We recently wrote about how the terminology used in InfoSec and Cybersecurity education can be quite confusing, you can catch a read of that blog here.
- What is Social Engineering?
- What is Dumpster Diving?
- What is Shoulder Surfing?
- What is a Domain?
- What is CEO Fraud?
- What is Phishing?
- What is Spearphishing?
- What is Whaling?
- What is Vishing?
- What is SMShing?
- What is Tailgating?
- What is a VPN?
- What is BCP?
- What is GDPR?
- What is MFA?
- What is a Password Manager?
- What is OSINT?
- What is Cyber Stalking?
- What is a Key Logger?
- What is a Dropbox?
- What is Malware?
- What is Ransomware?
- What is SIM Swap Fraud?
- What is a Supply Chain Attack?
- What is Encryption?
- What is a Firewall?
- What is Endpoint Protection?
- What is a Bot Net?
- What is a Bot Herder?
- What is a DDoS Attack?
- What is Spoofing?
- What is DMARC?
- What is SPF?
- What is DKIM?
- What is Spam?
What is Social Engineering?
Social Engineering is the practice of manipulating someone into divulging confidential information. This isn’t always a secret password either! Asking someone to reveal what street they grew up on, a pet’s name or what was their first car could also be used in a Social Engineering attack.
What is Dumpster Diving?
Dumpster Diving is the practice of gaining access to a rubbish bin and removing the contents for further analysis. In a social engineering attack, criminals will use this unlikely source of information to gain knowledge of your banking information, receipts and spending habits – amongst other things!
What is Shoulder Surfing?
Shoulder Surfing is when someone stands behind the target as they authenticate with a password. This makes it possible for a social engineer to see the password being entered and possibly even record fast keystrokes using a camera. This low tech method of hacking is quite impactful.
What is a Domain?
Domain names are used to identify one or more IP addresses on the internet. It’s a human-readable string of information that is easier to work with than just an IP address. After all, wouldn’t you rather remember google dot com opposed to 184.108.40.206
What is CEO Fraud?
CEO Fraud is when a fraudster will try to exploit the inherent power of a company owner. This may be an email claiming to be from the boss instructing an employee to make a payment or divulge information. CEO Fraud exploits the trust we place in everyday communication methods such as SMS, phone or email.
What is Phishing?
Phishing is one of the oldest social engineering techniques. Criminals will create malicious emails, with spoofed links. The goal of a Phishing email is usually to get you to download a virus, transfer funds or capture your password.
What is Spearphishing?
Spearphishing is when criminals design malicious emails, specifically targeted at you. A criminal may choose to target you due to the access you have. The end goal is to trick you into transferring data, funds or submitting your credentials. Spearphishing is normal phishing with a lot more effort and focus on the potential victim.
What is Whaling?
Whaling is a target malicious email attack. The same principle as phishing. Whaling targets are those with high-ranking trusted positions, such as executives. The goal of whaling is to steal money, data or credentials.
What is Vishing?
Vishing is a social engineering technique that uses a phone call. Criminals will impersonate a trusted figure such as your bank or the police. Often the goal is to create a story that will panic you into transferring data or money.
What is SMShing?
SMShing is a social engineering technique where criminals will use malicious text messages, designed to get users to interact and provide personal or sensitive information. They will often contain a link or contact number.
What is Tailgating?
Tailgating is a technique used by a social engineer or criminal to gain access to a restricted space. By following someone through a door before it closes, criminals can gain access without authentication such as an RFID badge.
What is a VPN?
A VPN, or Virtual Private Network enables you to send and receive data across a public network securely. By using a VPN, criminals will not be able to access your sensitive data. When activated, a VPN will create a secure tunnel between you and the VPN server.
What is BCP?
BCP, or Business Continuity Planning is when an organisation plans, prepares and tests a procedure in case their infrastructure is impacted. By having a Business Continuity Plan, organisations can ensure that their most critical systems and operations are functioning in the shortest time-frame possible after an event.
What is the GDPR?
The GDPR, or General Data Protection Regulation, is the European Union’s current data protection legislation. After the Data Protection Act was abolished, the GDPR brought new processes for a digital age. It sets out the rules in which companies should work with data.
