1.1

Question 1

What is phishing

Answer 1

Social engineering with a touch of spoofing

Question 2

What are the different ways phishing is delivered

Answer 2

Email, Text, Voice, etc

Question 3

How to spot a phishing attempt

Answer 3

check url, spelling, different fonts, website graphics are different

Question 4

What is TypoSquatting?

Answer 4

A type of URL hijacking that purposely uses misspelled domains for malicious purposes

Question 5

What is prepending?

Answer 5

Adding an extra letter to the beginning of a url - ex. https://pprofessormesser.com

Question 6

What is pretexting?

Answer 6

When attackers lie to get info out of a situation they created.

– Hi, we’re calling from Visa regarding an automated
payment to your utility service…

Question 7

What is Pharming?

Answer 7

Redirecting a legit website to a fake/attackers bogus site

- Poisoned DNS server or client vulnerabilities

Question 8

Combine Pharming with Phishing

Answer 8

Pharming - Redirecting everyone from a legit website to bogus site
Phishing - Collects access credentials from pharmed victims

side note:
- Difficult for anti-malware software to stop since everything appears legitimate to the user

Question 9

What is Vishing?

Answer 9

Voice phishing - Done over the phone or voicemail

Question 10

Whats the point of vishing?

Answer 10

For you to give up personal information that attackers can exploit

Question 11

What is Smishing?

Answer 11

SMS Phishing - Done by texts

usually in the form of a link which attackers will use to get more information from you if clicked

Question 12

What is Spear Phishing?

Answer 12

Targeted phishing at a specific individual or department within an organization that appears to be from a trusted source

Question 13

What is Whaling?

Answer 13

Targeted phishing attack that targets high-profile employees

-CEO, CFO

Question 14

What is impersonation?

Answer 14

Attackers pretending to be someone they aren’t

Question 15

How to protect against impersonation?

Answer 15

Never give information like Passwords, or Personal Details

Verify before revealing information (Call back, verify through 3rd parties)

Question 16

What is Dumpster Diving?

Answer 16

Searching through garbage for important information

Question 17

How to protect against dumpster diving

Answer 17

Secure your garbage and shred/burn documents

Question 18

What is Shoulder surfing?

Answer 18

Social engineering technique used to obtain information by looking over the victims shoulder

Question 19

How to prevent shoulder surfing

Answer 19

Be aware of surroundings and use privacy filters on computer screens

Question 20

What is a hoax?

Answer 20

A threat that doesn’t actually exist

• Often an email, facebook post, tweet, etc.
• Some will try to take your money

Question 21

What is a watering hole attack?

Answer 21

An attack that infects a website often visited by the victim so the victim will become infected once visited again

Question 22

How to defend against a watering hole attack?

Answer 22

Layered defense
Firewalls and IPS - Stop the network traffic before things get bad
Anti-virus/Anti-malware signature updates

Question 23

What is spam?

Answer 23

Unsolicited messages from emails, online forums, etc.`

Question 24

What is SPIM?

Answer 24

Spam over Instant Messaging

Question 25

How to stop Spam?

Answer 25

Use an allowed list - Only receive emails from trusted senders (lots of maintenance)
SMTP standards checking - Block anyhting that doesn’t follow RFC standards
rDNS or Reverse DNS - Block emails where the senders domain doesn’t match the ip (a system would look at the incoming email and use rDNS to look for the known ip address of the website the email claims to be from and see if the known ip matches the ip from current email)

Question 26

What is tailgating?

Answer 26

When an unauthorized person follows someone into a building

Question 27

What are invoice scams?

Answer 27

Attacker will spear phish and find who pays the bills and will send an invoice directly to the victim asking them to pay a bill

Question 28

What is credential harvesting?

Answer 28

• Also called password harvesting - attacker collects login credentials from the victim from their computer.
• Things like chrome, firefox, outlook etc. can save login/password and attackers will send an email to victim with malicious code that runs a macro which will harvest the login information and can even email it to the attackers
• Anti-virus and Anti-malware can detect this