1.1: Compare and contrast different types of social engineering techniques.

Question 1

An attack exploiting human nature and behavior.

Answer 1

Social Engineering

Question 2

Social engineering, employed to obtain sensitive/private information. Can be any communication means.

Answer 2

Phishing

Question 3

Phishing occurring over std. text msg service/app

Answer 3

Smishing (SMS phishing)

Question 4

Phishing done via voice communication system. Includes traditional phone lines, VoIP, and mobile devices.

Answer 4

Vishing

Question 5

Any type of email unsolicited and/or undesired

Answer 5

Spam

Question 6

Unwanted communications over a messaging system via internet.

Answer 6

Spam over instant messaging (SPIM)

Question 7

More targeted form of phishing where message is crafted and directed to a specific group of individuals

Answer 7

Spear phishing

Question 8

Digging through trash/discarded materials for information on a target

Answer 8

Dumpster diving

Question 9

When someone is able to watch another user’s display/keyboard

Answer 9

Shoulder surfing

Question 10

Malicious redirection of a valid URL or IP to a fake website hosting a false version of the original destination.

Answer 10

Pharming

Question 11

When an unauthorized person enters a facility under authorization of a valid member w/o their knowledge

Answer 11

Tailgating

Question 12

Activity of gathering info from systems or people

Answer 12

Eliciting information

Question 13

Form of spear phishing, targeting high-value individuals (CEO, etc.)

Answer 13

Whaling

Question 14

Where malicious characters or code are added at the beginning of a legitimate file, string, or command.

Answer 14

Prepending

Question 15

Act of stealing ones identity. Can refer to initial act of info gathering or when stolen info is used to take one’s account.

Answer 15

Identity fraud

Question 16

Social engineering attack that attempts to steal funds from an org. using a false invoice.

Answer 16

Invoice scams

Question 17

Activity of gathering and stealing account credentials.

Answer 17

Credential harvesting

Question 18

Gathering information about a target, generally prior to an engagement/attack

Answer 18

Reconnaissance

Question 19

A fake warning about a virus or other piece of malicious code.

Answer 19

Hoax

Question 20

Act of taking on the identity of someone to use their access/authority. Masquerading, spoofing, and identity fraud

Answer 20

Impersonation

Question 21

Attacker observation of victim habits to discover a common resource that one or more members of the target use, then infecting that resource

Answer 21

Watering hole attack

Question 22

Using mistypes of intended resources as malicious sources.

URLs and IP address typos leading to a malicious site is an example.

Answer 22

Typosquatting

Question 23

False statement crafted to sound believable attempting at convincing to act or respond

Answer 23

Pretexting

Question 24

Collection of info about an individual or org to disclose data publicly.

Answer 24

Doxing

Question 25

Social engineering attacks attempting to guide, adjust, or change public opinion

Answer 25

Influence campaigns

Question 26

Convincing the target the actor has authority over them

Answer 26

Authority

Question 27

Uses authority, confidence, or threat of harm to motivate a victim to follow orders

Answer 27

Intimidation

Question 28

Taking advantage of people’s tendency to mimic what others are doing, convincing the victim a particular action/response is consistent w/social norms or previous occurrences

Answer 28

Consensus

Question 29

Convincing the target an object has a higher value based on limited availability.

Answer 29

Scarcity

Question 30

Appearing to have common contact/relationship w/the target, or assuming the identity of that familiar contact

Answer 30

Familiarity

Question 31

Building a relationship w/ the victim to convince them to reveal information/perform an action

Answer 31

Trust

Question 32

The need to act quickly on the basis of a limitation of time

Answer 32

Urgency