Get ahead with a $300 test prep scholarship
| Enter to win by Tuesday 9/24
Terms in this set (25)
is an attack that exploits human nature by convincing someone to reveal information or perform an activity. There are two forms of social engineering
Passive social engineering
takes advantage of the unintentional actions of others to gather information or gain access to a secure facility.
Active social engineering
involves direct interaction with users, asking them to reveal information or take actions.
Persuasive social engineering
entails an attacker convincing a person to give them information or access that they shouldn't.
Reciprocity social engineering
engineering entails an attacker "gifting" something of lesser or equal value to what they expect in return.
entails an attacker using peer pressure to coerce someone else to bend rules or give information they shouldn't
social engineering entails convincing someone to buy into an overall idea, then demanding or including further specifics that were not presented up front.
social engineering entails an attacker presenting an item as "a limited-time" or "scarce quantity" offer to increase sales
social engineering entails an attacker using the premise of a friendship as a reason to "help them out" or do something that the victim is not authorized to do.
social engineering entails an attacker either lying about having authority or using their high status in a company to force victims to perform actions or to give information that exceed their authorization level.
involves looking over the shoulder of someone working on a computer.
refers to an unauthorized person listening to conversations of employees or other authorized personnel discussing sensitive topics
is the process of looking in the trash for sensitive information that has not been properly disposed of.
refer to an attacker entering a secured building by following an authorized employee through a secure door and not providing identification
refers to convincing personnel to grant access to sensitive information or protected systems by pretending to be someone who is authorized and/or requires that access.
scam is an e-mail pretending to be from a trusted organization, asking to verify personal information or send money
Rock Phish kit
is a fake Web site that can be set up which imitates a real Web site. such as banks, PayPal®, eBay®, and Amazon®).
also known as a 419 scam, involves e-mail which requests a small amount of money to help transfer funds from a foreign country.
attackers gather information about the victim, such as identifying which online banks they use.
is another form of phishing that is targeted to senior executives and high profile victims.
is similar to phishing but instead of an e-mail, the attacker uses Voice over IP (VoIP) to gain sensitive information
is targeted at gaining access to information that will allow the attacker to gain commercial advantage or commit fraud.
prey on e-mail recipients who are fearful and believe most information if it is presented in a professional manner. Usually these hoax messages instruct the reader to delete key system files or download Trojan horses
Spyware and adware
are pop-up advertisements that can have malicious objectives such as:
Tricking users into unknowingly downloading malware.
is the use of a fictitious scenario to persuade someone to perform an action or give information for which they are not authorized.