Combination of social engineering with a touch of spoofing - looks like a legit email or IM, but look closely at the URL, spelling, font, etc for clues
.
Phishing technique done over the phone
.
Very targeted phishing - usaully with insider info - often has 'from HR dept' as the sender
.
Phishing for high level target such as CEO
.
Use someone else to gain access to a building; follow them in door, dress like them, etc; relies heavily on training people to avoid
.
Pretend to be someone you aren't in order to get someone to give you something they shouldn't
.
Physical barrier between 2 doors
.
A bad guy might look for discarded documents with info that can be used in different kinds of attacks; timing is important; shred or burn docs
.
Lowest tech hack - just looking at a screen - in airport, coffee shop, across a building with binoculars, using a webcam, etc
.
Use to help stop shoulder surfing
.
Time consuming threats that seem real but are not; sometimes they try to get you to pay money to make problem go away that doesn't really exist
.
Attacker can't attack your system, so waits to attack you at a place you go to, outside of your system - they let you come to them - infect that site and thus you get infected when you come
.
Relies on control diversity to provide multiple levels of network hierarchy that allow user domain segmentation
.
|
