Social Engineering Flashcards

1
Q

What is social engineering?

A

Manipulative strategy exploiting human psychology for unauthorized access to systems, data, or physical spaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

6 Types of Motivational Triggers

A

Authority
Urgency
Social proof
Scarcity
Likability
Fear

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

4 Main forms of Impersonation

A

Impersonation
Brand Impersonation
Typosquatting
Watering Hole Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Impersonation?

How to mitigate it?

A

An attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data.

Providing security awareness training to their employees on a regular basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Brand Impersonation?

How to protect against it?

A

A more specific form of Impersonation where an attacker pretends to represent a legitimate company or brand.

  • Educate their users
  • Use secure email gateways to filter phishing emails
  • Monitor their brand’s online presence to detect any fraudulent activities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Typosquatting?

How to combat it?

A

Also known as URL Hijacking or cybersquatting

A form of cyber attack where an attacker will register a domain name that is similar to a popular website but contain some kind of typographical errors.

  1. Register common misspellings of their own domain names
  2. Use services that monitor for similar domain registrations
  3. Conduct user security awareness training .
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are Watering Hole Attacks?

How to mitigate them?

A

Targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use.

  1. Keep systems and software updated.
  2. Use threat intelligence services to stay informed.
  3. Employ advanced malware detection and prevention tools.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Pretexting?

How to mitigate it?

A

Gives some amount of info that seems true so that the victim will give more info.

Employee training not to fall for pretext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the 6 types of Phising Attacks?

A

Phising
Spear Phising
Whaling
Business Email Compromise (BEC)
Vishing
Smishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Phishing?

A

Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal info , such as passwords and credit card numbers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Spear Phising?

A

Phishing focused on a specific group of individuals or organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Whaling?

A

Spear Phishing that targets high-profile individuals i.e. CEOs or CFOs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Business Email Compromise (BEC)?

A

Phishing Attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Vishing?

A

Attacker tricks their victims into sharing personal or financial info over the phone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Smishing?

A

Using text messaging to trick individuals into providing their personal info.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are some key indicators associated with phising attacks?

A

Urgency
Unusual Requests
Mismatched URLs
Strange Email Addresses
Poor Spelling or Grammer

17
Q

What is the difference between Identity Fraud and Identity Theft?

A

Identity Fraud - attacker takes the victims credit card number and makes charges.

Identity Theft - attacker tries to fully assume the identity of their victim.

18
Q

What is an invoice scam?

A

In which o person is tricked into paying for a fake invoice for a product or service that they did not order

19
Q

What are influence campaigns?

A

Coordinated efforts to effect public perception or behavior towards a particular cause, individual, or group

20
Q

What is the difference between Misinformation and Disinformation?

A

Misinformation - False or inaccurate info shared without harmful intent.

Disinformation - Involves the deliberate creation and sharing of false info with the intent to deceive or mislead.

21
Q

What is Diversion Theft?

A

Involves manipulating a situation or creating a distraction to steal valuable items or info.

22
Q

What are Hoaxes?

A

Malicious deception that is often spread through social media, email, or other communication channels.

23
Q

What is Shoulder Surfing?

A

Involves looking over someone’s shoulder to gather personal info

24
Q

What is Dumpster Diving?

A

Involves searching through trash to find valuable info.

25
Q

What is Eavesdropping?

A

The process of secretly listening to private conversations.

26
Q

What is Baiting?

A

Leaving a malware infected physical device, like a USB drive, in a place where it will be found by a victim, who will then hopefully use the device to unknowingly install malware on their organizations computer system.

27
Q

What is the difference between Piggybacking and Tailgating?

A

Piggybacking - An attacker convincing an authorized employee to let them into the facility by getting the authorized employee to swipe their own access bodge and allow the attacker inside the facility.

Tailgating - Attacker afterpts to follow an employee through an access control vestibule or access control point without their knowledge.