Uploaded by Kornly

Social Engineering Techniques

advertisement
Security+ 601 pt 1
Social Engineering Techniques:

Social Engineering – An attack vector that relies heavily on human interaction and often
involves tricking people into breaking normal security procedures.

Phishing – An attack that sends an email or displays a Web announcement that falsely
claims to be from a legitimate enterprise to trick the user into surrendering private
information, the most common form of social engineering.

Smishing – An attack using Short Message Service (SMS) on victims’ cell phones.

Vishing – A variation of phishing that uses voice communication technology to obtain
the information the attacker is seeking.

Spam – Bulk, unsolicited (junk) email.

Spam over Instant Message (SPIM) - Spam delivered via an instant message application,
purpose to gain unsuspecting user to click a malicious link.

Spear Phishing - A phishing attack that targets only specific users or groups.

Dumpster Diving – The process of looking in the trash for sensitive information that has
not been properly disposed of.

Shoulder Surfing – Attacking directly observes the individual entering sensitive
information on a form, keypad, or keyboard.

Pharming – Misdirecting users to fake websites made to look official, because of DNS
poisoning.

Tailgating – Following closely behind a person who has just used their own access card
or PIN to gain physical access to a room or building.

Eliciting Information – Encouraging a client to reach for and share info, client may not
realize this happening, often seen in Vishing attempt.

Whaling – A phishing attack that targets only wealthy individuals, such as a CEO or CFO.

Prepending- Act of adding something else to the beginning item, ex: stating they were
sent by a target’s boss or another authority figure.
Security+ 601 pt 1

Identity Fraud – Use of fake credentials to achieve an end considered high risk if used
successfully.

Invoice Scams – Use a fake invoice to get a company to pay for things it has no ordered.

Credential Harvesting – The collection of credential information, such as user IDs,
passwords, to enable an attacker to a series of access passes to a system.

Reconnaissance – Term used to scope out the battlefield/Organization to get a better
feel for who the attacker is hacking, they will use a wide range of methods to examine
their victim.

Hoax – A threat or malware that doesn’t actual exist but to the client seems to be real
and an actual threat.

Impersonation – An act of pretending to be another person for the purpose of fraud,
the attacker’s sides with victim’s biases to get through to what they want.

Watering Hole Attack – An attacker will compromise web servers to target select
groups. The first step is to determine the websites that the target group visits regularly.
The second step is to compromise one or more of those websites. The attacker
compromises the websites by infecting them with malware that can identify members
of the target group. A malicious attack that is directed toward a small group of specific
individuals who visit the same website.

Typosquatting – A form of cybersquatting that relies on mistakes, such as typographical
errors, made by internet users when inputting information into a web browser. A
problem that occurs when someone registers purposely misspelled variations of wellknown domain names. (prepending)

Pretexting – Occurs when someone deceives by pretending and social issues.

Influence campaigns – To sway public opinion on political and social issues.

Hybrid Warfare – Methods of waging war that can all be used together to create an
even more complex cyberwarfare, influencing foreign campaigns.

Social Media – Any tool or service that uses the internet to facilitate conversations.
Security+ 601 pt 1

Principles of Effectiveness – Authority, Intimidation, consensus scarcity, familiarity,
trust, and urgency.

Malware – Software that is intended to damage or disable computers and computer
systems.

Ransomware – a type of malicious software designed to block access to a computer
system until a sum of money is paid.

Types of Malwares – Virus, Worm, Trojan Horse, Rootkit, Spyware, Adware,
Ransomware, Cryptomalware, PUP’s, Logic Bombs, Fileless Virus, Bots, Botnets,
Keyloggers, RATs, backdoor, and C&C.

Trojans – Programs that look useful, but cause damage to your computer once inside.

Worms – Independent computer programs that copy themselves from one computer to
other computers over a network once the initial download.

Download