1B

Question 1

___ ___ is a non-technical or low-technology confidence trick (“con”) used for attacking information systems, often involving trickery or fraud.

Answer 1

Social Engineering

Question 2

Social engineering is commonly known as, “___ ___ ___.”

Answer 2

hacking the human

Question 3

The purpose of social engineering can be ___ ____, ____ or ____ ____. It differs from a traditional “con” in that it is often one of many steps in a more complex scheme.

Answer 3

information gathering, fraud or system access

Question 4

What are the two types of social engineering?

Answer 4

Phishing and Baiting

Question 5

___ techniques attempt to acquire sensitive data, such as bank account numbers, passwords, email accounts, etc., through fraudulent solicitation via email, text messages, or websites. A perpetrator masquerades as a legitimate business or reputable person, often broadcasting messages to a wide audience of targets or individuals within an organization or otherwise. Imagine a fisherman casting a line into the water with a baited hook waiting for a victim to bite.

Answer 5

Phishing

Question 6

What are the two kinds of phishing?

Answer 6

Spear Phishing and Whaling

Question 7

___ ___ is a type of phishing that targets a specific group of individuals by sending messages that appeal to the group. Phishers may identify their targets by name using information collected from public sources such as social media. They may email targets using spoofed email addresses that look like those of an organization or service that the targets have a relationship with, such as an employer or government agency. When it comes to ____ ____, imagine a fisherman aiming a spear at a specific group of fish in the water.

Answer 7

Spear Phishing

Question 8

_____ is a specific form of spear phishing targeted at high-value individuals, such as a CEO or company board member. This type of target provides an especially high payoff for potential attackers
due to the type and amount of information they have access to.

Answer 8

Whaling

Question 9

_____ tricks a victim by using their curiosity or greed against them. It encourages any user who happens to come across the bait to perform some action to trigger a trap, such as installing malware onto a device.

Answer 9

Baiting

Question 10

The best countermeasures against social engineering involve _____ yourself and your co-workers in your organization.

Answer 10

educating

Question 11

What are four ways to mitigate social engineering?

Answer 11

1. Email & Attachments - Do not open email messages and/or attachments from suspicious sources
2. Multifactor Authentication - In the event of a system or account compromise, multifactor authentication can protect your account
   because the attacker would be less likely to have compromised all factors for an account
3. Antivirus/Antimalware - Enable automatic updates or regularly update antivirus/antimalware programs.
4. Use Good Judgement - If an offer looks too good to be true, research it before taking any action. It is likely a scam.