Chapter 1
How can we get exploited through social engineering?
1. Developing a Sense of Familiarity 2. Creating a Hostile Situation
· ____________________ o Uses a narrative (the pretext) to influence the victim into giving up some item of information.
Pre-texting
__________ are emails typically arriving in chain letter fashion that often describe impossible events, highly damaging malware or urban legends.
Hoaxes
__________________ involve the use of collected information and selective publication of material to key individuals in an attempt to alter perceptions and change peoples minds on a topic
Influence Campaigns
_____________________ is used to sway people toward a position favored by those spreading it also known as "hybrid warfare" "cyber warfare". In previous wars, this was called propaganda
Influence Campaigns
______________ scams use a fake invoice in an attempt to get a company to pay for things it has not ordered. o Premise: send a fake invoice and then get paid
Invoice Scams
·Misdirecting users to fake websites made to look official. ______________ is used through phishing, attackers target individuals, one by one, by sending out emails.
Pharming
________________________ o The actions of surveying a battlefield to gain information prior to hostiles. o An adversary will examine the systems they intend to attack, using a wide range of methods.
Reconnaissance
This scenario is an example of what?: SMS message recieved: You are subscribed to XYZ service, which will begin regular billings of $2 a month. Click here to unsubscribe before billing takes place.
Smishing
_____________________ is an attack using Short Message Service (SMS) on victims' cell phones.
Smishing
_______________ is the "The attack against psychology"
Social Engineering
________________ is an attack against a user, and typically involves some form of social interaction. Manipulating social nature of interpersonal relationships.
Social Engineering
What is SPIM?
Spam over Internet Messaging (SPIM)
_______________ is spam delivered via an instant messaging (SMS) application. Getting an unsuspecting user to click malicious content or links, thus initiating the attack.
Spam over Internet Messaging (SPIM)
Bulk unsolicited e-mail. ________________ is the use of messaging systems to send an unsolicited message to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose or simply sending the same message over and over to the same user.
Spamming
What is a targeted phishing attack?
Spear Phishing
______________________ refers to a phishing attack that targets a specific person or group of people with something in common.
Spear Phishing
____________________ o Arrives with something the victim is quasi-expecting or would seem as normal o Uses the guise of a project in trouble or some other situation where the attacker will be viewed as helpful or as someone not to upset o Name-drops the contact "Mr. Big" who happens to be out of the office and unreachable at the moment, thus avoiding the reference check
Third-Party Impersonator
In Influence Campaigns information is used to sway people toward a position favored by those spreading it also known as "______________"
hybrid warfare
The attacker attempts to obtain usernames, passwords, credit card numbers and other details.
phishing
This is a common example of what?: Attacker sends a bulk-email, supposedly from a bank, telling the recipients that a security breach has occurred and instructing them to click a link
phishing
_________________ is a type of social engineering in which an attacker attempts to obtain sensitive information from users by masquerading as a trust entity in an email or instant message sent to a large group of often random users.
phishing
The best defense against social engineering is a ______________________ program.
training and awareness
What type of attack takes advantage of the trust that some people place in the telephone network using VoIP technology?
vishing
__________________ is a variation of phishing that uses voice communication technology to obtain the information the attacker is seeking
vishing
·The attacker directly observes the individual sensitive information on a form, keypad, and keyboard. Attacker may simply look over your shoulder.
· Shoulder Surfing
·____________________ o Involves capitalizing upon common typographical errors. Mistyping in a URL sending your to a dangerous website.
· Typo squatting
Posing as a fellow student to attain information is an example as _______________.
·Pre-texting
_______________ is following closely behind a person who has just used their own access card or PIN to gain physical access to a room or building.
·Tailgating
__________________________ o Infecting of a target website with malware. Is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected.
·Watering Hole Attack
_________________ is refered to as URL hijacking, fake URL, or brandjacking
Typo Squatting
A ___________________ attack is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization, with the aim of stealing money or sensitive information or gaining access to their computer systems for criminal purposes.
Whaling
·_______________________ involves the collection of credential information, such as user ID's, passwords, and so on. o Just obtaining credentials
Credential Harvesting
___________________ is going through someone's trash in hopes of finding valuable information that might be used in a penetration attempt is known in the security community as dumpster diving.
Dumpster Diving
Piggybacking is also known as _____________
Tailgating
What are the 5 types of impersonations?
Third-Party Authorization Contractor/Outside Parties Online Attacks Defenses
Note: Phishing, Smishing, Vishing are attacks against users' ____________ state!
cognitive