Studied by 0 people
Looks like no one added any tags here yet for you.
authority
most people will obey someone who appears to be in charge or knowledgeable regardless of whether or not they actually are.
intimidation
scaring or bullying an individual into taking a desired action
consensus-based
social engineering uses the fact that people tend to want to do what others are doing to persuade them to take an action.
Scarcity
used for social engineering in scenarios that make something look more desirable because it may be the last one available.
Familiarity based
attacks rely on you liking the individual or even the organization the individual is claiming to represent.
Trust
relies on a connection with the individual they are targeting
Urgency
creating a feeling that the action must be taken quickly due to some reason or reasons.
Phishing
the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Smishing
Phishing attacks committed using text messages (SMS).
Vishing
a phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information
spear phishing
a phishing expedition in which the emails are carefully designed to target a particular person or organization
Whaling
A phishing attack that targets only wealthy individuals.
credential harvesting
gathering credentials like usernames and passwords
Pharming
An online scam that attacks the browser's address bar. Users type in what they think is a valid website address and are unknowingly redirected to an illegitimate site that steals their personal information.
Typosquatting attacks
use misspelled and slightly off but similar to the legitimate site URLs to conduct Typosquatting attacks
Spam
unsolicited email
Spam over Instant Messaging (spim)
Unsolicited messages sent over an instant messaging service, such as Windows Messenger. (16)
dumpster diving
Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away
Shoulder surfing
the process of looking over a person's shoulder to capture information like passwords or other data.
Tailgating
When an unauthorized individual enters a restricted-access building by following an authorized user.
Eliciting Information
is a technique used to gather information without targets realizing they are providing it.
Pretexting
a form of social engineering in which one individual lies to obtain confidential data about another individual
identity fraud
a crime where one person uses another person's personal data, without authorization, to deceive or defraud someone else
online influence campaigns
traditionally focused on social media, email and other online-centric mediums, have become part of what has come to be called hybrid warfare
Hybrid Warfare
- Combining conventional warfare with cyberwarfare
Password Attacks
Attempt to discover or bypass passwords used for authentication on systems and networks, and for different types of files
Brute force attacks
Exhausts all possible password combinations to break into an account
Password Spraying attacks
a type of brute force attack that attempts to use a single password or small set of passwords against many accounts.
Dictionary attacks
compare passwords to a list of common words, and can search for multiword phrase combinations
Physical attacks
Attack vector that trumps logical, leverage remote device physical access to gain access to other devices on a network
Malicious USB cables and flash drives
a device crafted to perform unwanted activities against a computer and/or mobile device or peripheral without the victim realizing the attack is occurring. Attacks include exfiltrating data and injecting malware.
Card Cloning attacks
Focus on capturing information from cards like RFID and magnetic stripe cards often used for entry access.
Skimming attacks
use hidden or fake readers or social engineering and hand-hed readers to capture card and then employ cloning tools to use credit cards and entry access cards for their own purposes.
Supply chain attacks
A cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply chain.
