Security Plus: Chapter 2
Social engineering - Answer type of attack that uses deception and trickery to convince
unsuspecting users to provide sensitive data or to violate security guidelines
Spoofing - Answer soft-ware based attack where the goal is to pretend to be someone
else for the purpose of identity concealment
Impersonation - Answer attacker pretends to be someone they are not
Hoax - Answer email or web based attack that is intended to trick the user into
performing undesired actions, such as deleting files in attempt to remove a virus
Phishing - Answer email-based social engineering attack; attacker sends and email that
seems to come from a respected back or financial institution
Vishing - Answer goal is to extract personal, financial, or confidential information from
the victim by using services such as telephone system and IP-based voice messaging
services
Whaling - Answer form of spear phishing that targets individuals or organizations that
are known to possess a good ideal of wealth
URL Hijacking (typo squatting) - Answer tactic of exploiting typos that users sometimes
make when entering a URL
Spim - Answer spam propagated through IM instead of email
Shoulder surfing - Answer attack by looking over the shoulder of an individual as they
enter password information
Tailgating (piggy backing) - Answer attack where an attacker will spill in through a
secure area following a legitimate employee
Hacker: White hats - Answer hacker who discovers and exposes security flaws to fix
before they become widespread problems
Hacker: Black hats - Answer hacker who discovers and exposes security vulnerabilities
for financial gain or for some malicious purpose
Malicious insider - Answer a threat originating from an employee in an organization
Electronic activist (backtivist) - Answer hacktivist is motivated by a desire to cause
social change
Script kiddie - Answer novice attacker
Social engineering - Answer type of attack that uses deception and trickery to convince
unsuspecting users to provide sensitive data or to violate security guidelines
Spoofing - Answer soft-ware based attack where the goal is to pretend to be someone
else for the purpose of identity concealment
Impersonation - Answer attacker pretends to be someone they are not
Hoax - Answer email or web based attack that is intended to trick the user into
performing undesired actions, such as deleting files in attempt to remove a virus
Phishing - Answer email-based social engineering attack; attacker sends and email that
seems to come from a respected back or financial institution
Vishing - Answer goal is to extract personal, financial, or confidential information from
the victim by using services such as telephone system and IP-based voice messaging
services
Whaling - Answer form of spear phishing that targets individuals or organizations that
are known to possess a good ideal of wealth
URL Hijacking (typo squatting) - Answer tactic of exploiting typos that users sometimes
make when entering a URL
Spim - Answer spam propagated through IM instead of email
Shoulder surfing - Answer attack by looking over the shoulder of an individual as they
enter password information
Tailgating (piggy backing) - Answer attack where an attacker will spill in through a
secure area following a legitimate employee
Hacker: White hats - Answer hacker who discovers and exposes security flaws to fix
before they become widespread problems
Hacker: Black hats - Answer hacker who discovers and exposes security vulnerabilities
for financial gain or for some malicious purpose
Malicious insider - Answer a threat originating from an employee in an organization
Electronic activist (backtivist) - Answer hacktivist is motivated by a desire to cause
social change
Script kiddie - Answer novice attacker
