1.1 Social Engineering Techniques

Question 1

Typosquatting / Sting Site / Fake URL / URL Hijacking

Answer 1

A user types www.gooogle.com into their address bar and get redirected to a malicious website that freezes up their browser and warns that their computer has been infected

Question 2

Pharming

Answer 2

Redirect a legit website to a bogus site

Question 3

Vishing

Answer 3

Voice Phishing

Question 4

Smishing

Answer 4

Phishing done by text message / SMS

Question 5

Reconnaissance

Answer 5

Gather information on the victim

Question 6

Spear Phishing

Answer 6

Targeting a specific individual or group within a company

Question 7

Whaling

Answer 7

Spear Phishing the CEO/CFO of a company

Question 8

Impersonation

Answer 8

Pretending to be someone else to gain information

Question 9

Eliciting Information

Answer 9

Extracting information from a victim

Question 10

Dumpster Diving

Answer 10

Diving in the dumpster…. literally.

Question 11

Shoulder Surfing

Answer 11

Gathering information from afar, such as webcam monitoring, looking at the info through a mirror, binoculars/telescopes, etc.

Question 12

Tailgating

Answer 12

Following someone into a restricted area

Question 13

Hoax

Answer 13

A threat that doesn’t actually exist

Question 14

Watering Hole Attack

Answer 14

A web server has been compromised and is being used to target web traffic in order to deploy malware or collect data.

Question 15

SPAM

Answer 15

Unsolicited messages from texts, email, forums, etc.
Unsolicited email, Trackback, negative SEO attacks, spiders, and malware warnings

Question 16

SPIM

Answer 16

Spam over Instant Messenger

Question 17

rDNS

Answer 17

Reverse Domain Name Service lookup of a domain name from an IP address

Question 18

Influence Campaigns

Answer 18

This type of campaign, also known as a misinformation operation, involves collecting tactical information, determining key stakeholders, and launching propaganda campaigns, often to gain a competitive advantage

Question 19

Invoice Scam

Answer 19

A false email from a seemingly reputable entity or a high-level manager requesting a payment and may even link to a “pay” website

Question 20

AUP

Answer 20

Acceptable Use Policy

Question 21

Hybrid Warfare

Answer 21

Involves traditional warfare as well as incorporation of the cyber realm in a non-traditional way

Question 22

BEC (Business Email Compromise)

Answer 22

Often targets companies who outsource, perform wire xfers, or use suppliers from abroad by creating phony invoices, using C-Team fraud, compromising their email accounts, or impersonating an attorney or trusted person.

Question 23

Xfer

Answer 23

Transfer / move oneself from one location or job to another

Question 24

SMTP

Answer 24

Simple Mail Transfer Protocol:
Internet standard communication protocol for electronic mail transmission

Question 25

Credential Harvesting

Answer 25

Harvesting passwords and login credentials

Question 26

Smishing

Answer 26

Phishing is done by text message / SMS