type of baiting used to trick someone into believing that they’ll be reqwarded in return for sharing access, information, or money. For exmpale, an attacker might impoersonate a loan officer at a bank and call customers offering them a lower interest rate on their credit card. They’ll tell the customers that they simply need to provide their account details to claim the deal.

9
New cards

Tailgaiting

A social engineering tactic in which unauthorized people follow an authorized person into a restricted area.

10
New cards

Piggybacking

Aka tailgating.

11
New cards

Watering hole

A social engineering tactic that is a type of attach when a threat actor compromises a website frequently visited by a specific group of users. Oftentimes, these watering hole sites are infected with malicious software. An example is the Holy Water attack of 2020 that infected various religious, charity, and volunteer websites.

12
New cards

Phishing kit

A collection of software tools needed to launch a phishing campaign

13
New cards

Phishing kit tools

  • Malicious attachments

  • Fake data-collection forms

  • Fraudulent web-links

14
New cards

Smishing

The use of text messages to obtain sensitive information or to impersonate a known source

15
New cards

Vishing

The exploitation of electronic voice communication to obtain sensitive information or impersonate a known source.

16
New cards

Phishing security measures

  • Anti-phishing policies

  • Employee training resources

  • Email filters

  • Intrusion prevention systems

17
New cards

Common types of phishing

  • Email phishing

  • Smishing

  • Vishing

  • Spear phishing

  • Whaling

18
New cards

Email phishing

A type of attack sent via email in which threat actors send messages pretending to be a trusted person or entity.

19
New cards

Smishing

A type of phishing that uses SMS. It covers all forms of text messaging services, including Apple’s iMessages, WhatsApp, and other chat mediums on phones.

20
New cards

Short Message Service

Aka SMS.

21
New cards

SMS

A technology that powers text messaging.

22
New cards

Vishing

Refers to the use of voice calls or voice messages to trick targets into providing personal information over the phone.S

23
New cards

Spear phishing

A subset of email phishing in which specific people are purposefully targeted, such as the accountants of a small business.

24
New cards

Whaling

Refers to a category of spear phishing attempts that are aimed at high-ranking executives in an organization.

25
New cards

2003

In what year did attackers around the world create fraudulent websites that resembled businesses like eBay and PayPal. Mass phishing campaigns to distribute malicious programs were also launched against e-commerce and banking sites.

26
New cards

2010s

In what decade did attackers begin to shift away from mass phishing attempts to targeted phishing attempts.

27
New cards

Angler phishing

A technique where attackers impersonate customer service representatives on social media. This tactic evolved from people’s tendency to complain about businesses online. Threat actors intercept complaints from places like message boards or comment sections and contact the angry customer via social media. Like the AIM attacks of the 1990s, they use fraudulent accounts that appear similar to those of actual businesses. They then trick the angry customers into sharing sensitive information with the promise of fixing their problem.