Phishing

Question 1

Social Engineering (Context of Information Security)

Answer 1

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.

Question 2

Spoofing (Context of Information Security)

Answer 2

A spoofing attack is a situation in which a person or program successfully identifies as another by falsifying data, to gain an illegitimate advantage. e.g. A fake identical website

Question 3

Typosquatting

Answer 3

A spoofing attack that takes the URL of a website but with misspelling/typo.

https: //Leo.com (Real)
https: //Loe.com (Typosquatting)
https: //Lleo.com (Prepending)

Question 4

Pretexting

Answer 4

• Lying to get information.

- Attacker calls and acts as if they are a representative of a company. e.g. utility service or phone carrier

Question 5

Pharming

Answer 5

Redirecting a legit website to a bogus website by using a poisoned DNS server or client vulnerability

Question 6

Phishing

Answer 6

Collecting access credentials

Question 7

Vishing

Answer 7

Voice phishing - spoofing a phone number. Fake security checks or bank updates

Question 8

Smishing (SMS phishing)

Answer 8

Spoofing via text message or links asking for personal information

Question 9

Attacker Reconnaissance

Answer 9

They gather information about you on Facebook, Twitter, Instagram etc. and build a believable pretext about you before they attempt their phishing attack. Where you work, where you bank, family and friends.

Question 10

Spear phishing

Answer 10

Very specific targeted phishing attack

Question 11

Whaling

Answer 11

Spear fishing a VIP such as a CEO, CFO, etc. Generally people with critical access or knowledge