Phishing
Social engineering with a touch of spoofing; Often delivered by email, text, etc.; Usually there’s something not quite right; Check the URL
What is Phishing
Unsolicited messages
What is Spam
Attackers pretend to be someone they aren’t
What is Impersonation
Surf from afar;
What is Shoulder surfing
Starts with a bit of spear phishing; Might also include a link to pay; Attacker sends a fake invoice
What is Invoice scams
– A type of URL hijacking - https://professormessor.com – Prepending: https://pprofessormesser.com
What is Typosquatting
What does SPIM abbreviated for?
What is Spam over Instant Messaging
Credit card fraud; • Bank fraud; • Loan fraud; Government benefits fraud- All of these are types of
What is Identity fraud
If it sounds too good to be true; It’s the Internet. Believe no one
What is De-hoaxing
Works alongside scarcity; Act quickly, don’t think- This is an example of ___________
What is Urgency
Redirect a legit website to a bogus site
What is Pharming
• Use an authorized person to gain unauthorized access to a building
What is Tailgating
Can be easier to get this information over the phone ; Voice Phishing
What is Vishing
• A threat that doesn’t actually exist, but they seem like they COULD be rea
What is Computer hoaxes?
Authority; Scarcity; Intimidation; Urgency; Familiarity / Liking; Trust; Scarcity; Consensus / Social proof - Are all examples of
What is Social engineering principles
Targeted phishing with inside information; – Makes the attack more believable
What is Spear phishing
Unsolicited email: Stopping it at the gateway before it reaches the user.
What are Mail gateways
Extracting information from the victim; – Hacking the human
What is Eliciting information
Divide, distract, and persuade
What is Nation-state actors
Constantly changing;You never know what they’ll use next; May be in person or electronic; Phone calls from aggressive “customers” ;Emailed funeral notifications of a friend or associate
What is Effective social engineering
SMS phishing that is done by text message
What is Smishing
Layered defense – It’s never one thing
What is Defense-in-depth
• Secure your garbage • Shred your documents-What do you call it when you do this?
What is protect your rubbish
• Influence campaigns • Influence campaigns; Enabled through Social media
What is Hacking public opinion
When someone says something like "There will be bad things if you don’t help" ; Different Examples of _______
What is Intimidation
Spear phishing the CEO; Targeted phishing with the possibility of a large catch
What is Whaling
Have the mountain come to you – Go where the mountain hangs out – The watering hole – This requires a bit of research
What is Watering Hole Attack
Gather details that can be used for a different attack from important information thrown out with the trash
What is Dumpster diving
Military strategy; Influence with a military spin; Wage war non-traditionally
What is Hybrid warfare
Also called password harvesting; – Everything happens in the background; Attackers collect these login
What is Credential harvesting