IT Questions and Answers :)

Saturday, December 7, 2019

An attacker went to a local bank and collected thrown away paper with the intention of using this information to steal funds and information from the bank's customers. What is this an example of?

An attacker went to a local bank and collected thrown away paper with the intention of using this information to steal funds and information from the bank's customers. What is this an example of?

  • Tailgating
  • Dumpster Diving
  • Impersonation
  • Typosquatting

An attacker went to a local bank and collected thrown away paper with the intention of using this information to steal funds and information from the bank's customers. What is this an example of?

EXPLANATION

Impersonation attacks are emails that attempt to impersonate a trusted individual or company in an attempt to gain access to corporate finances or data. Business email compromise (BECs) also known as CEO fraud is a popular example of an impersonation attack.

The tailgating attack, also known as “piggybacking,” involves an attacker seeking entry to a restricted area which lacks the proper authentication- The attacker can simply walk in behind a person who is authorized to access the area.

In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes.
Typosquatting, also called URL hijacking, a sting site, or a fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typos made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter).[1]
The typosquatter's URL will usually be one of five kinds, all similar to the victim site address (e.g. example.com):
  • A common misspelling, or foreign language spelling, of the intended site: exemple.com
  • A misspelling based on typos: examlpe.com
  • A differently phrased domain name: examples.com
  • A different top-level domain: example.org
  • An abuse of the Country Code Top-Level Domain (ccTLD): example.cm by using .cm, example.co by using .co, or example.om by using .om. A person leaving out a letter in .com in error could arrive at the fake URL's website.
Similar abuses:
  • Combosquatting - no misspelling, but appending an arbitrary word that appears legitimate, but that anyone could register. "Combosquatting is around one hundred times more common than typosquatting.": example-security.com
  • Doppelganger domain - omitting a period: financeexample.com (instead of finance.example.com)
  • Extra period: e.xample.com
  • Appending terms to name an intuitive name for a gripe sites: example-sucks.com or examplesucks.com

  

Share:

0 comments:

Post a Comment

Popular Posts