Social Engineering

Question 1

Phishing

Answer 1

type of cyber attack in which malicious actors attempt to deceive individuals or organizations into divulging sensitive information, such as login credentials, personal information, or financial details.

Question 2

Smishing

Answer 2

form of cyberattack and social engineering technique that involves sending fraudulent or malicious text messages (SMS) to individuals with the aim of tricking them into revealing sensitive information, downloading malware, or taking some harmful action.

Question 3

Vishing

Answer 3

type of social engineering attack that involves using voice communication, typically phone calls, to deceive individuals or organizations into revealing sensitive information, such as personal information, financial data, or login credentials.

Question 4

Spam

Answer 4

refers to the mass distribution of unsolicited and often irrelevant or inappropriate messages, primarily through electronic communication channels like email, text messages, and social media.

Question 5

Spam over instant messaging (SPIM)

Answer 5

form of unsolicited and often intrusive messaging that occurs through instant messaging (IM) platforms.

Question 6

Spear Phishing

Answer 6

targeted form of phishing attack that involves cybercriminals sending highly customized and deceptive emails or messages to a specific individual or a select group of individuals.

Question 7

Dumpster diving

Answer 7

physical form of information gathering and social engineering that involves searching through discarded materials, such as trash bins, dumpsters, or recycling containers, to obtain valuable information.

Question 8

Shoulder surfing

Answer 8

form of social engineering and information theft that involves an attacker surreptitiously observing or “surfing” over the shoulder of a person to glean sensitive or confidential information.

Question 9

Pharming

Answer 9

cyber attack that involves redirecting the traffic of a legitimate website to a fraudulent or malicious website, usually without the victim’s knowledge.

Question 10

Tailgating

Answer 10

social engineering technique where an unauthorized individual gains physical access to a secured area by closely following an authorized person as they enter a restricted space.

Question 11

Eliciting information

Answer 11

social engineering technique used to obtain sensitive or valuable information from individuals, often through manipulation and persuasion.

Question 12

Whaling

Answer 12

specific type of phishing attack that targets high-profile individuals within organizations, such as top executives, senior managers, or individuals with access to sensitive information.

Question 13

Prepending

Answer 13

refers to a technique used by attackers to manipulate or deceive security systems, particularly those that rely on lists, databases, or filtering rules.

Question 14

Identity fraud

Answer 14

type of crime in which an individual’s personal information is stolen and used for fraudulent purposes.

Question 15

Invoice scams

Answer 15

type of financial scam in which fraudsters manipulate invoices or payment requests to deceive individuals or organizations into making fraudulent payments.

Question 16

Credential harvesting

Answer 16

cyber attack technique where malicious actors attempt to steal usernames and passwords from individuals or organizations.

Question 17

Reconnaissance

Answer 17

refers to the initial phase of an attack where malicious actors gather information about a target, such as an individual, organization, or system.

Question 18

Hoax

Answer 18

deceptive or misleading scheme or fabrication designed to trick individuals or the public into believing something false or fictitious.

Question 19

Impersonation

Answer 19

social engineering technique where an attacker pretends to be someone else or a trusted entity to deceive individuals or organizations.

Question 20

Watering hole attack

Answer 20

sophisticated cyber attack that targets a specific group of individuals or organizations by compromising websites they frequently visit.

Question 21

Typosquatting

Answer 21

also known as URL hijacking or domain mimicry, is a cyber attack technique where malicious actors register domain names that are similar to popular, legitimate websites but contain slight typographical errors or variations.

Question 22

Pretexting

Answer 22

social engineering technique in which an attacker fabricates a scenario or pretext to manipulate individuals into revealing sensitive information or performing specific actions.

Question 23

Influence campaigns

Answer 23

especially in the context of hybrid warfare and social media, involve coordinated efforts to shape public opinion, sow discord, or achieve strategic objectives through the use of information, disinformation, and psychological manipulation.

Question 24

Principles

Answer 24

These principles explain the reasons why certain social engineering techniques are effective in persuading individuals to comply with requests or take specific actions.

Question 25

What are these principles?

Answer 25

• Authority
• Intimidation
• Consensus
• Scarcity
• Familiarity
• Trust
• Urgency