Combination of social engineering with a touch of spoofing - looks like a legit email or IM, but look closely at the URL, spelling, font, etc for clues
. Phishing technique done over the phone
. Very targeted phishing - usaully with insider info - often has 'from HR dept' as the sender
. Phishing for high level target such as CEO
. Use someone else to gain access to a building; follow them in door, dress like them, etc; relies heavily on training people to avoid
. Pretend to be someone you aren't in order to get someone to give you something they shouldn't
. Physical barrier between 2 doors
. A bad guy might look for discarded documents with info that can be used in different kinds of attacks; timing is important; shred or burn docs
. Lowest tech hack - just looking at a screen - in airport, coffee shop, across a building with binoculars, using a webcam, etc
. Use to help stop shoulder surfing
. Time consuming threats that seem real but are not; sometimes they try to get you to pay money to make problem go away that doesn't really exist
. Attacker can't attack your system, so waits to attack you at a place you go to, outside of your system - they let you come to them - infect that site and thus you get infected when you come
. Relies on control diversity to provide multiple levels of network hierarchy that allow user domain segmentation
.
|