1.1 Social engineering attacks

Question 1

What is phishing ?

Answer 1

Social engineering with a touch of spoofing (dellivered by mail, ect)

Question 2

How to spot phishing attack ?

Answer 2

check the URL, spelling, fonts, graphic

Question 3

How phishing attack are so successful?

Answer 3

By trycking us using typosquatting (type of URL hijacking = pretend to be a legitimate URL)

Question 4

What is pharming and it can be related to phishing?

Answer 4

redirection a legit website to a bogus site. It is done by poisonning the DNS server. So the pharming tqke plqce to redirect ppl on the attacker website and phishing take place when the victim enter its credentials. It is difficult to recognise by anti malware

Question 5

What is Vishing ?

Answer 5

Voice phishing is done via phone, qsking for personal info

Question 6

How to conduct a phishing attack ?

Answer 6

1/ Reconnaissance: gather info on the victim
2/ Background info (corporate web site etc)
3/ Attacker builds a believable pretext

Question 7

What is spear phishing attack and whaling ?

Answer 7

Target phishing with inside information to make the attack more believable. Whaling is a spear phishing attack that target the CEO or CFO

Question 8

What is impersonation ?

Answer 8

attackers pretend to be someone they are not, they use info gathered during the reconnaissance phase and pretend to be a person in higher rank to get info on the victims. It can be done via Vishing.

Question 9

What can be the consequences of impersonation ?

Answer 9

The attacker can use to victims info fo credit card fraud, bank fraud, loan fraud and government benefit fraud (tax etc)

Question 10

How to protect against impersonation?

Answer 10

nerver give information
verify before revealing info

Question 11

What is dumpster diving attack ?

Answer 11

attacker trying to get information by the stuffs you thrown in a trash

Question 12

How to prevent from dumpster diving?

Answer 12

• secure the garbage with locker
• shred your document

Question 13

What is shoulder surfing ?

Answer 13

looking over someone shoulder to have access to important info (password, sensitive info etc)

Question 14

How to prevent shoulder surfing?

Answer 14

1/ control your iput and be aware of your surrounding
2/ use privacy filters
3/ keep monitor out of the sight (window etc)

Question 15

What is Hoaxes attack ?

Answer 15

a threat that doesn’t actually exist

Question 16

What is watering hole attack?

Answer 16

computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects

Question 17

How to prevent from watering hole attacks?

Answer 17

defense in depth
firewals and IPS
anti-virus/anti malware signature update

Question 18

What is spam ?

Answer 18

unsolicited message (email, forum, sms etc) that can be commercial advertising, phishing attempts etc.

Question 19

How to prevent from spam?

Answer 19

1/ set up a mail gateway to filter the emails before it is transfered into the internal mail server

Question 20

How to identify a spam?

Answer 20

• set up an allowed list form trusted senders
• block anything that does not follow RFC standard
  -reverse DNS: block email where sneder’s domain doesn’t match the IP
• block email not adressed to a valid recipient email adress

Question 21

What is hacking public opinion ?

Answer 21

-influence campaign to change ppl opinion, it is enabled with social media (liking, sharing etc)

Question 22

What is the process of hacking public opinion?

Answer 22

• create fake users
  -create contet and post on social media
  -amplify the message
• real users share the message
  -mass media picks up the story

Question 23

What is hybrid warfare?

Answer 23

a type of hacking public opinion attack where a country is trying to influence another country (cyberwar)

Question 24

What is tailgating?

Answer 24

use an authorized person to gain unauthorized acces to a building

Question 25

Why social engineering attack are effective?

Answer 25

• constantly changing
• may involve multiple people
• may be in person or electronically

Question 26

What are the principle of social engineering?

Answer 26

• use of authority (calling from help desk, CEO etc)
• intimidation (there will be bad things if you don’t help)
• consensus/social proof
  -scarcity and urgency (that need to be done immediatly)