L16 - T16A - S4 – Phishing and Evil Twins

0.0(0)

Studied by 0 people

Learn

Practice Test

Spaced Repetition

Match

Flashcards

Card Sorting

1/3

There's no tags or description

Looks like no tags are added yet.

Study Analytics

Name	Mastery	Learn	Test	Matching	Spaced

No study sessions yet.

4 Terms

New cards

Phishing

Email-based social engineering attack, in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim – (A+)

May use message might try to convince the user to perform some action, such as installing disguised malware
May use a spoof website set up to imitate a bank or ecommerce site or some other web resource that should be trusted by the target
- When users authenticate with the spoofed site, their logon credentials are captured

New cards

The 3 Phishing Variants

Spear Phishing
- Occurs when the attacker has some information that makes the target more likely to be fooled by the attack
- e.g. name of a document or recipients name, job title, phone number
Whaling
- An attack directed specifically against upper levels of management in the organization or wealthy people (CEOs and other "big catches")
Vishing
- This is conducted through a voice channel (telephone or VoIP, for instance)

New cards

Evil Twin

The attacker uses a rogue wireless access point to try to harvest credentials

Similar network name (SSID) to the legitimate one, or

The attacker might use some denial of service (DoS) technique to overcome the legitimate AP
The [answer] might be able to harvest authentication information from users entering their credentials by mistake
- E.g. might allow devices to connect via open authentication and then redirect users' web browsers to a spoofed captive portal that prompts them for their network password