Phishing and Social Engineering

These flashcards cover key vocabulary and concepts related to the lecture on Phishing and Social Engineering, aimed at assisting students in understanding and recalling critical information for their exam.

Phishing

A cyber attack that attempts to trick individuals into providing sensitive information by posing as a trustworthy entity.

Social Engineering

Manipulating individuals into divulging confidential or personal information that may be used for fraudulent purposes.

Wicked Problem

A complex problem that is difficult to define and does not have a clear solution, often requiring educated guesses.

Tame Problem

A problem with a known solution that can be reached through a defined process.

Six Principles of Influence

Cialdini's principles that explain how to persuade others, including Reciprocity, Commitment and Consistency, Social Proof, Authority, Liking, and Scarcity.

Spear Phishing

A targeted phishing attack aimed at a specific individual or organization.

Spoofing

Disguising a communication from an unknown source as being from a known, trusted source.

Vishing

Voice phishing; a voice call that uses social engineering techniques to trick individuals into divulging personal information.

Smishing

SMS phishing; a text message that attempts to lure victims into providing sensitive information.

Urgency and Pressure

Techniques used in social engineering to incite panic or urgency, prompting quick and thoughtless actions from the target.

Compelling Attachments or Links

Attachments or links sent in phishing emails that often contain malicious code and prompt the user to click or download.

AI-generated Phishing Emails

Phishing emails crafted by artificial intelligence that can be highly personalized and context-aware.

IBM 5/5 Rule

A guideline stating it takes 5 prompts and 5 minutes for AI to create a phishing email campaign.

False Positives

Legitimate emails incorrectly classified as phishing emails by security systems.

Piggybacking

A social engineering tactic where an authorized person allows an unauthorized person to follow them into a restricted area.

Tailgating

A technique where an unauthorized person sneaks into a restricted area by closely following an authorized person.

Emotional Appeal

A method used in social engineering where emails or messages tap into a target's emotions, such as fear or greed.

Pretexting

A social engineering tactic where an attacker creates a fabricated scenario (pretext) to trick a target into divulging information or performing an action.

Baiting

A social engineering attack that uses a physical medium (like a USB drive) or an online lure (like a free download) to entice victims to fall for a trap.

Quid Pro Quo

A social engineering attack where the attacker offers something in return for information (e.g., offering IT help for a password).

Shoulder Surfing

Observing someone's private information over their shoulder (e.g., watching them type a PIN or password).