Social Engineering

Question 1

Manipulative strategy exploiting human psychology for unauthorized access to systems, data, or physical spaces

Answer 1

Social Engineering

Question 2

Creating a fabricated scenario to manipulate targets.
Impersonating trusted figures to gain trust

Answer 2

Pretexting

Question 3

Used by Social Engineers
● Familiarity and Likability
● Consensus and Social Proof
● Authority and Intimidation
● Scarcity and Urgency

Answer 3

Motivational Triggers

Question 4

Type of Motivational Trigger where Most people are willing to comply and do what you tell them to do if they believe it is coming from somebody who is in a position of authority to make that request

Answer 4

Authority

Question 5

Type of Motivational Trigger where a Compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly or prioritize certain actions

Answer 5

Urgency

Question 6

Type of Motivational Trigger, a Psychological phenomenon where individuals look to the behaviors and actions of others to determine their own decisions or actions in similar situations

Answer 6

Social Proof

Question 7

Type of Motivational Trigger, a Psychological pressure people feel when they believe a product, opportunity, or resource is limited or in short supply

Answer 7

Scarcity

Question 8

Most people want to interact with people they like, and social engineers realize this.

Answer 8

Likeability

Question 9

Type of Motivational Trigger, where These types of attacks generally are focused on “if you don’t do what I tell you, then this bad thing is going to happen to you”

Answer 9

Fear

Question 10

Attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data

Answer 10

Impersonation

Question 11

More specific form of impersonation where an attacker pretends to
represent a legitimate company or brand

Answer 11

Brand Impersonation

Question 12

Also known as URL hijacking or cybersquatting. A Form of cyber attack where an attacker will register a domain name that
is similar to a popular website but contain some kind of common
typographical errors

Answer 12

Typosquatting

Question 13

Targeted form of cyber attack where attackers compromise a specific
website or service that their target is known to use

Answer 13

Watering Hole Attacks

Question 14

Gives some amount of information that seems true so that the victim will give more information

Answer 14

Pretexting

Question 15

Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information, such as passwords and credit card numbers

Answer 15

Phishing

Question 16

More targeted form of phishing that is used by cybercriminals who are more tightly focused on a specific group of individuals or organizations. Has a higher success rate

Answer 16

Spear Phishing

Question 17

Form of spear phishing that targets high-profile individuals, like CEOs or CFO

Answer 17

Whaling

Question 18

Sophisticated type of phishing attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacker

Taking over a legitimate business email accounts through social
engineering or cyber intrusion techniques to conduct unauthorized fund transfers, redirect payments, or steal sensitive information

Answer 18

Business Email Compromise (BEC)

Question 19

Attacker tricks their victims into sharing personal or financial information over the phone

Answer 19

Vishing (Voice Phishing)

Question 20

Involves the use of text messages to trick individuals into providing their personal information

Answer 20

Smishing (SMS Phishing)

Question 21

Essential user security awareness training tool that can be used to educate individuals about the risks of phishing and how to best identify potential phishing attempts

Answer 21

Anti-Phishing Campaign

Question 22

Urgency, Unusual Requests, Mismatched URLs, Strange EMail Address, Poor Spelling or grammer or examples of…

Answer 22

Key Indicators of Phishing Attacks

Question 23

Wrongful or criminal deception that is intended to result in financial or personal gain for the attacker

Answer 23

Fraud

Question 24

Involves the use of another person’s personal information without their authorization to commit a crime or to deceive or defraud
that other person or some other third party

Answer 24

Identity Fraud and Identity Theft

Question 25

Fraudulent or deceptive act or operation

Answer 25

Scam

Question 26

Coordinated efforts to affect public perception or behavior towards a particular cause, individual, or group.

Are a powerful tool for shaping public opinion and behavior

Foster misinformation and disinformation

Answer 26

Influence Campaign

Question 27

False or inaccurate information shared without harmful intent

Answer 27

Misinformation

Question 28

Involves the deliberate creation and sharing of false information with the intent to deceive or mislead

Answer 28

Disinformation

Question 29

Involves manipulating a situation or creating a distraction to steal
valuable items or information

Answer 29

Diversion Theft

Question 30

Malicious deception that is often spread through social media, email, or other communication channels

Often paired with phishing attacks and impersonation attacks

Answer 30

Hoaxes