uni/year2/semester1/logseq-stuff/pages/Social Engineering.md

- #[[CT255 - Next Generation Technologies II]]
- **Previous Topic:** [[Hash Cracking Using Rainbow Tables]]
- **Next Topic:** [[DIffie-Hellman Key Exchange]]
- **Relevant Slides:** ![ct255_05.pdf](../assets/ct255_05_1665403304356_0.pdf)
-
- What is **Social Engineering**? #card
  card-last-interval:: 4
  card-repeats:: 2
  card-ease-factor:: 2.7
  card-next-schedule:: 2022-11-18T20:10:38.202Z
  card-last-reviewed:: 2022-11-14T20:10:38.202Z
  card-last-score:: 5
	- **Social Engineering** is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
- What is **Phishing**? #card
  card-last-interval:: 4
  card-repeats:: 2
  card-ease-factor:: 2.7
  card-next-schedule:: 2022-11-18T20:09:18.304Z
  card-last-reviewed:: 2022-11-14T20:09:18.304Z
  card-last-score:: 5
	- **Phishing** usually involves sending malicious emails from supposedly trusted sources to as many people as possible, assuming a low response rate.
- What is **Spear Phishing**? #card
  card-last-interval:: 14.2
  card-repeats:: 3
  card-ease-factor:: 2.7
  card-next-schedule:: 2022-12-05T17:10:15.178Z
  card-last-reviewed:: 2022-11-21T13:10:15.178Z
  card-last-score:: 5
	- In **Spear Phishing**, the perpetrator is disguised as a trusted individual, such as a boss, friend, or spouse.
- What is **Whaling**? #card
  card-last-interval:: -1
  card-repeats:: 1
  card-ease-factor:: 2.5
  card-next-schedule:: 2022-11-15T00:00:00.000Z
  card-last-reviewed:: 2022-11-14T20:08:34.227Z
  card-last-score:: 1
	- **Whaling** uses deceptive email messages targeting high-level decision makers within an organisation, such as CEOs or other executives.
		- Such individuals have access to highly valuable information, including trade secrets & passwords to administrative company accounts.
- What is **Smishing**? #card
  card-last-interval:: 4
  card-repeats:: 2
  card-ease-factor:: 2.7
  card-next-schedule:: 2022-11-18T20:09:23.408Z
  card-last-reviewed:: 2022-11-14T20:09:23.409Z
  card-last-score:: 5
	- **Smishing** is portmanteau for "SMS Phishing", and it works much the same as phishing.
		- Users are tricked via an SMS text rather than from an email.
- What is **Vishing**? #card
  card-last-interval:: 4
  card-repeats:: 2
  card-ease-factor:: 2.7
  card-next-schedule:: 2022-11-22T18:35:22.344Z
  card-last-reviewed:: 2022-11-18T18:35:22.345Z
  card-last-score:: 5
	- **Vishing**, also called **VOIP Phishing** is the voice counterpart to phishing.
		- For example, an email asks the user to make a phone call, or victims receive an unsolicited call.
- What is **Pretexting**? #card
  card-last-interval:: 2.8
  card-repeats:: 2
  card-ease-factor:: 2.6
  card-next-schedule:: 2022-11-17T15:07:29.538Z
  card-last-reviewed:: 2022-11-14T20:07:29.538Z
  card-last-score:: 5
	- **Pretexting** is the practice of presenting oneself as someone else in order to obtain private information.
		- It is more than just creating a lie, in some cases, it can involve creating an entirely new identity and then using that identity to manipulate the receipt of information.
	- Pretexting goes hand-in-hand with vishing.
- What is a **Watering Hole** attack? #card
  card-last-interval:: 2.8
  card-repeats:: 2
  card-ease-factor:: 2.6
  card-next-schedule:: 2022-11-17T15:08:14.319Z
  card-last-reviewed:: 2022-11-14T20:08:14.320Z
  card-last-score:: 5
	- A **Watering Hole** attack consists of injecting malicious code into public web pages of a website that the target visits.
		- The attackers typically compromise websites within a specific sector that are typically visited by specific individuals of interest for the attacks.
- What is **Pharming**? #card
  card-last-interval:: 2.8
  card-repeats:: 2
  card-ease-factor:: 2.6
  card-next-schedule:: 2022-11-20T04:49:56.535Z
  card-last-reviewed:: 2022-11-17T09:49:56.536Z
  card-last-score:: 5
	- **Pharming** scams redirect users to a copy of a popular website where personal data such as usernames, passwords, & financial information can be "farmed" & collected for fraudulent use.
-