What is MFA?
Multi-Factor Authentication (MFA) adds an additonal step of authentication to your accounts, whether this is an authentication app, an SMS text message or a physical key. After submitting your username and password, you will be required to enter this secondary information to enter your account.
What is a Password Manager?
A Password Manager is a type of software that stores all your passwords for different online accounts and services, similar to a safe. It is usually locked with a super-secure password or your fingerprint.
What is OSINT?
It stands for Open Source INTelligence. OSINT is information that can be found readily available online. Social media, such as Facebook and LinkedIn, is a source of information that can be used to gather information about a target. OSINT may be gathered for future social engineering attacks.
What is Cyber Stalking?
Online Stalking is when someone will intimidate or harass a target over the internet. Online Stalking is also referred to as cyber-stalking.
What is a Key Logger?
A Key Logger is a small device that is plugged in between a keyboard and a computer. It stores keystrokes on the device which can be retrieved by the criminal at a later date.
What is a Dropbox?
A Dropbox is a small networking device that is installed by both penetration testers and malicious hackers. Once installed on the network it can provide access to criminals from anywhere in the world. Dropboxes gained popularity after the Santander attack on a banking computer with the use of an IP-KVM device.
What is Malware?
Malware is malicious software that is designed to embed itself into your computer. The software can then replicate and spread throughout your network.
What is Ransomware?
Ransomware is a type of malicious software. When your device is infected, files becomes encrypted. The password to release your data will only be given once a ransom is paid. Sometime services such as nomoreransom.org will be able to help for free
What is SIM Swap Fraud?
SIM Swap Fraud is when a criminal steals your mobile phone number by fraudulently requesting a ‘PAC’ Code. Once the person has successfully stolen your number, password resets can be authorised by the criminal.
What is a Supply Chain Attack?
A Supply Chain Attack is when rather than directly targeting a business, a criminal will target businesses that supply a product or service to the main target company. Often small suppliers are easier to target than the larger companies they supply.
What is Encryption?
Encryption is the process of converting plain text in to cipher text. It is a method of concealing information in a way that only authorised parties can read it.
What is a Firewall?
A firewall acts as a barrier between a trusted internal network and an untrusted external network. It monitors and controls outgoing and incoming traffic against predetermined security settings and rules.
What is Endpoint Protection?
Endpoint protection is a type of software that attempts to protect computers by applying several security defences. It normally ensures a VPN is enabled and that the operating systems and anti-virus is up to date. Endpoint Protection can also prevent malicious links and files from damaging the workstation.
What is a Bot Net?
A Botnet is a collection of compromised devices that are under the central command of a normally malicious hacker. The network of devices can be instructed to perform an action at the will of the bot master or bot-herder such as DDoS a website or send SPAM email.
What is a Bot Herder?
A Bot Herder is a malicious hacker that will scan the internet for vulnerable devices, if a vulnerable device is compromised, it will then be added to their Botnet.
What is a DDoS Attack?
A Denial-of-Service Attack (DDoS Attack) is a malicious attempt to disrupt a web server or online service, making internet sites unavailable. This is achieved by flooding the target with requests from multiple sources, to overload systems and make it incredibly hard to stop the attack.
What is Spoofing?
Spoofing is when the email address, phone number or website is disguised to be from a legitimate source in order to trick a target.
What is DMARC?
Domain-based Message Authentication, Reporting & Conformance (DMARC) is a process of email authentication. Once implemented, DMARC will prevent third parties from using your email domain to spam.
What is SPF?
Sender Policy Framework (SPF) is a way that the sender of an email can be authenticated and prevents spoofing an email address. Legitimate senders will be marked highly, but spammers will not. This will discourage spammers as they will not make it into your inbox.
What is DKIM?
DomainKeys Identified Mail (DKIM) is a way that the sender of an email can be authenticated. Legitimate senders will be marked highly, but spammers will not. This will discourage spammers as they will not make it into your inbox.
What is Spam?
Spam is unsolicited bulk emails or messages. Spamming isn’t against the law per se but can clog up your inbox. Spam is favoured by advertisers as there are low operating costs compared to traditional hard-form advertising.