Phishing

Question 1

Phishing

Answer 1

is the use of digital communications to trick people into revealing sensitive data or deploying malicious software

Question 2

Common types of phishing attacks

Answer 2

-Business Email Compromise (BEC)
-Spear phishing
-Whaling
-Vishing
-Smishing

Question 3

BEC

Answer 3

Business Email Compromise: A threat actor sends an email message that seems to be frim a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage

Question 4

Spear phishing

Answer 4

A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.

Question 5

Whaling

Answer 5

A form of spear phishing. Threat actors target company executives to gain access to sensitive data

Question 6

Vishing

Answer 6

The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source

Question 7

Smishing

Answer 7

the use of texts messages to trick users, in order to obtain sensitive information or to impersonate a known source

Question 8

Malware

Answer 8

is software designed to harm devices or networks.

The primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory

Question 9

Common types of malware attacks

Answer 9

-Viruses
-Worms
-Ransomware
-Spyware

Question 10

Viruses

Answer 10

Malicious code written to interfere with computer operations and cause damage to data and software

Question 11

how does a virus get initiated?

Answer 11

a virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.

Question 12

Worms

Answer 12

Malware that can duplicate and spread itself across systems on its own. In contrasto a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already computer to other devices on the same network.

Question 13

Ransomware

Answer 13

A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access to

Question 14

Spyware

Answer 14

Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect data, such as private emails, texts, voice and image recordings, and locations

Question 15

Social engineering

Answer 15

Is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question.

Question 16

Common types of social engineering attacks

Answer 16

-Social media phishing
-Watering hole attack
-USB baiting
-Physical social engineering

Question 17

social media phishing

Answer 17

a threat actor collects detailed information about the target from social media sites then they initiate an attack 

Question 18

Watering hole attack

Answer 18

A threat actor attacks a website frequently visited by a specific group of users

Question 19

USB baiting

Answer 19

A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network

Question 20

Physical social engineering

Answer 20

A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location

Question 21

Reasons why social engineering attacks are effective;

Answer 21

•Authority
•Intimidation
•Consensus/social proof
•Scarcity
•Familiarity
•Trust
•Urgency

Question 22

Authority

Answer 22

Threat actors impersonate individuals with power. This is be used people, un general, have been conditioned to respect and follow authority figures.