1.1 Compare and contrast different types of social engineering techniques

Question 1

Phishing

Answer 1

Phishing is the process of manipulating a victim to disclose personal or private information. An email asking for login details from a server not under the control of the company would describe a phishing attempt

Question 2

Smishing

Answer 2

Smishing, or SMS phishing, is a social engineering attack that asks for
personal information using SMS or text messages.

Question 3

Vishing

Answer 3

Vishing, or voice phishing, is using voice communication for the phishing
process. This phishing attempt used an email message, so it would not be
categorized as vishing

Question 4

Spam

Question 5

Spim

Answer 5

Spam over Instant Messaging

Question 6

Spear phishing

Answer 6

Spear phishing is a directed attack that attempts to obtain private or
personal information. In this example, the result was to obtain payment and not to gather private information

Question 7

Dumpster diving

Question 8

Shoulder surfing

Question 9

Pharming

Question 10

Tailgating

Question 11

Eliciting information

Question 12

Whaling

Answer 12

Whaling is phishing targeted towards individuals at a higher level of an
organization. These persons are usually in upper management or have
access to the financial operations of the company

Question 13

Prepending

Answer 13

Prepending adds information before a domain name in an attempt to fool
the victim into visiting a website managed by the attacker.

Question 14

Identity fraud

Question 15

Credential harvesting

Question 15

Invoice scams

Question 16

Reconnaissance

Question 17

Hoax

Question 18

Impersonation

Question 19

Watering hole attack

Question 20

Typo squatting

Answer 20

Typosquatting is a technique that uses a misspelling of a domain name to
convince victims they are visiting a legitimate website