1.1 Compare and contrast different types of social engineering tecchniques

Question 1

The process of attempting to obtain sensitive information in electronic communications.

Answer 1

Phishing

Question 2

A social engineering attack that occurs over or through text messaging services.

Answer 2

Smishing

Question 3

Phishing done over any telephony or voice communication system.

Answer 3

Vishing

Question 4

Any type of email that is undesirable and/or unsolicited.

Answer 4

Spam

Question 5

The transmission of unwanted communications over any messaging system that is supported by or occurs over the Internet.

Answer 5

Spim

Question 6

A more targeted form of phishing where the message is crafted and directed specifically to an individual or group of individuals.

Answer 6

Spear Phishing

Question 7

The act of digging through trash to obtain information about a target organization or individual.

Answer 7

Dumpster Diving

Question 8

The observation of another users keyboard or viewing another users display.

Answer 8

Shoulder Surfing

Question 9

The malicious redirection of a valid website’s URL or IP address to a fake website that hosts a false version of the original valid site.

Answer 9

Pharming

Question 10

When an unauthorized entity gains access to a facility under the authorization of a valid worker but without their knowledge.

Answer 10

Tailgaiting

Question 11

The activity of gathering or collection information from systems or people.

Answer 11

Eliciting Information

Question 12

A form of spear phishing that targets specific high-value individuals, such as the CEO or other C-level executives, administrators, or high-net worth clients.

Answer 12

Whaling

Question 13

The adding of a term, expression, or phrase to the beginning or header of some other communication.

Answer 13

Prepending

Question 14

When you falsely claim to be someone else through the use of stolen information from the victim.

Answer 14

Identity Fraud

Question 15

A social engineering attack that attempts to steal funds from an organization or individuals through the presentation of a false invoice often followed by strong inducements to pay.

Answer 15

Invoice Scams

Question 16

The activity of collecting or stealing account credentials.

Answer 16

Credential Harvesting

Question 17

Collecting information about a target, often for the purposes of figuring out the best plan of attack against that target.

Answer 17

Reconnaissance

Question 18

A form of social engineering designed to convince targets to perform an action that will cause problems or reduce their IT security.

Answer 18

Hoax

Question 19

The act of taking on the identity of someone else

Answer 19

Impersonation

Question 20

A form of targeted attack against a region, a group, or an organization. It’s waged by poising a commonly accessed resource.

Answer 20

Watering Hole Attack

Question 21

A practice employed to capture and redirect traffic when a user mistypes the domain name or IP address of an intended resource.

Answer 21

Typosquatting

Question 22

A false statemen crafted to sound believable to convince you to act or respond.

Answer 22

Pretexting

Question 23

Social engineering attacks that attempt to guide, adjust, or change public opinion, often waged by nation-states against their real or perceived foreign enemies.

Answer 23

Influence Campaigns

Question 24

The combination of classical military strategy with modern capabilities, including digital influence campaigns, psychological warfare efforts, political tactics, and cyber warfare capabilities.

Answer 24

Hybrid Warfare (non-linear warfare)

Question 25

Principles of Social Engineering

Answer 25

Authority, intimidation, consensus, scarcity, familiarity, trust, and urgency

Question 26

A form of spear phishing that is often focused on convincing members of accounting to transfer funds, pay invoices, or purchase products from a message that appears to originate from a boss, manager, or executive.

Answer 26

Business Email Compromise (BEC)

Question 27

When an unauthorized entity gains access to a facility under the authorization of a valid worker by tricking the victim into providing consent.

Answer 27

Piggybacking

Question 28

The act of stealing someone’s identity. This can refer to the initial act of information gathering or elicitation. This can also refer to when those stolen credentials and details are used to tale over someone’s account.

Answer 28

Identity Theft

Question 29

The practice of displaying a link or advertisement that looks like that of a well-known product, service or site, but when clicked redirects the user to an alternate location, service or product.

Answer 29

URL Hijacking

Question 30

A means to redirect a user’s click or selection on a web page to an alternate often malicious target instead of the intended and desired location.

Answer 30

Clickjacking

Question 31

A form of attack in which the attacker takes over an existing communication session.

Answer 31

Session Hijacking (TCP/IP Hijacking)

Question 32

The collection of information about an individual or an organization to disclose the collected data publicly for the purpose of changing the perception of the target.

Answer 32

Doxing

Question 33

A form of attack that exploits human nature and human behavior.

Answer 33

Social Engineering