Security+ SYO-601 Chapter 1

process by which an attacker seeks to extract useful information from users by tricking them into helping the attacker.

assumes the character or appearance of someone else.

scavenge for useful information in the trash.

looking over someone’s shoulder to obtain information.

digital junk mail.

SPAM over instant message.(IM)

acquire sensitive information by masquerading as a trustworthy entry via electronic communication (email).

phishing email towards a specific individual.

phishing after high profile targets such as an executive within a company.

voice phishing - use of fake caller ID to enter account details via the phone.

SMS phishing via text message.

redirects victims from a legitimate site to a bogus website using DNS cache poisoning.

piggybacking or following closely behind someone who has authorized physical access in an environment.

prepend the subject line in email some sort of notification if the email is external.

a person’s personal information is used without authorization to deceive or commit a crime.

fake crafted invoices emailed for payment.

common goal of phishing campaigns that involves capturing usernames and passwords.

gather information about the personnel’s roles and responsibilities.

Presents a threat but the threat does not actually exists at face value.

attacking a site that the a target frequently visits.

an attack against a vulnerability that is unknown to software and security vendors.

AKA URL hijacking, is a simple method used frequently for benign purposes websites for misspelled URLs.

to spread FUD on social media outlets