Chapter 4: Social Engineering

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/33

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

34 Terms

1
New cards

authority

most people will obey someone who appears to be in charge or knowledgeable regardless of whether or not they actually are.

2
New cards

intimidation

scaring or bullying an individual into taking a desired action

3
New cards

consensus-based

social engineering uses the fact that people tend to want to do what others are doing to persuade them to take an action.

4
New cards

Scarcity

used for social engineering in scenarios that make something look more desirable because it may be the last one available.

5
New cards

Familiarity based

attacks rely on you liking the individual or even the organization the individual is claiming to represent.

6
New cards

Trust

relies on a connection with the individual they are targeting

7
New cards

Urgency

creating a feeling that the action must be taken quickly due to some reason or reasons.

8
New cards

Phishing

the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

9
New cards

Smishing

Phishing attacks committed using text messages (SMS).

10
New cards

Vishing

a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information

11
New cards

spear phishing

a phishing expedition in which the emails are carefully designed to target a particular person or organization

12
New cards

Whaling

A phishing attack that targets only wealthy individuals.

13
New cards

credential harvesting

gathering credentials like usernames and passwords

14
New cards

Pharming

An online scam that attacks the browser's address bar. Users type in what they think is a valid website address and are unknowingly redirected to an illegitimate site that steals their personal information.

15
New cards

Typosquatting attacks

use misspelled and slightly off but similar to the legitimate site URLs to conduct Typosquatting attacks

16
New cards

Spam

unsolicited email

17
New cards

Spam over Instant Messaging (spim)

Unsolicited messages sent over an instant messaging service, such as Windows Messenger. (16)

18
New cards

dumpster diving

Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away

19
New cards

Shoulder surfing

the process of looking over a person's shoulder to capture information like passwords or other data.

20
New cards

Tailgating

When an unauthorized individual enters a restricted-access building by following an authorized user.

21
New cards

Eliciting Information

is a technique used to gather information without targets realizing they are providing it.

22
New cards

Pretexting

a form of social engineering in which one individual lies to obtain confidential data about another individual

23
New cards

identity fraud

a crime where one person uses another person's personal data, without authorization, to deceive or defraud someone else

24
New cards

online influence campaigns

traditionally focused on social media, email and other online-centric mediums, have become part of what has come to be called hybrid warfare

25
New cards

Hybrid Warfare

- Combining conventional warfare with cyberwarfare

26
New cards

Password Attacks

Attempt to discover or bypass passwords used for authentication on systems and networks, and for different types of files

27
New cards

Brute force attacks

Exhausts all possible password combinations to break into an account

28
New cards

Password Spraying attacks

a type of brute force attack that attempts to use a single password or small set of passwords against many accounts.

29
New cards

Dictionary attacks

compare passwords to a list of common words, and can search for multiword phrase combinations

30
New cards

Physical attacks

Attack vector that trumps logical, leverage remote device physical access to gain access to other devices on a network

31
New cards

Malicious USB cables and flash drives

a device crafted to perform unwanted activities against a computer and/or mobile device or peripheral without the victim realizing the attack is occurring. Attacks include exfiltrating data and injecting malware.

32
New cards

Card Cloning attacks

Focus on capturing information from cards like RFID and magnetic stripe cards often used for entry access.

33
New cards

Skimming attacks

use hidden or fake readers or social engineering and hand-hed readers to capture card and then employ cloning tools to use credit cards and entry access cards for their own purposes.

34
New cards

Supply chain attacks

A cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain.