Get 3 extra months of Quizlet Plus.

Upgrade now

Social Engineering and Share

Cybersecurity
Ashley_Allen864

Notes created 7/15/24

Information Security, Tooele Technical College

Study these notes further

Phishing Attacks

• Overview of Phishing
• Phishing is a prevalent form of social engineering aimed at deceiving individuals into
divulging personal information.
• Attackers often impersonate trusted entities like banks or service providers to trick
users into clicking malicious links.
• Phishing involves spoofing legitimate websites to gather sensitive data like login
credentials.
• Pretexting is commonly used to create false scenarios, prompting victims to disclose
information willingly.
• Types of Phishing Attacks
• Pharming involves redirecting users to fake websites by compromising DNS servers or
websites.
• Attackers exploit typosquatting to create URLs similar to legitimate sites for deceptive
purposes.
• Vishing, or voice phishing, occurs over phone calls where attackers manipulate caller
IDs to appear trustworthy.
• Smishing, or SMS phishing, involves using text messages to deceive recipients into
divulging personal information.

Defense Mechanisms

• Mitigating Phishing Attacks

 • Avoid clicking links in emails; manually type URLs to ensure legitimacy.
• Verify website URLs and scrutinize for any discrepancies or irregularities.
• Educate users on recognizing phishing attempts and the importance of not sharing
personal information.
• Implement multi-factor authentication and security awareness training to enhance
defense against phishing.
• Countermeasures for Social Engineering
• Utilize email filters and anti-phishing tools to detect and block malicious emails.
• Regularly update security software and patches to mitigate vulnerabilities exploited by
attackers.
• Conduct simulated phishing exercises to assess the organization's susceptibility to
social engineering attacks.
• Establish incident response protocols to swiftly address and contain phishing incidents.

Phishing Attacks and Impersonation

• Reconnaissance in Phishing Attacks

• Prior to phishing attacks, reconnaissance steps are taken to gather information from
open sources like social media and third-party websites.
• Attackers create believable pretexts by collecting personal details such as residence,
workplace, colleagues' names, and shopping habits.
• Spear phishing targets specific individuals or groups, while whaling focuses on high-
profile targets like CEOs for financial gain.
• A well-crafted phishing attack can lead to unauthorized access to sensitive information
or corporate accounts.
• Impersonation Techniques

• Attackers excel at impersonation, using pretexts and false identities to deceive victims.
• Common impersonation scenarios involve fake calls from reputable organizations like
Microsoft or the US Treasury to extract money or information.
• Impersonators often leverage reconnaissance data to mimic higher-ranking individuals
or use technical jargon to appear legitimate.
• By eliciting information through friendly conversations or technical terms, attackers aim
to extract sensitive data like passwords or email addresses.

Identity Fraud and Protection

• Value of Personal Information

• Personal details are highly valuable to attackers for identity fraud, leading to credit
card fraud, bank account breaches, and loan fraud.
 • Attackers exploit personal data for government benefit fraud or tax fraud by
impersonating victims.
• Protecting personal information is crucial to prevent fraudulent activities and
unauthorized access to financial accounts.
• Verifying the legitimacy of callers and refraining from sharing passwords or personal
details can mitigate the risk of identity theft.

Dumpster Diving

• Understanding Dumpster Diving

• Attackers gather valuable information by sifting through discarded materials like trash.
• Dumpster diving poses a security risk as attackers can extract sensitive data from
improperly disposed documents.
• Securing garbage disposal practices is essential to prevent unauthorized access to
confidential information.
• Proper disposal methods and shredding sensitive documents can deter dumpster
diving attempts.
• Overview of Dumpster Diving

• Dumpster diving involves gathering personal information from discarded items like
monthly statements, business documents, and personal correspondence.
• In the United States, dumpsters are common receptacles for trash, providing easy
access to sensitive information.
• Legality varies by location, with some areas allowing access to discarded items unless
restricted by local laws.
• To prevent dumpster diving, secure garbage areas with locks, shred documents, or
incinerate sensitive information.

Shoulder Surfing

• Understanding Shoulder Surfing

• Shoulder surfing involves unauthorized individuals viewing sensitive information on

screens by looking over shoulders.
• It is a common method to obtain passwords and access confidential documents.
• Privacy filters can prevent shoulder surfing by obscuring screens from anyone not
directly in front of the monitor.
• Prevent shoulder surfing by being aware of your surroundings and positioning screens
away from prying eyes.

