• Barajar
    Activar
    Desactivar
  • Alphabetizar
    Activar
    Desactivar
  • Frente Primero
    Activar
    Desactivar
  • Ambos lados
    Activar
    Desactivar
  • Leer
    Activar
    Desactivar
Leyendo...
Frente

Cómo estudiar sus tarjetas

Teclas de Derecha/Izquierda: Navegar entre tarjetas.tecla derechatecla izquierda

Teclas Arriba/Abajo: Colvea la carta entre frente y dorso.tecla abajotecla arriba

Tecla H: Muestra pista (3er lado).tecla h

Tecla N: Lea el texto en voz.tecla n

image

Boton play

image

Boton play

image

Progreso

1/33

Click para voltear

Rango de Cartas a estudiar

a través

33 Cartas en este set

  • Frente
  • Atrás
Social engineering.
is the process by which an attacker seeks to extract useful information from users, often by just tricking them into helping the attacker.
impersonation
A core tactic of social engineers, which simply means someone assumes the character or appearance of someone else
What kind of information use an attacker to do reconnaissance of the target?.
usually the attacker uses public information sources to first do reconnaissance of the target.
Identity fraud
The use of a person’s personal information without authorization to deceive or commit a crime.
the best defense against social engineering?
is ongoing user awareness and education.
Tailgating
Following closely behind someone who has
authorized physical access in an environment
Control of tailgating
Many high-security facilities employ mantraps (airlocklike mechanisms that allow only one person to pass at a time) to provide entrance control and prevent tailgating.
Dumpster Diving
They can extract sensitive information from the garbage without ever contacting anyone in the organization.

A technique used by an attacker that
involves gathering useful information from discarded
data
Shoulder surfing
Looking over someone’s shoulder to obtain information
What do phishing and related attacks rely in?
rely on technical methods to accomplish the goals
What people tend to in?
People tend to trust others.
People tend to want to be helpful to those in need
Phishing and Variants
These techniques by themselves are first and foremost
about
eliciting information that can directly or indirectly lead to sensitive data loss or other compromise
Cada vez más, social engineering attacks are being
conducted:
Electronically
True or False
Social engineering conducted via computer systems has different names depending on the target and the method.
True
Que es SPIM
spam over Internet messaging
A type of unsolicited messaging that is specifically sent over instant messaging platforms.
What is phishing
Phishing is an attempt to acquire sensitive information by masquerading as a trustworthy entity via electronic communication.
What is prepending
Muchas organizaciones ahora anteponen a la línea de asunto algún tipo de notificación si el correo electrónico es externo.
Variants of Phishing
Spear phishing
Whaling
Vishing
Smishing
Pharming
Spear phishing
This is a targeted version of phishing. Whereas phishing often involves mass emailing, spear phishing goes after a specific individual.
Whaling
Whaling is identical to spear phishing, except for the size of the fish. Whaling employs spear phishing tactics but goes after high profile targets, such as an executive within a company.
Vishing:
Also known as voice phishing, vishing is the use of fake caller ID to appear as a trusted organization and attempts to get an individual to enter account details via the phone.
Smishing
Also known as SMS phishing, smishing is the use of phishing methods through text messaging.
Pharming
This term is a combination of farming and phishing.
Pharming does not require the user to be tricked into clicking a link. Instead, pharming redirects victims from a legitimate site to a bogus website. To accomplish this, the attacker employs another attack, such as DNS cache poisoning.
Credential harvesting
is a common goal of phishing campaigns that involves capturing usernames and passwords
watering hole attack
An attack in which the attacker focuses on a site frequently visited by the target. Similar to spear phishing but does not use email.
Typo Squatting
An attack that most commonly relies on typographic errors made by users on the Internet. Also
known as URL hijacking
Why are Hoaxes interesting?
Hoaxes are interesting because although a hoax presents a threat.
Hoax
A situation that seems like it could be legitimate
but often results from people seeking to carry out various threats
influence campaign
Coordinated actions that seek to affect the development, actions, and behavior of the targeted population.
Does recent influence campaing include hybrid warfare?
yes
Hybrid warfare
Hybrid warfare can and often does include a combination of these methods, but the psychological,
economic, and political influence aspects go beyond just distraction to achieving greater goals, such as dividing public opinion by exploiting societal vulnerabilities.
PRINCIPLES OF INFLUENCE
(REASONS FOR EFFECTIVENESS)
Authority.
Intimidation.
Consensus/social proof.
carcity and urgency.
Familiarity/liking.
Trust
Authority.
Job titles, uniforms, symbols, badges, and even specific
expertise