Domain #1

Question 1

What is Phishing?

Answer 1

A form of social engineering in which an attacker asks someone for a piece of information they are missing by making it look like it is a legitimate request from a trusted source. Commonly sent
via email.

Question 2

Signs of Phishing?

Answer 2

• Misspelling in the URL
• Usually there’s something copied incorrectly
• Spelling
• Fonts
• Graphics

Question 3

What is Typo squatting?

Answer 3

Domain created based on the misspelling of another.

Question 4

What is Pretexting?

Answer 4

An attacker lies to get information. Pretends to be someone else to persuade another person to give up their information.

Question 5

How do attackers use Pretexting to gain information?

Answer 5

They use a popular brand or service name to lure you into clicking a link/ providing information.

Question 6

What is Pharming?

Answer 6

• Combines phishing + pharming.
• An attacker attacks a group of people.
• Uses malicious code on compromised systems to send
  unsuspecting users to malicious websites.

Question 7

What is Vishing?

Answer 7

Phishing done over the phone.

Users Voice Over IP (VoIP)–> Technology that allows people to make voice calls using internet connection instead of a phone line.

Question 8

Characteristics of Vishing?

Answer 8

• Done over the phone
• Caller ID spoofing

Question 9

What is Smishing?

Answer 9

A phishing technique that uses phishing via SMS (text) messages and vishing or phishing via telephone.

Question 10

What are the characteristics of Smishing?

Answer 10

• Done by text messages
• Spoofing
• Forwards links + asks for personal info

Question 11

How do attackers know where to Phish?

Answer 11

• Reonnaissance: Gather info on the victim
• Background info
• Social Media
• Corporate Websites
• 3rd Party Websites

Question 12

What is Spear Phishing?

Answer 12

• Targeted Phishing with inside information
• Phishing aimed at specific individuals or groups

Question 13

What is Whaling?

Answer 13

• Type of Spear Phishing
• Phishing aimed at senior staff and organizational leadership or other high-profile targets.

Question 14

What is Impersonation?

Answer 14

Pretending to be another to gain information.

Question 15

How do attackers use impersonation?

Answer 15

Attackers use details from their reconn. to establish trust & credibility from their victims

Attackers may also use high ranking job titles to urge victims to give information

Question 16

What is Eliciting Information?

Answer 16

• A technique used to gather information without targets realizing they are providing it.

Question 17

How is Eliciting done ?

Answer 17

• Vishing (Phone Phising)
• Psychological techniques –> Making the victims feel at ease

Question 18

What is Identity Fraud?

Answer 18

The use of someone elses identity

Question 19

What are types of Identity Fraud?

Answer 19

• Credit card fraud –> Attackers open an account in your name or uses your cc info
• Bank fraud –> Attacker gains access to your bank account or opens new accounts
• Loan Fraud –> Your information is used for a loan of lease
• Government benefits fraud –> Attacker obtains benefits on your behalf

Question 20

What is Dumpster Diving?

Answer 20

Looking through trash for clues often in the form of paper scraps—to find users’ passwords and other pertinent information.

Question 21

What are the US laws on Dumpster Diving?

Answer 21

• Legal unless in a restricted area
• You can’t break the law to gain access to a private location that has a dumpster.

Question 22

What is Shoulder Surfing?

Answer 22

• Watching someone when they enter their username, password, or
  sensitive data.

Question 23

Where is Shoulder Surfing common?

Answer 23

• Airports/ Flights
  -Hallway facing monitors
• Coffee shops
• Webcam Monitoring
• Large Cities

Question 24

How does one prevent Shoulder Surfing?

Answer 24

• Control your input, beware of your surroundings
• Use privacy filters (privacy screens)

Question 25

What are Hoaxes

Answer 25

A threat that doesn’t really exist

Question 26

What are the forms of a Hoax?

Answer 26

• Email
• Messages on screen
• Voicemail

Question 27

What are the forms of a Hoax?

Answer 27

• Some hoaxes are disguised as viruses or malware, they aren’t truly viruses or malware

Question 28

What is a Watering Hole Attacks

Answer 28

When attackers go through 3rd parties and infect it. The 3rd party is the Watering Hole. The central place where they’re hoping users in the organization they’re attacking will visit.

Question 29

What is Spam?

Answer 29

Unwanted, unsolicited email sent in bulk.

Question 30

What forms does Spam take?

Answer 30

• Email, Forums
• Spam over Instant Messaging (SPIM)

Question 31

What content does Spam contain ?

Answer 31

• Commercial advertising
• Non-Commercial proselytizing
• Phising Attempts

Question 32

Why is Spam bad?

Answer 32

• Significant technology issue
• Security concerns
• Resource Utilization
• All of the messages have to be stored somewhere, Spam uses network bandwidth to send messages to users.

Question 33

What is the process of The Watering Hole?

Answer 33

Once The Watering Hole is infected, users visit that website & become infected themselves.

Question 34

Managing the spam

Answer 34

A Spam management system is used to filter Spam before it reaches the users.

Question 35

How is Spam stopped?

Answer 35

• Mail Gateways –> Unsolicited emails are stopped before it reaches the user
• Spam filters can filter in the cloud

Question 36

How do you Identify Spam?

Answer 36

• Email Gateway/ Spam filter
• Allowed list
• SMTP (simple Mail transfer protocol) Standards checking –> Blocks anything that doesn’t follow RFC Standards (rules for the internet)

Question 37

What are Influence Campaigns?

Answer 37

• Social Engeneering technique to sway public opinion on political & social issues
• Nation-State Actors –> People who come from countries where the majority of people share the same culture, language & history.

Use advertisements as a way to change the opinion of people who may be reading things online.

Question 38

How does Influencing happen?

Answer 38

• Bad Actors create a bunch of fake accounts
• The fake accounts create content.
• Content is posted on various sites
• Messages online amplifies the scope of who reads/digests the messages
• Real users share the messages
• Mass media picks up the story
• Messages become popular because trusted media outlets share the messages.