Social Engineering

Question 1

What is phishing?

Answer 1

Attempt to extract credentials by pretending to be from a legitimate organization or individual

Question 2

How can you tell if it’s a phishing email?

Answer 2

• No identifying information (except spear phishing)
• From address does not match details of received from (misleading or different domain)
• Awkward phrasing & spelling errors
• Links to click on and presence of shortened links
• Creates sense of urgency
• Asks for private information
• Compelled to validate or confirm by entering authentication information

Question 3

What is spear phishing?

Answer 3

When the attack is specifically targeted at you.

• Email is personalized
• Know you from your online profile

Question 4

What is pharming?

Answer 4

A cyber attack that redirects a website’s traffic to another fake site.

Can be done by changing hosts file or poisoning DNS servers.

Question 5

What are the 5 types of social engineering attacks?

Answer 5

• Authority
• Charm
• Pretext
• Bait
• Reciprocation

Question 6

What is an authority attack?

Answer 6

• Impersonate a person of authority and request for information or actions through legal, organizational or social authority.

Question 7

What is a charm/empathy attack?

Answer 7

• Make people like you or sympathise with you so that they will help you.

Question 8

What is a pretext attack?

Answer 8

• Attacker focus on creating a good pretext or fabricated scenario to try and steal information from.

Question 9

What is a bait attack?

Answer 9

• Use a false promise to pique a victim’s greed or curiosity
• Use physical media with malware (USB, CDs) by leaving them in area.
• Enticing ads that encourages uses to download malware.

Question 10

What is a reciprocation attack?

Answer 10

• Manipulate someone to feel grateful or obligated to you and get them into compliance by promising potential benefits.