uni/second/semester1/logseq-stuff/pages/Social Engineering.md

• #CT255 - Next Generation Technologies II
• Previous Topic: Hash Cracking Using Rainbow Tables
• Next Topic: DIffie-Hellman Key Exchange
• Relevant Slides:
• What is Social Engineering? #card card-last-interval:: 4 card-repeats:: 2 card-ease-factor:: 2.7 card-next-schedule:: 2022-11-18T20:10:38.202Z card-last-reviewed:: 2022-11-14T20:10:38.202Z card-last-score:: 5
  • Social Engineering is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
• What is Phishing? #card card-last-interval:: 4 card-repeats:: 2 card-ease-factor:: 2.7 card-next-schedule:: 2022-11-18T20:09:18.304Z card-last-reviewed:: 2022-11-14T20:09:18.304Z card-last-score:: 5
  • Phishing usually involves sending malicious emails from supposedly trusted sources to as many people as possible, assuming a low response rate.
• What is Spear Phishing? #card card-last-interval:: 14.2 card-repeats:: 3 card-ease-factor:: 2.7 card-next-schedule:: 2022-12-05T17:10:15.178Z card-last-reviewed:: 2022-11-21T13:10:15.178Z card-last-score:: 5
  • In Spear Phishing, the perpetrator is disguised as a trusted individual, such as a boss, friend, or spouse.
• What is Whaling? #card card-last-interval:: -1 card-repeats:: 1 card-ease-factor:: 2.5 card-next-schedule:: 2022-11-15T00:00:00.000Z card-last-reviewed:: 2022-11-14T20:08:34.227Z card-last-score:: 1
  • Whaling uses deceptive email messages targeting high-level decision makers within an organisation, such as CEOs or other executives.
    • Such individuals have access to highly valuable information, including trade secrets & passwords to administrative company accounts.
• What is Smishing? #card card-last-interval:: 4 card-repeats:: 2 card-ease-factor:: 2.7 card-next-schedule:: 2022-11-18T20:09:23.408Z card-last-reviewed:: 2022-11-14T20:09:23.409Z card-last-score:: 5
  • Smishing is portmanteau for "SMS Phishing", and it works much the same as phishing.
    • Users are tricked via an SMS text rather than from an email.
• What is Vishing? #card card-last-interval:: 4 card-repeats:: 2 card-ease-factor:: 2.7 card-next-schedule:: 2022-11-22T18:35:22.344Z card-last-reviewed:: 2022-11-18T18:35:22.345Z card-last-score:: 5
  • Vishing, also called VOIP Phishing is the voice counterpart to phishing.
    • For example, an email asks the user to make a phone call, or victims receive an unsolicited call.
• What is Pretexting? #card card-last-interval:: 2.8 card-repeats:: 2 card-ease-factor:: 2.6 card-next-schedule:: 2022-11-17T15:07:29.538Z card-last-reviewed:: 2022-11-14T20:07:29.538Z card-last-score:: 5
  • Pretexting is the practice of presenting oneself as someone else in order to obtain private information.
    • It is more than just creating a lie, in some cases, it can involve creating an entirely new identity and then using that identity to manipulate the receipt of information.
  • Pretexting goes hand-in-hand with vishing.
• What is a Watering Hole attack? #card card-last-interval:: 2.8 card-repeats:: 2 card-ease-factor:: 2.6 card-next-schedule:: 2022-11-17T15:08:14.319Z card-last-reviewed:: 2022-11-14T20:08:14.320Z card-last-score:: 5
  • A Watering Hole attack consists of injecting malicious code into public web pages of a website that the target visits.
    • The attackers typically compromise websites within a specific sector that are typically visited by specific individuals of interest for the attacks.
• What is Pharming? #card card-last-interval:: 2.8 card-repeats:: 2 card-ease-factor:: 2.6 card-next-schedule:: 2022-11-20T04:49:56.535Z card-last-reviewed:: 2022-11-17T09:49:56.536Z card-last-score:: 5
  • Pharming scams redirect users to a copy of a popular website where personal data such as usernames, passwords, & financial information can be "farmed" & collected for fraudulent use.