Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
9 Cards in this Set
- Front
- Back
Phishing |
Practice of fraudulent acquiring of data over the internet by masquerading as a trustworthy business. Attackers rely on deceived Social Engineering Practice. Employ spoofed emails to lead users to counterfeit websites designed to divulging data via trickery. |
|
Two Types of SE |
Human Based SE: Functions at a personal level, preys on quality of human nature e.g. being helpful, trust or fear of getting into trouble i.e. not good to question authority (Eavesdropping, impersonating a valid user, most commonly by phone) Computer Based SE: Employs software to retrieve user data i.e. pop ups, attachments (Phishing attacks, Vishing attacks) |
|
Reverse Social Engineering |
Avoids need to gain trust etc. Sabotage someone's eauipemtn and offer to fix for them. Require engineer to first Sabotage the equipment and then pretend to be able to fix it. Attack begins when victim calls on attacker for help. |
|
SE and desired outputs |
Act of persuading someone to give our information/data required and/or desired by the attacker. SE Attempts to obtain : sensitive information, authorisation and access details. |
|
Effective Prevention Methods |
User Awareness (education) Establishment of strong, enforced and tested policies and procedures. |
|
Whaling |
Spear fishing a big user e.g. CEO. Slow and requires attacker profiling. |
|
Authority |
By posing as a manager or important user, people are often intimidated and submit to authority |
|
Social Validation |
Conforming to apparently expected behaviour. Often intimidated by fact something is being done by everyone else. Attacker may use tailgating or encouraging to put confidential papers in a regular waste bin. |
|
Scarcity |
Imply limited in supply therefore required now. Effective for obtaining user details by simulating fake sites e.g. Last Minute Deals |