Hoaxes

• Identifying and Dealing with Hoaxes

 • Hoaxes present false scenarios that consume time and resources, often involving fake
emails, messages, or voicemails.
• Common hoaxes may request gift card purchases as a means to extract money without
direct access to bank accounts.
• Some hoaxes simulate malware infections to deceive users into taking actions that
compromise personal information.
• Stay vigilant against hoaxes, such as fake prize notifications, and avoid engaging with
suspicious messages or requests.

Online Hoaxes and Scams

• Types of Online Hoaxes

• Hoax involving fake software updates: Attackers create deceptive software update
pages to trick users into downloading malware.
• Unsolicited messages and phishing attempts: Users should be cautious of messages
requesting personal information or offering too-good-to-be-true deals.
• Recommendation to verify sources: Cross-reference suspicious messages on reputable
websites like hoaxslayer.net and snopes.com.
• Importance of spam filters: Utilize spam filters to automatically detect and divert
potential hoaxes and scams.

Watering Hole Attacks

• Understanding Watering Hole Attacks

• Attackers target third-party websites frequented by the organization's users to

distribute malware.
• Research and selection of vulnerable sites: Attackers identify and compromise websites
likely to attract the target audience.
• Example of a watering hole attack: Attack on financial sites in 2017 targeted specific
visitors with malicious JavaScript files.
• Prevention measures: Implement layered security defenses, such as next-generation
firewalls and intrusion prevention systems.

• Preventing Watering Hole Attacks

• Layered defense strategy: Employ multiple security measures to mitigate the risk of
infection.
• Role of antivirus software: Antivirus programs like Symantec can detect and block
malicious scripts from infected websites.
• Awareness and vigilance: Stay informed about potential threats and be cautious while
browsing, even on trusted websites.
 • Impact of watering hole attacks: Highlight the importance of proactive security
measures to prevent network breaches.

Spam Management

• Overview of Spam

• Forms of spam: Commercial, non-commercial, and malicious messages inundate email

inboxes and other online platforms.
• Challenges for system administrators: Security risks, resource utilization, and costs
associated with managing spam.
• Importance of spam filters: Utilize spam management systems to filter out unwanted
messages and protect network resources.
• Costs and implications: Highlight the financial and operational impact of spam on
organizations.
• Spam Filtering Techniques

• Spam filters can block unwanted emails by identifying phishing attempts, like requests
for personal information.
• Implementing allowed lists ensures only trusted senders' emails are accepted,
requiring regular maintenance.
• Filters can detect non-compliant messages with RFCs, discarding those not meeting
email standards.
• Reverse DNS checks IP addresses to verify email sources, flagging suspicious
discrepancies.
• Tar pitting slows down email exchanges, frustrating spammers by delaying mass
sending.
• Recipient filtering prevents delivery to non-existent addresses, enhancing email
security.

• Mail Gateway Functionality

• Incoming emails are filtered at the mail gateway before reaching internal servers.
• Gateway checks for specific characteristics to identify and eliminate spam.
• Strategies like reverse DNS and recipient filtering enhance email security measures.
• Tar pitting technique slows down spammers' email servers, deterring rapid mass emails.

Influence Campaigns

• Creation and Impact

• Fake accounts are generated to spread manipulated content across various online
platforms.
• Influence campaigns aim to sway public opinion by amplifying messages through
multiple channels.
 • Real users unknowingly share manipulated content, leading to mass media coverage.
• Military entities may utilize influence campaigns to alter perceptions and influence
policies.

• Cyber Warfare and Social Media

• Cyber warfare leverages online platforms to influence elections and shape news
narratives.
• Internet facilitates global military influence, impacting international relations.
• Social media transforms traditional warfare tactics into cyber-based strategies.

Social Engineering Attacks

• Tailgating

• Unauthorized individuals exploit legitimate access by following authorized personnel.

• Tailgating can involve blending in with vendors or employees to gain entry unnoticed.
• Preventing tailgating is crucial to safeguard sensitive areas within organizations.
• Visitor policies and badges help control access and prevent unauthorized entry.

• Social Engineering Techniques

• Social engineering attacks like tailgating exploit human behavior to breach security
measures.
• Scams such as invoice fraud and credential harvesting target individuals for sensitive
information.
• Awareness and training are essential to mitigate social engineering risks effectively.
• Combining physical security measures with employee education enhances overall
security posture.

Flashcards Edit View

Reconnaissance

Gathering information about a target

before launching an attack.
 Change the answer side of the card in the Options menu

Change the answer side of the card in the Options menu

9 / 69

Other ways to study these flashcards

Learn Test Match

This product is enhanced by AI and may provide incorrect or problematic content. Please report any
content that needs review by clicking .