CompTIA Security+ (SY0-601)
Phishing -
A type of social engineering attack often used to steal user data, including login
credentials and credit card numbers.
Smishing -
The act of committing text message fraud to try to lure victims into revealing account
information or installing malware.
Vishing -
An electronic fraud tactic in which individuals are tricked into revealing critical
financial or personal information to unauthorized entities.
Spam -
An unsolicited bulk messages sent to multiple recipients who did not ask for them.
Spam over instant messaging (SPIM) -
Refers to unsolicited instant messages.
Spear phishing -
An email or electronic communications scam targeted towards a specific individual,
organization or business.
Dumpster diving -
A technique used to retrieve information that could be used to carry out an attack on a
computer network.
Shoulder surfing -
A direct observation techniques, such as looking over someone's shoulder, to get
information.
Pharming -
A form of online fraud involving malicious code and fraudulent websites.
Tailgating -
A physical security breach in which an unauthorized person follows an authorized
individual to enter a secured premise.
Eliciting information -
A reporting format designed to elicit as much information as possible about
individuals involved in a group or network.
Whaling -
1
, A method used by cybercriminals to masquerade as a senior player at an organization
and directly target senior individuals, with the aim of stealing or gaining access to their computer
systems for criminal purposes.
Prepending -
A technique used to deprioritize a route in a netork.
Identity fraud -
A crime in which an imposter obtains key pieces of personally identifiable information
(PII) to impersonate someone else.
Invoice scams -
A fraudulent way of receiving money or by prompting a victim to put their credentials
into a fake login screen.
Credential harvesting -
The process of gathering valid usernames, passwords, private emails, and email
addresses through infrastructure breaches.
Reconnaissance -
A term for testing for potential vulnerabilities in a computer network.
Hoax -
A message warning the recipients of a non-existent computer virus threat.
Impersonation -
A form of fraud in which attackers pose as a known or trusted person to dupe an
employee into transferring money to a fraudulent account, sharing sensitive information or
revealing login credentials.
Watering hole attack -
A targeted attack designed to compromise users within a specific industry by infecting
websites they typically visit and luring them to a malicious site.
Typosquatting -
A form of cybersquatting which relies on mistakes such as typos made by Internet
users when inputting a website address into a web browser.
Pretexting -
A form of social engineering in which an individual lies to obtain privileged data.
Social media -
A computer-based technology that allows the sharing of ideas, thoughts, and
information through the building of virtual networks.
Authority -
The power to enforce rules or give orders.
2
, Consensus -
Allows anyone in the network to join dynamically and participate without prior
permission.
Ransomware -
A malicious software that infects your computer and displays messages demanding a
fee to be paid in order for your system to work again.
Trojans -
A type of malware that is often disguised as legitimate software.
Worms Potentially unwanted programs (PUPs) -
A program that may be unwanted, despite the possibility that users consented to
download it
Fileless virus -
A type of malicious software that uses legitimate programs to infect a computer.
Command and Control -
A computer controlled by a cybercriminal to send commands to systems compromised
by malware and receive stolen data from a target network.
Bots -
A network of computers infected by malware that are under the control of a single
attacking party, known as the "bot-herder."
Cryptomalware -
A type of ransomware that encrypts user's files, and demands ransom.
Logic bomb -
A string of malicious code used to cause harm to a network when the programmed
conditions are met.
Spyware -
A type of malware that collects and shares information about a computer or network
without the user's consent.
Keyloggers -
A type of monitoring software designed to record keystrokes made by a user.
Remote access Trojan (RAT) -
A malware program that allows hackers to assume remote control over a device via
covert surveillance.
Rootkit -
Asoftware used by a hacker to gain constant administrator-level access to a computer
or network.
3
Phishing -
A type of social engineering attack often used to steal user data, including login
credentials and credit card numbers.
Smishing -
The act of committing text message fraud to try to lure victims into revealing account
information or installing malware.
Vishing -
An electronic fraud tactic in which individuals are tricked into revealing critical
financial or personal information to unauthorized entities.
Spam -
An unsolicited bulk messages sent to multiple recipients who did not ask for them.
Spam over instant messaging (SPIM) -
Refers to unsolicited instant messages.
Spear phishing -
An email or electronic communications scam targeted towards a specific individual,
organization or business.
Dumpster diving -
A technique used to retrieve information that could be used to carry out an attack on a
computer network.
Shoulder surfing -
A direct observation techniques, such as looking over someone's shoulder, to get
information.
Pharming -
A form of online fraud involving malicious code and fraudulent websites.
Tailgating -
A physical security breach in which an unauthorized person follows an authorized
individual to enter a secured premise.
Eliciting information -
A reporting format designed to elicit as much information as possible about
individuals involved in a group or network.
Whaling -
1
, A method used by cybercriminals to masquerade as a senior player at an organization
and directly target senior individuals, with the aim of stealing or gaining access to their computer
systems for criminal purposes.
Prepending -
A technique used to deprioritize a route in a netork.
Identity fraud -
A crime in which an imposter obtains key pieces of personally identifiable information
(PII) to impersonate someone else.
Invoice scams -
A fraudulent way of receiving money or by prompting a victim to put their credentials
into a fake login screen.
Credential harvesting -
The process of gathering valid usernames, passwords, private emails, and email
addresses through infrastructure breaches.
Reconnaissance -
A term for testing for potential vulnerabilities in a computer network.
Hoax -
A message warning the recipients of a non-existent computer virus threat.
Impersonation -
A form of fraud in which attackers pose as a known or trusted person to dupe an
employee into transferring money to a fraudulent account, sharing sensitive information or
revealing login credentials.
Watering hole attack -
A targeted attack designed to compromise users within a specific industry by infecting
websites they typically visit and luring them to a malicious site.
Typosquatting -
A form of cybersquatting which relies on mistakes such as typos made by Internet
users when inputting a website address into a web browser.
Pretexting -
A form of social engineering in which an individual lies to obtain privileged data.
Social media -
A computer-based technology that allows the sharing of ideas, thoughts, and
information through the building of virtual networks.
Authority -
The power to enforce rules or give orders.
2
, Consensus -
Allows anyone in the network to join dynamically and participate without prior
permission.
Ransomware -
A malicious software that infects your computer and displays messages demanding a
fee to be paid in order for your system to work again.
Trojans -
A type of malware that is often disguised as legitimate software.
Worms Potentially unwanted programs (PUPs) -
A program that may be unwanted, despite the possibility that users consented to
download it
Fileless virus -
A type of malicious software that uses legitimate programs to infect a computer.
Command and Control -
A computer controlled by a cybercriminal to send commands to systems compromised
by malware and receive stolen data from a target network.
Bots -
A network of computers infected by malware that are under the control of a single
attacking party, known as the "bot-herder."
Cryptomalware -
A type of ransomware that encrypts user's files, and demands ransom.
Logic bomb -
A string of malicious code used to cause harm to a network when the programmed
conditions are met.
Spyware -
A type of malware that collects and shares information about a computer or network
without the user's consent.
Keyloggers -
A type of monitoring software designed to record keystrokes made by a user.
Remote access Trojan (RAT) -
A malware program that allows hackers to assume remote control over a device via
covert surveillance.
Rootkit -
Asoftware used by a hacker to gain constant administrator-level access to a computer
or network.
3
