1 Flashcards
A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information is commonly referred to as:
Phishing
Which of the following answers refer to smishing? (Select 2 answers)
- Social engineering technique
- Text messaging
The practice of using a telephone system to manipulate user into disclosing confidential information is known as
Vishing
Which of the following terms is commonly used to describe an unsolicited advertising message?
Spam
What type of spam relies on text-based communication?
Spim
(SPam Instant Messaging) Unsolicited advertising appearing in instant messages. SPIM is even more annoying than spam
Phishing scams targeting a specific group of people are referred to as:
Spear phishing
In computer security, the term “Dumpster diving” is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks.
True
A situation in which an unauthorized person can view another user’s display or keyboard to learn their password or other confidential information is referred to as:
Shoulder surfing
Which of the following answers refer to the characteristic features of pharming? (Select 3 answers)
- Traffic Redirection
- Fraudulent Website
- Credential harvesting
What is tailgating?
Gaining unauthorized access to restricted areas by following another person
In social engineering, the term “Elicitation” describes the use of casual conversation to extract non-public information from people without giving them the feeling they are being interrogated.
True
- Bracketing
-> Providing a high and low estimate in order to entice a more specific number - Confidential bait
-> Pretending to divulge confidential information in hopes of receiving
confidential information in return - Deliberate false statements
-> Saying something wrong in the hopes that the person will correct the
statement with true information - Feigned ignorance
-> Pretending to be ignorant of a topic in order to exploit the person’s tendency
to educate - Denial of the obvious
-> Saying something wrong in the hopes that the person will correct the
statement with true information - Flattery
-> Using praise to coax a person into providing information
- Bracketing
-> Providing a high and low estimate in order to entice a more specific number - Confidential bait
-> Pretending to divulge confidential information in hopes of receiving
confidential information in return - Deliberate false statements
-> Saying something wrong in the hopes that the person will correct the
statement with true information - Feigned ignorance
-> Pretending to be ignorant of a topic in order to exploit the person’s tendency
to educate - Denial of the obvious
-> Saying something wrong in the hopes that the person will correct the
statement with true information - Flattery
-> Using praise to coax a person into providing information
Phishing scams targeting people holding high positions in an organization or business are known as:
** Whaling **
A whaling attack is a special form of spear phishing that targets specific high-ranking victims within a company.
Which of the following is used in data URL phishing?
** Prepending **
An email message containing a warning related to a non-existent computer security threat, asking a user to delete system files falsely identified as malware, and/or prompting them to share the message with others would be an example of:
Virus hoax