Social Engineering

Question 1

What is Social Engineering?

Answer 1

The manipulative tactics an attacker uses that exploits human psychology in order to gain access into a physical area, system, or access to data.

Question 2

What are Motivational Triggers?

Answer 2

The various was an attacker can play on a victim’s psyche.

Question 3

What are the 6 Motivational Triggers?

Answer 3

1. Authority: The power or right to give orders, make decisions, and enforce obedience
2. Urgency: Time sensitivity that drives uses to make poor decisions
3. Social Proof: The mentality of following the herd.
4. Scarcity: Fear of missing out
5. Likeability: People are much more susceptible to threats from people they few favorably
6. Fear: Intimidation

Question 4

What is Impersonation?

Answer 4

To masquerade as someone else.

Question 5

What are the 4 main forms of Impersonation

Answer 5

1. Impersonation: An attacker assumes the identity of someone else to gain access to data and systems.
2. Brand Impersonation: An attack presents themselves as the representative of some reputable brand.
3. Typosquatting: An attacker registers many domain names to capitalize on people misspelling urls they search for
4. Watering Hole Attacks: Targeted form of attack where attackers compromise a specific website or service their target is known to use.

Question 6

What is Pretexting?

Answer 6

A form of social engineering attack that involves a situation, pretext, created by an attacker in order to lure a victim into divulging valuable information.

Question 7

What are phishing attacks?

Answer 7

An attack vector that comes in many forms. The general idea is that a massive number of messages are sent over a medium to get a victim to supply sensitive information.

Question 8

What are the 6 types of phishing attacks?

Answer 8

1. Phishing
2. Vishing
3. Smishing
4. Whaling
5. Spear Phishing
6. Business Email Compromise(BEC)

Question 9

What is vishing?

Answer 9

A phishing attack carried out over VOIP or phone

Question 10

What is Smishing?

Answer 10

A phishing attack carried out over messaging ie IM, texting, social media messages, etc

Question 11

What is Whaling?

Answer 11

A type of phishing attack that focuses on a large target for a bigger payout. Targets like CEO, CFO, Vice Presidents, etc

Question 12

What is Spear Phishing?

Answer 12

A targeted phishing campaign. Instead of attacking everyone under the sun, an attacker focuses on a smaller demographic.

Question 13

What is Business Email Compromise?

Answer 13

Advanced form of phishing attack that leverages internal email accounts to manipulate employees into carrying out malicious actions for the attacker.

Question 14

What is an anti phishing campaign?

Answer 14

A means of preventing phishing attacks. This is a tool used to carry out fake phishing attack campaigns to identify those in an organization vulnerable to phishing attacks and supply training to rectify the gap in security.

Question 15

What are ways to identify a phishing attack?

Answer 15

• Urgency
• Unusual Requests
• Mismatched URLs
• Strange Email Addresses
• Poor grammar or spelling

Question 16

What is Fraud?

Answer 16

Wrongful or criminal deception intended to result in financial or personal gain.

Question 17

What is a Scam?

Answer 17

A fraudulent or deceptive act or operation.

Question 18

What is an Influence Campaign?

Answer 18

A powerful tool for shaping public opinion and behavior. These campaigns can foster misinformation and disinformation.

Question 19

What is misinformation?

Answer 19

The unintentional spreading of false information

Question 20

What is disinformation?

Answer 20

The intentional spreading of false information to deceive or mislead

Question 21

What are some social engineering attacks?

Answer 21

• Diversion theft
• Hoaxes
• Shoulder surfing
• Dumpster Diving
• Eavesdropping
• Baiting
• Piggybacking/Tailgating

Question 22

What is the difference between piggybacking and tailgating?

Answer 22

Piggyback is when someone willing let’s an unauthorized person into an area. Tailgating is when an unauthorized person follows behind an unaware person to gain access to an area.

Question 23

What is Diversion Theft?

Answer 23

Manipulating a situation or creating a distraction to steal data or gain unauthorized access to an area

Question 24

What is a hoax?

Answer 24

Malicious deception that is often spread through social media, email, and/or other forms of communication

Question 25

What is baiting?

Answer 25

Where an attacker lures a victim in with an enticing offer, and installs some form of malware on to their system in the end.