Social Engineering

Question 1

What is Phishing

Answer 1

Persuades or tricks target into interacting with a malicious resource. traditionally over Email. Combines social engineering and spoofing.

Question 2

What is Smishing

Answer 2

A standard scam sent via text (SMS). Used to trick target into giving valuable info.

Question 3

What is Vishing

Answer 3

Over the phone Phishing. Scam to extract info or convince target to interact with malicious resource.

Question 4

What is Spam

Answer 4

Unsolicited Email both malicious and mundane

Question 5

What is SPIM (Spam over internet messaging)

Answer 5

Unsolicited messaging through internet messaging{ catch all for not email but sent over the internet}

Question 6

What is Spear Phishing

Answer 6

Focused Phishing usually including information to add credibility. Tailored to address a specific target.

Question 7

What is Dumpster Diving

Answer 7

Combing through garbage for files/removable media.

Question 8

What is Shoulder Surfing

Answer 8

Observing the input of a password or information. not just physically looking over the shoulder cameras are fair game. Recorded video counts.

Question 9

What is Pharming

Answer 9

Corrupts name resolution process in order to reroute users of legitimate websites to malicious websites passively.

Question 10

What is Tailgating

Answer 10

Entering an area unauthorized via following closely behind someone without their knowledge or consent of malicious goals. Still count if they hold the door open but were tricked into doing so.

Question 11

What is Eliciting Information

Answer 11

The discrete gathering of information. For example a conversation in which tricks the other party into giving useful information.

Question 12

What is Whaling

Answer 12

Spear Phishing but aimed at somebody big like a CEO.

A focused scam using information to create legitimacy.

Question 13

What is Prepending

Answer 13

Adds text to Hoax of Spam that looks the the email system produced to create legitimacy

Question 14

What is Identity Fraud

Answer 14

Used specific details of someone’s identity to impersonate them. Also compromised accounts.

Question 15

What is Invoice Scams

Answer 15

Spoofs invoice details but changes changes bank account number. You fake being the collector of a bill.

Question 16

What is Credential Harvesting

Answer 16

Campaign specifically designed to steal account credentials on mass typically but can be small scale. Threat actor might just sell instead hacking further.

Question 17

What is Reconnaissance

Answer 17

Reconnaissance is the practice of covertly discovering and collecting information about a system.

Question 18

What is Hoax

Answer 18

Fake security alerts/chain Emails. introduces a potential threat and offer fake solution.

Question 19

What is Impersonation

Answer 19

Pretending to be someone else.

Question 20

What is Watering Hole attack

Answer 20

A passive hack wherein the threat actor creates a fake something people want to use to enact malicious intentions. Example making a fake app for local pizza place that acts as a trojan.

Question 21

What is Typo Squatting

Answer 21

You register a domain that is spelled extremely similar to something legitimate and wait.

Question 22

What is Pretexting

Answer 22

Is an attack in which the attacker creates a scenario to try and convince the victim to give up valuable information, such as a password.

Question 23

What is Influence campaign

Answer 23

An attack or series of attacks launched by a group. Specifically to influence public opinion.

Question 24

What is Hybrid warfare

Answer 24

An influence campaign deployed along with espionage, disinformation/fake news, and hacking.

Question 25

What is Social media

Answer 25

websites and applications that enable users to create and share content or to participate in social networking.

Question 26

What is Social Engineering Principles (reasons for effectiveness)

Answer 26

Familiarity/Liking// Be Affable able to make people like you

Consensus/Social Proof// Using polite behavior/ societal constraints to your advantage.

Authority and Intimidation// Using feigned authority or peoples bias against being wrong.

Scarcity and Urgency// creating demand or urgency to trick targets.

Question 27

What is Social Engineering Principle Authority

Answer 27

People hesitate to enter conflict with perceived superiors

Question 28

What is Social Engineering Principle Intimidation

Answer 28

Overloading the person with jargon/ making them feel stupid/ threats of repercussions

Question 29

What is Social Engineering Principle Consensus

Answer 29

A social engineering attack can use this instinct either to persuade the target that to refuse a request would be odd or to exploit polite behavior.

Question 30

What is Social Engineering Principle Scarcity

Answer 30

Convincing the target that they will miss out.

Question 31

What is Social Engineering Principle Familiarity

Answer 31

Getting chummy with the target

Question 32

What is Social Engineering Principle Trust

Question 33

What is Social Engineering Principle Urgency

Answer 33

Convincing the target of urgency requiring immediate action