1.1 Social engineered attacks

Question 1

Social engineering

Answer 1

Gathering information on an attack by exploiting the weakest part of the security, People

Question 2

Phishing

Answer 2

Sending a false email pretending to be legitimate to steal valuable information from the user

Question 3

Spear Phishing

Answer 3

Attacks that target specific users

Question 4

Whaling

Answer 4

An attack on a powerful or wealthy individual

Question 5

Vishing

Answer 5

An attack througha phone or voice communication

Question 6

Tailgating

Answer 6

Closely follow individuals with keys to get access to secure areas

Question 7

Impersonation

Answer 7

Taking on the identity of an individual to get access into the system or communications protocol

Question 8

Dumpster diving

Answer 8

Going through a business, or persons trash to find valuable information of posessions

Question 9

Shoulder Surfing

Answer 9

Watching as a person enters information

Question 10

Hoax

Answer 10

False information that deceives the user into comprimising security by making them think they are at risk

Question 11

Watering hole attack

Answer 11

A security attack that targets a specific highly secured group by infecting a commonly visited website by the group’s members

Question 12

Principles (reasons for effectiveness) [all incoming cars should follow the underpass]

Answer 12

I. Authority- Actor acts as an authority figure
II. Intimidation- Frightening or threatening the victim
III. Concensus- Influenced by what others do
IV. Scarcity- Limited resources and time to act
V. Familiarity- The victim is well known
VI. Trust- Gain their confidence, be their friend
VII. Urgency- Limited time to act, rush the victim