CompTIA Tech+ > Module 9.2- Identifying Common Security Threats > Flashcards

Module 9.2- Identifying Common Security Threats Flashcards

(15 cards)

Study These Flashcards
1
Q

Social Engineering: Exploiting Human Nature

A
  • unlike most cyberattacks, social engineering doesn’t rely on technical exploits
  • instead, it targets the most vulnerable part of any security system- people
  • hackers manipulate human behavior to trick victims into giving away confidential information, often without realising they’ve been duped until it’s too late
  • e.g. imagine a scenario where someone receives a phone call from “IT support” claiming there’s been suspicious activity on their account and asking for their password to resolve it; the unsuspecting user, anxious to secure their account, provides the password, falling directly into the attacker’s trap
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How to Prevent Social Engineering Attacks

A
  • Be Skeptical- if someone contacts you unexpectedly asking for sensitive information, don’t automatically trust them
  • verify their identity independently by calling the company back using a known number, not the one they provide
  • Limit Information Sharing- avoid oversharing on social media or public forums
  • hackers can use personal information to craft highly targeted attacks e.g. pretending to be a colleague or family member
  • Security Awareness Training- make sure everyone in your organisation is trained to recognise common social engineering tactics
  • regularly remind staff of these dangers to keep security top of mind
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Common social Engineering Tactics

A
  • Pretexting
  • Baiting
  • Quid Pro Quo
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Pretexting

A
  • in pretexting, attackers invent a scenario, usually pretending to be someone you trust, like a coworker or service provider, to trick you into divulging sensitive information
  • e.g. they might pose as your bank’s fraud department, asking for account verification details under the guise of stopping an unauthorised transaction
  • prevention tip: always verify the identity of the person contacting you, especially if they request sensitive information
  • if something feels off, trust your instincts and ask questions
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Baiting

A
  • this is when an attacker offers something appealing to lure the victim into a trap
  • this could be a free music download, a gift card offer, or even a USB drive left in a public space
  • once the bait is taken-by clicking the link or plugging in the USB-malicious software gets installed
  • prevention tip: don’t click on suspicious offers or pick up unknown USB drives
  • only download software from trusted sources, and avoid too-good-to-be-true deals
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Quid Pro Quo

A
  • this tactic promises something in return for information
  • an attacker might offer free tech support or an IT service in exchange for your login credentials
  • once the credentials are shared, they can easily be used to access your systems
  • prevention tip: be cautious about unsolicited offers of help, especially those requesting access to your system
  • verify the identity and legitimacy of anyone offering remote assistance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Phishing & Smishing

A
  • these attacks are among the most widespread and damaging forms of social engineering
  • they trick people into sharing personal information, such as passwords or credit card numbers, by pretending to be a trusted entity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Phishing

A
  • typically happens through email, where an attacker sends a message that looks like it’s from a legitimate company or service, e.g. your bank or a popular online platform
  • the email often contains a sense of urgency, “Your account has been compromised!”, and urges you to click a link to resolve the issue
  • that link usually leads to a fake website designed to steal your login details
  • prevention tip: always hover over links in emails to check the URL before clicking and be wary of messages that ask for personal or financial information, and don’t fall for scare tactics
  • when in doubt, go directly to the organisation’s official website instead of clicking on links in emails
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Smishing

A
  • a form of phishing conducted via SMS (text messaging)
  • might receive a message saying your package is delayed, or your bank account has been locked, with a link to “resolve” the issue
  • as with phishing, the goal is to steal your information
  • prevention tip: never click on links in unexpected text messages
  • contact the organisation directly through their verified contact information if you’re unsure about the legitimacy of a message
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Avoiding Phishing & Smishing

A
  • Look for Red Flags- check for poor grammar, suspicious email addresses, and unusual requests for personal information
  • Don’t Be Rushed- phishing and smishing messages often create a sense of urgency; take your time and think before acting
  • Use Two-Factor Authentication (2FA)- even if an attacker manages to steal your password, 2FA adds an extra layer of protection, making it harder for them to access your account
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Malware & Spyware: The Silent Threats

A
  • while social engineering often relies on human interaction, malware is a more direct, technical threat
  • malware is malicious software designed to damage, disable, or steal data from systems
  • it can come in many forms, and attackers use it to achieve different goals, such as spying on your activities or locking your files
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Types of Malware

A
  • Ransomware
  • Trojans
  • Keyloggers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Ransomware

A
  • this type of malware encrypts your files and demands a ransom to unlock them
  • have become more frequent, especially targeting businesses, hospitals, and government organisations

a paying the ransom, however, doesn’t guarantee that you’ll get your data back

  • prevention tip: regularly back up your important files, and make sure those backups are stored offline or in a secure cloud service
  • avoid downloading attachments from unknown sources, and keep your systems updated with the latest security patches
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Trojans

A
  • named after the Trojan Horse, this malware disguises itself as something legitimate, like a software update or attachment, but once inside your system, it opens the door for attackers to gain control or steal data
  • prevention tip: be cautious when downloading files or installing software, especially from unfamiliar sources
  • use reputable antivirus software to scan any new downloads for threats
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Keyloggers

A
  • a type of spyware, keyloggers secretly track and record everything you type-passwords, credit card numbers, even private messages
  • this data is then sent to the attacker for malicious use
  • prevention tip: keep your OS, browsers, and security software up-to-date
  • consider using password managers that can auto-fill login credentials, making it harder for keyloggers to capture your information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
CompTIA Tech+
flashcards
Decks in class (44)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions