Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Security CompTIA 1.1
CompTIA objectives 1.1
| Term | Definition |
|---|---|
| • Identity fraud | occurs when someone steals personal information about you. It is using someone else's PII for personal gain |
| • Invoice scams | some criminals use it trying to trick people or organization into paying for goods or services they did not request and usually did not receive. |
| • Credential harvesting | is the use of MITM attacks, DNS poisoning, phishing and other vectors to amass large number of credentials ( username / passwords) for reuse |
| • Hoax | it is a message, often circulated through email, which tells of impending doom from a virus or security threat that simply doesn’t exist. |
| • Impersonation | some social engineers often attempt to impersonate others. The goal is to convince an authorized user to provide some information or help the attacker defeat a security control. |
| • Watering hole attack | this attacks attempts to discover which websites a group of people are likely to visit and then infects those websites with malware that can infect the visitors. |
| • Typo squatting | it is also called URL hijacking occurs when someone buys a domain name that is close to a legitimate domain name. Comptia.org might attackers buy domain name comptai.org. Hosting malicious website, earning as revenue, reselling domain name. |
| • Pretexting | attacks involve manufacturing a scenario, or pretext, to target the victim. The scammer usually impersonates an authority (tax man, IT department) who can request information. |
| • Influence campaigns | What bad actors use to spread inaccurate, emotional and fear mongering information to cause chaos. The internet has made this so much worse. |
| • Reconnaissance | Within the context of social engineering, it refers to gathering as much information as possible on a target, |
| Hybrid warfare | the use of a range of different methods to attack an enemy, for example, the spreading of false information, or attacking important computer systems, as well as, or instead of, traditional military action |
| Social media | Bad actors use social media to issue propaganda . |
| • Principles (reasons for effectiveness) | These are the principles that make social engineering so effective |
| Authority | social engineer leverage the authority based on two reactions: respect and fear |
| Intimidation | Attackers can intimidate victims into wanting them to go away |
| Consensus | Unlikely intimidation, social engineer will likely be a little nicer, more understanding, and more sympathetic to the needs of target. |
| Scarcity | The attakers will offer something that they really need. |
| Familiarity | Devoloping a bond with a social engineer target can help the attacker to better persuade and influece the targert into giving him what he wants |
| Trust | An attacker will take time to build a level of trust needed for the intended purpose that they have |
| Urgency | An attacker may use urgency to get a victim to perform or get information in a short amout of time while the victiom cannot think clearly or confirm the identity of the attacker |
| • Phishing | is a practice of sending emails to a users with the purpose of tricking them into revealing personal information or clicking on a link. |
| • Smishing | is ( a mashup of SMS and phishing ) a form of phishing that uses text instead of email. Some smishing text include malicious attachments, and some try to trick the user into giving up personal information. |
| • Vishing | attacks use the phone system to trick users into giving up personal and financial information. Vishing often uses Voice over IP (VoIP) technology allowing the attackers to spoof caller ID , making it appears as though the call came from a real company. |
| • Spam | is a unwanted or unsolicited email. Some spam is harmless advertisements, while much more is malicious and can include malicious link, malicious code and malicious attachments |
| • Spam over Internet messaging (SPIM) | is unwanted messages sent over instant messaging systems. (IM) |
| • Spear phishing | is a targeted form of phishing. Instead of sending the email out to everyone indiscriminately, a spear phishing attacks attempts to target specific groups of users or even a single user. |
| • Dumpster diving | the practice of searching through trash or recycling container to gain information discarded documents. |
| • Shoulder surfing | is simply looking over the shoulder of someone to gain information. The goal is to gain unauthorized information by casual observation, and it's likely to occur withing an office environment. |
| • Pharming | is when a bad actor re-directs you to a fake website instead of the legitimate one you intended to open. "Spoofed" sites capture your confidential information, including usernames, passwords, credit card data or install malware on to your device. |
| • Tailgating | is physical security breach in which an unauthorized person follow authorized individual to enter a typically secured areas |
| • Eliciting information | is the act of getting information without asking for it directly. Social engineers often use casual conversation to gather information without giving targets and idea the attacker is trying to gather information |
| Access Control Vestibules | it is also called Mantraps which are most often used in physical security to separate non-secure areas from secure areas and prevent unauthorized access |
| • Whaling | is a form of spear phishing that targets high ranking victims within a company |
| • Prepending | adding something to the beginning of message . Attacker can add [SAFE] to the subject line |
Created by:
sonerim88
Popular Computers sets