Chapter 1

¡Supera tus tareas y exámenes ahora con Quizwiz!

How can we get exploited through social engineering?

1. Developing a Sense of Familiarity 2. Creating a Hostile Situation

· ____________________ o Uses a narrative (the pretext) to influence the victim into giving up some item of information.

Pre-texting

__________ are emails typically arriving in chain letter fashion that often describe impossible events, highly damaging malware or urban legends.

Hoaxes

__________________ involve the use of collected information and selective publication of material to key individuals in an attempt to alter perceptions and change peoples minds on a topic

Influence Campaigns

_____________________ is used to sway people toward a position favored by those spreading it also known as "hybrid warfare" "cyber warfare". In previous wars, this was called propaganda

Influence Campaigns

______________ scams use a fake invoice in an attempt to get a company to pay for things it has not ordered. o Premise: send a fake invoice and then get paid

Invoice Scams

·Misdirecting users to fake websites made to look official. ______________ is used through phishing, attackers target individuals, one by one, by sending out emails.

Pharming

________________________ o The actions of surveying a battlefield to gain information prior to hostiles. o An adversary will examine the systems they intend to attack, using a wide range of methods.

Reconnaissance

This scenario is an example of what?: SMS message recieved: You are subscribed to XYZ service, which will begin regular billings of $2 a month. Click here to unsubscribe before billing takes place.

Smishing

_____________________ is an attack using Short Message Service (SMS) on victims' cell phones.

Smishing

_______________ is the "The attack against psychology"

Social Engineering

________________ is an attack against a user, and typically involves some form of social interaction. Manipulating social nature of interpersonal relationships.

Social Engineering

What is SPIM?

Spam over Internet Messaging (SPIM)

_______________ is spam delivered via an instant messaging (SMS) application. Getting an unsuspecting user to click malicious content or links, thus initiating the attack.

Spam over Internet Messaging (SPIM)

Bulk unsolicited e-mail. ________________ is the use of messaging systems to send an unsolicited message to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose or simply sending the same message over and over to the same user.

Spamming

What is a targeted phishing attack?

Spear Phishing

______________________ refers to a phishing attack that targets a specific person or group of people with something in common.

Spear Phishing

____________________ o Arrives with something the victim is quasi-expecting or would seem as normal o Uses the guise of a project in trouble or some other situation where the attacker will be viewed as helpful or as someone not to upset o Name-drops the contact "Mr. Big" who happens to be out of the office and unreachable at the moment, thus avoiding the reference check

Third-Party Impersonator

In Influence Campaigns information is used to sway people toward a position favored by those spreading it also known as "______________"

hybrid warfare

The attacker attempts to obtain usernames, passwords, credit card numbers and other details.

phishing

This is a common example of what?: Attacker sends a bulk-email, supposedly from a bank, telling the recipients that a security breach has occurred and instructing them to click a link

phishing

_________________ is a type of social engineering in which an attacker attempts to obtain sensitive information from users by masquerading as a trust entity in an email or instant message sent to a large group of often random users.

phishing

The best defense against social engineering is a ______________________ program.

training and awareness

What type of attack takes advantage of the trust that some people place in the telephone network using VoIP technology?

vishing

__________________ is a variation of phishing that uses voice communication technology to obtain the information the attacker is seeking

vishing

·The attacker directly observes the individual sensitive information on a form, keypad, and keyboard. Attacker may simply look over your shoulder.

· Shoulder Surfing

·____________________ o Involves capitalizing upon common typographical errors. Mistyping in a URL sending your to a dangerous website.

· Typo squatting

Posing as a fellow student to attain information is an example as _______________.

·Pre-texting

_______________ is following closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.

·Tailgating

__________________________ o Infecting of a target website with malware. Is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected.

·Watering Hole Attack

_________________ is refered to as URL hijacking, fake URL, or brandjacking

Typo Squatting

A ___________________ attack is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization, with the aim of stealing money or sensitive information or gaining access to their computer systems for criminal purposes.

Whaling

·_______________________ involves the collection of credential information, such as user ID's, passwords, and so on. o Just obtaining credentials

Credential Harvesting

___________________ is going through someone's trash in hopes of finding valuable information that might be used in a penetration attempt is known in the security community as dumpster diving.

Dumpster Diving

Piggybacking is also known as _____________

Tailgating

What are the 5 types of impersonations?

Third-Party Authorization Contractor/Outside Parties Online Attacks Defenses

Note: Phishing, Smishing, Vishing are attacks against users' ____________ state!

cognitive


Conjuntos de estudio relacionados

Module 9: Monitoring for Health Problems

View Set

Chapter 17 Section 2 and 3 - Hoffman

View Set

Business Law 1 // Ch. 6 Tort Law

View Set

Chapter 55: Drugs Acting on the Lower Respiratory Tract

View Set

Vulnerability Analysis - Ethical Hacking

View Set

Perry Chapter 31: The Infant and Family

View Set