Drill #4

Question 1

Phishing is…

Answer 1

Phishing is…
masquerading as a trustworthy entity using social engineering to acquire sensitive information through emails, voice, and text messaging

Phishing is the major tool used by the bad guys to get users to click on something and lead them to confidential information, like usernames, passwords, social security numbers, names, etc.

Question 2

spear phishing

Answer 2

A small, focused, targeted phishing attack on a specific person or organization, with the goal to penetrate their defenses. Personalized for the individual.

Question 3

phishing attack surface

Answer 3

The quantity of emails exposed on the internet. The more email addresses exposed, the bigger the attack footprint is and the higher the risk for phishing attacks.

Question 4

Phish-prone Percentage

Answer 4

A term coined by KnowBe4 that indicates the percentage of employees that are prone to click on phishing links.

The customer starts with a baseline (a starting point used for comparison) percentage, which is the percentage of users who click on phishing links before being trained. Once trained, the test is done again 12 months later, to see the improvement.

Question 5

social engineering

Answer 5

The act of manipulating people into performing actions or divulging sensitive information.

The term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access.

Question 6

CEO fraud

Answer 6

A spear phishing attack that targets high-risk users—people in Accounting, HR, or executive assistants—in which the hacker claims to be the CEO

Question 7

vishing

Answer 7

A phishing attack conducted by telephone. Vishing is the phone equivalent of a phishing attack.

Question 8

smishing

Answer 8

Phishing conducted via Short Message Service (SMS), a telephone-based text messaging service.

Question 9

email spoofing

Answer 9

phishing attack where the sender’s email address is faked