Lesson 10 - Chapter 3: Social Engineering and Spam

Question 1

What is social engineering?

Answer 1

the process of tricking or manipulating people inside an organization to gain access to its network/steal information

(network login, credit card number, company customer data, etc)

Question 2

Social engineering attacks are usually… ?

Answer 2

used as one step in a larger plot to gain access (so if you discover one, ramp up your search for other attacks)

Question 3

What is infiltration?

Answer 3

someone entering the building under disguise (cleaning personnel, repair techs, messengers, etc)

Question 4

What is Phishing?

Answer 4

the act of trying to get people to give their security information (usernames, passwords, bank details, etc) by pretending to be someone else electronically

Question 5

What does a phishing attack look like?

Answer 5

an example is a bad guy sends you an email from “your credit card company” asking for your username and password

Question 6

What is Spear Phishing?

Answer 6

a targeted phishing attack (specific person like a celebrity or politician)

Question 7

What is voice phishing (vishing)?

Answer 7

VoIP (Voice over IP), like voice messages expressing an urgent need for information by someone posing as a rep of a reputable company

Question 8

What is whaling?

Answer 8

an attacker targets an authentic, important individual in a senior position in a company and tries to mislead the whale into disclosing sensitive information

(grant access to an internal network, paying money to the fraudster, etc)

Question 9

What are 7 tips for spotting phishing messages?

1. check the e
2. check to see if it
3. look for g
4. be s
5. check the u
6. do not f
7. ignore u

Answer 9

1. Check the email address it’s from
2. Check to see if it addresses you by name (not generic customer)
3. Look for grammar/spelling mistakes and unprofessional language (threats of ending service)
4. Be skeptical of attachments
5. Check the URL behind a hyperlink (hover over it)
6. Do not follow hyperlinks
7. Ignore urgent requests to act

Question 10

What’s the most common telephone scam?

Answer 10

“I forgot my username and password”

(attacker learned someone’s account name through an infiltration method)

(Don’t tell them the password over the phone just in case, have it be sent to their recovery method)

Question 11

What is shoulder surfing?

Answer 11

an attacker observing a user’s screen or keyboard for information over their shoulder

Question 12

What is tailgating? What is it also called?

Answer 12

also called piggybacking

an unauthorized person enters a secured facility by walking directly behind one or more people being admitted

Question 13

What is impersonation?

Answer 13

Using disguises, pretending to be someone else

Question 14

What is dumpster diving?

Answer 14

searching through refuse for information (and a form of intrusion)

(shred documents, use licensed shredding company for sensitive documents)

Question 15

Be careful of what when it comes to clicking/opening emails?

Answer 15

be careful of spoofed email addresses or hacked friend’s email accounts