1.1 Compare and contrast different types of social engineering techniques

Question 1

What is Phishing?

Answer 1

Phishing is a broad term used to describe the fraudulent acquisition of information, often focused on credentials like usernames and passwords, as well as sensitive personal information like credit card numbers and related data.

Phishing is most often done via email.

Question 2

What is Smishing?

Answer 2

Smishing is phishing via SMS (text) messages.

Question 3

What is Vishing?

Answer 3

Vishing is phishing via telephone

Question 4

What is Spam?

Answer 4

Unwanted emails or junk mail

Spam sometimes called unsolicited or junk e-mail, may not immediately seem like a social engineering technique, but spam often employs social engineering techniques to attempt to get recipients to open the message or to click on links inside of it.

Question 5

What is SPIM?

Answer 5

Spam over instant messaging is instant messaging spam

Unwanted text messages

Question 6

What is Spear Phishing?

Answer 6

Spear phishing targets specific individuals or groups in an organization in an attempt to gather desired information or access.

Question 7

What is Dumpster Diving?

Answer 7

Dumpster diving is retrieving potential sensitive information from a dumpster.

Question 8

What is Shoulder Surfing?

Answer 8

Shoulder surfing is the process of looking over a person’s shoulder to capture information like passwords or other data.

Question 9

What is Pharming?

Answer 9

Pharming attacks redirect traffic away from legitimate websites to malicious versions.

Pharming typically requires a successful technical attack that can change DNS entries on a local PC or on a trusted local DNS server, allowing the traffic to be redirected

Question 10

What is Tailgating?

Answer 10

Tailgating is a physical entry attack that requires simply following someone who has authorized access to an area so that as they open secured doors you can pass through as well.

Question 11

What is Eliciting Information?

Answer 11

Eliciting information, often called elicitation, is a technique used to gather information without targets realizing they are providing it.

Techniques like flattery, false ignorance, or even acting as a counselor or sounding board are all common elements of an elicitation effort

Question 12

What is Whaling?

Answer 12

Whaling, much like Spear phishing, targets specific people, but whaling is aimed at senior employees like CEOs and CFOs “big fish” in the company.

Question 13

What is Prepending?

Answer 13

Prepending can mean one of three things:

1. Adding an expression or phrase, such as adding “SAFE” to a set of email headers to attempt to fool a user into thinking it has passed an anti spam tool
2. Adding information as part of another attack to manipulate the outcome
3. Suggesting topics via a social engineering conversation to lead a target toward related information the social engineer is looking for

Question 14

What is Identity Fraud?

Answer 14

Identity fraud, or identity theft, is the use of someone else’s identity.

Question 15

What is Invoice scams?

Answer 15

Invoice scams, which involve sending fake invoices to organizations in hopes of receiving payment.

Question 16

What is Credential harvesting?

Answer 16

Credential harvesting is the process of gathering credentials like usernames and passwords.

Question 17

what is Reconnaissance?

Answer 17

It means the gathering of information about a target, whether that is an organization, individual, or something else.

It comes in 3 forms:

Passive discovery, which are techniques that do not send packets to the target; like WHOIS lookups

Semi-passive discovery, which touches the target with packets in a non-aggressive fashion to avoid suspicion.

Active discovery, most aggressive techniques likely to be noticed by the target.

Question 18

What is Hoax?

Answer 18

Hoaxes, which are intentional falsehoods, come in a variety of forms ranging from virus hoaxes to fake news.

Question 19

What is impersonation?

Answer 19

Impersonation, where you act as if you are someone else, can be a limited form of identity fraud.

Question 20

What is Watering hole attack?

Answer 20

An attack strategy in which attackers guess or observe which website an organization often uses and targets or infects one or more of them with malware.

Question 21

What is Typosquatting?

Answer 21

Typo squatters use misspelled and slightly off but similar to the legitimate site URLs to conduct typosquatting attacks

Question 22

What is Pretexting?

Answer 22

Pretexting is the process of using a made-up scenario to justify why you are approaching an individual

Question 23

What are Influence campaigns?

Answer 23

A social engineering attack intended to manipulate the thoughts and minds of large groups of people.

1.Hybrid Warfare attacks using a mixture of conventional and unconventional methods and resources to carry out the campaigns.

2. Social media, may use multiple social platforms leveraging multiple individuals to amplify the message.

Question 24

Principles (reasons for effectiveness)

Answer 24

1. Authority, which relies on the fact that most people will obey someone who appears to be in charge or knowledgeable, regardless of whether or not they are.
2. Intimidation relies on scaring or bullying an individual into taking a desired action.
3. Consensus-based social engineering used the fact that people tend to want to do what others are doing to persuade them to take an action.
4. Scarcity is used for social engineering in scenarios that make something look more desirable because it may be the last one available
5. Familiarity-based attacks rely on you liking the individual or even the organization the individual is claiming to represent.
6. Trust relies on a connection with the individual they are targeting. (Build a connection)
7. Urgency relies on creating a feeling that the action must be taken quickly due to some reason or reasons.

Question 25

What is Social Engineering?

Answer 25

Social engineering is the practice of manipulating people through a variety of strategies to accomplish desired actions.