Social Engineering

Question 1

What Is Phishing?

Answer 1

Sent Usually In Email Form but can use other method of delivery
Trying To Get You To Press A Link To Gather Personal Information
Social Engineering With Spoofing

Question 2

What Is Spoofing?

Answer 2

When You Hide Your True Identity and Pretend To Be Someone Else to Trick The Recipient

Question 3

What Is Typosquatting?

Answer 3

This is a type of URL hijacking, its where the URL looks similar to the real website or what the user is expecting
True Site - www.google.co.uk
Fake Site - www.gogle.co.uk

Question 4

What Is Prepending?

Answer 4

This Is Where the hacker adds something onto the beginning of the URL so fool the recipient

Question 5

What Is Pretexting?

Answer 5

Hacker Lying to Gain Information
Hacker Might be a character in a situation they create
Pretending to be from Amazon, Bank or Similar to gain information

Question 6

What Is Pharming?

Answer 6

Redirection Of A Real Site To A Fake Site

This might be due to a website, DNS or client vulnerability

Question 7

What Is Vishing?

Answer 7

Same as Phishing but over Voice (phone) instead
They may use Caller ID Spoofing to show a real number but they might be calling from a different number
The goal Is the same as phishing, its an attempt to gain person infomation

Question 8

What Is Smishing?

Answer 8

Same as Phishing but over text
They spoof the caller ID to pretend to be from an actual legit company or person you recognise
They attempt to gain personal information via reply or links

Question 9

Why Would Hackers Use Phishing?

Answer 9

They need to gain information on a person, they may not attempt to attack straight away but will gather information first to make the phish more likely to succeed

Question 10

What Is Spearphishing?

Answer 10

This is a targeted phishing attempt on a certain person / company

Question 11

What Is Whaling?

Answer 11

When they target a CEO or someone with full control over an accounts system to gain entry

Question 12

What Would Be Considered Pre Text In Impersonation?

Answer 12

This would be where they set a trap before they attack
There would be an actor and a story
Essentially The Bit Before The Attack

Question 13

What Is Impersonation?

Answer 13

Hackers Pretend To Be Someone They Are Not
They Will Impersonate Someone You May Trust OR Believe
This is why they use Pre Text Before An Attack

Question 14

What Is Eliciting Information?

Answer 14

Where the hacker extracts information from the victim
They often don’t know its even happening as they believe the hacker
This is common with Vishing

Question 15

What Is Dumpster Diving?

Answer 15

Checking Whats Been Thrown Out
The Attacker Will Review The Trash And See What Information It Has
This can then be used for attack

Question 16

Is Dumpster Diving Legal?

Answer 16

It can be, it depends on where you are but generally if something is chucked away as rubbish you can collect it

Question 17

What Is Shoulder Surfing?

Answer 17

Someone Checking Whats On Your Screen

Essentially ‘looking over there shoulder’

Question 18

What Can You Do To Limit Shoulder Surfing?

Answer 18

Use Privacy Filters
Be aware of surroundings
Ensure Monitors Are Not In View

Question 19

What Is A Computer Hoaxes

Answer 19

A threat that doesnt exist but could be real

Question 20

What Are Types Of Computer Hoaxes

Answer 20

Fake Virus Pop Up
Fake Malware Warning
Email Stating You Have Won Money and TO Contact Somone to Claim
Essentially A Fake Issue Or Similar to get the victim to call or purchase something

Question 21

What Is A Watering Hole Attack?

Answer 21

A watering hole attack works by identifying a website that’s frequented by users within a targeted organisation, or even an entire sector, such as defence, government or healthcare.That website is then compromised to enable the distribution of malware.
The attacker identifies weaknesses in the main target’s cyber-security, then manipulates the watering hole site to deliver malware that will exploit these weaknesses

Question 22

Why Use A Watering Hole Attack?

Answer 22

This would be used if a network is very secure and the hackers are trying to find a way in, by using a 3rd party site they are not gaining access via the main network but rely on the users to visit the 3rd party side to then gain access to the main network

Question 23

What Is Defence In Depth?

Answer 23

This is layered defence to cover all entry points in a network

Question 24

What IS Spam?

Answer 24

Unsolicited Message

This could be via email, advert, pop up

Spam can also be used in phishing to get personal information

Question 25

What is SPIM?

Answer 25

Spam over instant message

Question 26

How To Reduce Mail Spam

Answer 26

Spam System / Spam Filter

Question 27

What Tools Would A Spam System Use To Detect and Reduce Spam?

Answer 27

rDNS - Reverse DNS, ensure the senders domain matches the IP address its come from
Allow and Block List - does require user management but only allowing emails from safe senders
SMTP Standard Checking - Running checks on sending email system to ensure it complies with RFC standard

Question 28

What is Tarpitting?

Answer 28

This slows down the mail server on purpose to frustrate the spammer so they skip over your network

Question 29

What Is An Influence Campaigns?

Answer 29

This is where hackers create fake users and content and spread it around as such can influence real people

Question 30

What Is Tailgating?

Answer 30

Uses an authorised person to gain unauthorised access

Question 31

What Is Credential Harvesting?

Answer 31

Might Be Known As Password Harvesting
Its where hackers attempt to access credentials on your network
They will try and run a script on a local computer via a link in an email or similar