1.1 Social Engineering Techniques

Question 1

What is Phishing?

Answer 1

Attackers pretending to be a service provider to extract your information

Question 2

What is Typosquatting?

Answer 2

A type of URL hijacking
https://professormessor.com
https://professormesser.com

Question 3

What is Pretexting?

Answer 3

Lying in a situation to get information
Another type of URL Hijacking

Question 4

What is Pharming?

Answer 4

Redirecting a group of people to a bogus website

Question 5

What is Vishing?

Answer 5

Phishing over a voice call

Question 6

What is Smishing?

Answer 6

Phishing over text messages (SMS)

Question 7

What is Reconnaissance?

Answer 7

The attacker doing research to build a solid phishing attempt

Question 8

What is Spear Phishing?

Answer 8

A specific attack against an indivdual or group of people

Question 9

What is Whaling?

Answer 9

Spear phishing against the CEO or head accountant due to their access to documents and files

Question 10

What is the pretext phase?

Answer 10

Setting the trap

Question 11

What is the act of Eliciting Information?

Answer 11

Getting the victim at ease to make extracting information easy

Question 12

What are some ways an attacker can use a victims information?

Answer 12

Credit card fraud
Bank fraud
Loan fraud
Government benefits fraud

Question 13

How do you protect against Vishing attacks?

Answer 13

Don’t disclose personal details
Always verify before revealing info

Question 14

What is Dumpster Diving?

Answer 14

Gathering important details from things people throw in their trash

Question 15

How can you protect yourself from Dumpster Diving?

Answer 15

Cut documents into small pieces
Burning documents

Question 16

What is Shoulder Surfing

Answer 16

Gathering information by looking over someone’s shoulder to their PC

Question 17

How to you protect yourself from Shoulder Surfing?

Answer 17

Be aware of your surroundings
Privacy filter
Keep monitor out of sight

Question 18

What are Computer Hoaxes?

Answer 18

A threat that doesn’t actually exist

Question 19

How do you debunk a Computer Hoax?

Answer 19

Cross reference hoaxes
Spam filters

Question 20

What are Watering Hole Attacks?

Answer 20

Installing malware on a website that a group of people visit

Question 21

How do you defend against the Water Hole?

Answer 21

Defense in Depth (Layered defense)
Firewalls and IPS
Antivirus/Antimalware

Question 22

What does SPIM stand for?

Answer 22

Spam over instant messaging

Question 23

What are some examples of Spam

Answer 23

Commercial advertising
Non-commercial messages
Phishing attempts

Question 24

How does a mail gateway protect against Spam?

Answer 24

A personal spam filter can be used in the cloud or a filter on the screened subnet

Question 25

What is rDNS?

Answer 25

Reverse DNS; blocks emails where the sender’s domain does not match the IP address

Question 26

What is Tarpitting?

Answer 26

The act of intentionally slowing down the server to increase time between sent and received messages

Question 27

What is Recipient Filtering?

Answer 27

Blocking all emails not addressed to a valid recipient email address

Question 28

What is Hybrid Warfare also known as?

Answer 28

Cyber warfare

Question 29

How can Hybrid Warfare be utilized?

Answer 29

Changing the thinking of another country

Question 30

What is Tailgating?

Answer 30

Unathorized personnel gaining access to a building by closely following someone else

Question 31

How can we prevent tailgating?

Answer 31

Mantraps
Visitor policy
One scan, one person

Question 32

What are Invoice Scams?

Answer 32

Spear phishing
A fake invoice is sent

Question 33

What is Credential Harvesting?

Answer 33

Attackers attempting to gain usernames and passwords stored on a local computer or browser

Question 34

What are the components of Social Engineering?

Answer 34

Being involved in organizations
Posing as an “aggressive customer”
Posing with authority
Social proof
Scarcity/Urgency
Familiarity
Trust