Social Engineering

Question 1

What is social engineering?

Answer 1

Manipulative strategy exploiting human psychology for unauthorized access to systems, data, or physical spaces.

Question 2

6 Types of Motivational Triggers

Answer 2

Authority
Urgency
Social proof
Scarcity
Likability
Fear

Question 3

4 Main forms of Impersonation

Answer 3

Impersonation
Brand Impersonation
Typosquatting
Watering Hole Attacks

Question 4

What is Impersonation?

How to mitigate it?

Answer 4

An attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data.

Providing security awareness training to their employees on a regular basis.

Question 5

What is Brand Impersonation?

How to protect against it?

Answer 5

A more specific form of Impersonation where an attacker pretends to represent a legitimate company or brand.

• Educate their users
• Use secure email gateways to filter phishing emails
• Monitor their brand’s online presence to detect any fraudulent activities

Question 6

What is Typosquatting?

How to combat it?

Answer 6

Also known as URL Hijacking or cybersquatting

A form of cyber attack where an attacker will register a domain name that is similar to a popular website but contain some kind of typographical errors.

1. Register common misspellings of their own domain names
2. Use services that monitor for similar domain registrations
3. Conduct user security awareness training .

Question 7

What are Watering Hole Attacks?

How to mitigate them?

Answer 7

Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use.

1. Keep systems and software updated.
2. Use threat intelligence services to stay informed.
3. Employ advanced malware detection and prevention tools.

Question 8

What is Pretexting?

How to mitigate it?

Answer 8

Gives some amount of info that seems true so that the victim will give more info.

Employee training not to fall for pretext.

Question 9

What are the 6 types of Phising Attacks?

Answer 9

Phising
Spear Phising
Whaling
Business Email Compromise (BEC)
Vishing
Smishing

Question 10

What is Phishing?

Answer 10

Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal info , such as passwords and credit card numbers

Question 11

What is Spear Phising?

Answer 11

Phishing focused on a specific group of individuals or organizations.

Question 12

What is Whaling?

Answer 12

Spear Phishing that targets high-profile individuals i.e. CEOs or CFOs.

Question 13

What is Business Email Compromise (BEC)?

Answer 13

Phishing Attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacker.

Question 14

What is Vishing?

Answer 14

Attacker tricks their victims into sharing personal or financial info over the phone.

Question 15

What is Smishing?

Answer 15

Using text messaging to trick individuals into providing their personal info.

Question 16

What are some key indicators associated with phising attacks?

Answer 16

Urgency
Unusual Requests
Mismatched URLs
Strange Email Addresses
Poor Spelling or Grammer

Question 17

What is the difference between Identity Fraud and Identity Theft?

Answer 17

Identity Fraud - attacker takes the victims credit card number and makes charges.

Identity Theft - attacker tries to fully assume the identity of their victim.

Question 18

What is an invoice scam?

Answer 18

In which o person is tricked into paying for a fake invoice for a product or service that they did not order

Question 19

What are influence campaigns?

Answer 19

Coordinated efforts to effect public perception or behavior towards a particular cause, individual, or group

Question 20

What is the difference between Misinformation and Disinformation?

Answer 20

Misinformation - False or inaccurate info shared without harmful intent.

Disinformation - Involves the deliberate creation and sharing of false info with the intent to deceive or mislead.

Question 21

What is Diversion Theft?

Answer 21

Involves manipulating a situation or creating a distraction to steal valuable items or info.

Question 22

What are Hoaxes?

Answer 22

Malicious deception that is often spread through social media, email, or other communication channels.

Question 23

What is Shoulder Surfing?

Answer 23

Involves looking over someone’s shoulder to gather personal info

Question 24

What is Dumpster Diving?

Answer 24

Involves searching through trash to find valuable info.

Question 25

What is Eavesdropping?

Answer 25

The process of secretly listening to private conversations.

Question 26

What is Baiting?

Answer 26

Leaving a malware infected physical device, like a USB drive, in a place where it will be found by a victim, who will then hopefully use the device to unknowingly install malware on their organizations computer system.

Question 27

What is the difference between Piggybacking and Tailgating?

Answer 27

Piggybacking - An attacker convincing an authorized employee to let them into the facility by getting the authorized employee to swipe their own access bodge and allow the attacker inside the facility.

Tailgating - Attacker afterpts to follow an employee through an access control vestibule or access control point without their knowledge.