1.1 Social Engineering Techniques

Question 1

Phishing

Answer 1

Attackers fish for victims using bait. The goal is to manipulate individuals into taking action they otherwise wouldn’t through the use of fraudulent communication.

Question 2

Smishing

Answer 2

Type of phishing attack occurring through text messages or other messaging services.

Question 3

Vishing

Answer 3

Type of phishing attack over the phone to trick users into divulging sensitive information or taking certain actions.

Question 4

Spam

Answer 4

Refers to unsolicited and often irrelevant or inappropriate messages sent over the internet

Question 5

SPIM

Answer 5

Referring to unwanted and unsolicited messages sent over instant messaging platforms

Question 6

Spear Phishing

Answer 6

A targeted form of fishing attack in which cybercriminal is tailor their fraudulent messages to a specific individual organization or group.

Question 7

Dumpster Diving

Answer 7

Refer to the unauthorized retrieval of sensitive information such as documents containing personal or confidential data from discarded materials.

Question 8

Shoulder Surfing

Answer 8

Is a form of visual hacking where an individual observes or spies on someone’s else sensitive or confidential information by looking over their shoulder often and crowded or public places.

Question 9

Pharming

Answer 9

A cyber attack that involves the manipulation of the DNS or other methods to redirect users to fraudulent websites. The goal of farming is to deceive users into visiting malicious websites that appear to be legitimate with the intention of stealing sensitive information such as login credentials, personal details, or financial information.

Question 10

Tailgating/Piggybacking

Answer 10

Referring to an unauthorized person following an authorized individual into a secure area without proper authentication taking advantage of someone else’s legitimate access taking Android to a restricted or secure location.

Question 11

Eliciting Information

Answer 11

Refers to the active skillfully obtaining a drawing out information from individuals through various communication techniques.

Question 12

Whaling

Answer 12

Refers to a highly targeted form of fishing attack that specifically targets high profile individuals within an organization.

Question 13

Perpending

Answer 13

The technique where malicious characters or code are added at the beginning of a legitimate file string or command.

Question 14

Identity Fraud/Theft

Answer 14

Any type of crime in which an individual’s personal information is stolen and used without their permission for fraudulent activities.

Question 15

Invoice Scams/Billing Scams/Payment Scams

Answer 15

Are fraudulent schemes in which individuals or businesses receive fake or misleading voices with the goal of tricking them into making payments for goods or services that were never provided.

Question 16

Credential Harvesting/Phising

Answer 16

A cyber attack technique where attackers attempt to trick individuals into providing their usernames passwords or other sensitive information.

Question 17

Passive Reconnaissance

Answer 17

Collecting information without directly interacting with the target. This information can include publicly available data such as domain registration details, public records, social media profiles, and websites.

Question 18

Active Reconnaissance

Answer 18

Involves more directive direction with a target such as network scanning. Discipline include using tools to discover active hosts, open ports, and services running on a network.

Question 19

OSINT/Open Source Intelligence

Answer 19

Refers to the process of collecting and analyzing publicly available information from various sources to gain inside intelligence. These sources of information include public websites, government publications, academic publications, and online directories.

Question 20

Enumeration

Answer 20

Involves gathering more detailed information about the target system such as user accounts, network shares, and system configurations.

Question 21

Vulnerability Scanning

Answer 21

Actively searching for vulnerabilities in systems, applications, or network configurations to identify potential points of exploitation.

Question 22

Hoax

Answer 22

A deliberately fabricated or misleading piece of information intended to deceive or trick individuals or the public. Hoaxes can include written or spoken communication, images, videos, or other media.

Question 23

Impersonation

Answer 23

They act of pretending to be someone else often with the intent to deceive manipulate or gain unauthorized access to information, resources, or privileges.

Question 24

Watering Hole Attack

Answer 24

A type of cyber attack in which the attacker compromises a website that is likely to be visited by the targeted individuals or groups.

Question 25

Typosquatting/URL Hijacking

Answer 25

A cyber attack technique in which malicious actors registered domain names that closely resemble legitimate well-known websites. The intent is to take advantage of user typos or mistakes when entering a website’s URL.

Question 26

Pretexting

Answer 26

Hey social engineering technique in which an attacker creates a fabricated scenario or pretext to manipulate individuals into divulging sensitive information such as personal details account credentials or other credential data. The goal is to gain the trust of the target by posing as someone else or creating false narratives.

Question 27

Influence Campaigns/Information Operations/Propaganda Efforts

Answer 27

Coordinated efforts to shape perception beliefs and behaviors of individuals or groups, often with the goal of advancing a particular agenda, influencing public opinion, or achieving specific political, social, or economic objectives.

Question 28

Hybrid Warfare

Answer 28

A military strategy that blends conventional warfare irregular warfare and unconventional tactics to achieve strategic objectives. It is also characterized by its use of diverse and asymmetric means to achieve strategic goals often blurring the lines between traditional military conflict and other forms of aggression. A form of influence campaign.

Question 29

Social Media

Answer 29

A powerful platform for conducting influence campaigns due to its widespread reach, accessibility, and the ability to target specific demographics.

Question 30

Principles (Reasons For Effectiveness) Authority

Answer 30

The attacks can ensure that the authority is taken from the user and the attacker gets into his hands. In some cases it may happen that the authority isn’t snatched from the user and the attacker simply borrows it until he is done transferring the data or money.

Question 31

Principles (Reasons for Effectiveness) Intimidation

Answer 31

There are several intimidation levels involved. Like Indian impersonators case, The attack is done by someone while making one believe that the attacker is good and authentic person hence some trust is developed. Same as done in the case with phishing where the fake website is created similar to the original one so one can get deceived easily.

Question 32

Principles (Reasons For Effectiveness) Consensus/Social proof

Answer 32

One might not be able to find any social proof that who has done the attack and where the whole data is gone. Hence one can easily steal the data without leaving any social trace.

Question 33

Principles (Reasons For Effectiveness) Scarcity

Answer 33

Some of the attacks, like virus hoax, are not that common so people don’t know about it. Hence they don’t prepare themselves for such a tax and there are so many people out there who don’t even know what fishing attacks are. Inadequacy of knowledge is what leads the hackers into their files and hence the result of data laws.

Question 34

Principles (Reasons For Effectiveness) Urgency

Answer 34

The process of the hacking done in these cases is quick. There are many attacks which lured the people in by telling some offers which would end soon and hence the user’s fall into the trap of urgency and don’t even think about the minor changes in which can save them from being deceived.

Question 35

Principles (Reasons For Effectiveness) Familiarity / Liking

Answer 35

Another important factor here which can help someone getting away from it is getting familiarity. If one is being attacked and he doesn’t even realize it’s an attack since he isn’t familiar with the terms and the methods then he can surely get trapped and lose his data to hackers.

Question 36

Principles (Reasons For Effectiveness) Trust

Answer 36

There was something bad about the attacks which is that they sometimes betray some trust. Like in fishing they act as if the website shown is the real one and one might not even find any difference. In the case of a hoax the warnings come and go but one would think that they are normal.