2.4 – Social Engineering

Question 1

Social Engineering

Answer 1

• Uses social tactics to trick users into giving up information or performing actions they wouldn’t usually take

o In person, over phone, while browsing, via email
o Take advantage of normal social behaviors & trust

Question 2

• Phishing

Answer 2

o Sending emails with purpose to trick them into revealing personal information / performing acts

o DOES NOT target specific group

Question 3

• Spear Phishing

Answer 3

targets specific groups of users

—Attacks can be customized [more dangerous]

Question 4

o Whaling

Answer 4

targets high-level executives

Question 5

o Vishing

Answer 5

voice phishing
–Verify identity & contact info of caller
–Caller-ID can be spoofed

Question 6

o Smishing

Answer 6

-Uses SMS Texts

-Instant messages / social media

Question 7

• In Person Training
  o Dumpster Diving

Answer 7

–Person looks through trash for info

–Burning / shredding helps prevent

Question 8

• In Person Training
  o Should Surfing

Answer 8

Looking over shoulder with camera to view sensitive information

Question 9

• In Person Training
  o Tailgating

Answer 9

Follow closely behind someone to enter a secure area

Question 10

• In Person Training
  o Impersonation

Answer 10

Pretend to be someone else

Usually impersonate tech support / company personal

Question 11

• In Person Training
  o Evil Twin

Answer 11

Fraudulent WiFi access point that appears to be legit

Setup to eavesdrop on wireless communication