Social Engineering

Question 1

What is a manipulative strategy that exploits human psychology to gain unauthorized access to systems, data, or physical spaces

Answer 1

Social Engineering

Question 2

What is the best defense to help with Social Engineering?

Answer 2

Provide security awareness training to the users.

Question 3

What are some motivational triggers for social engineering:

Answer 3

Familiarity and likability
Consensus and Social Proof
Authority and information
Scarcity and Urgency

Question 4

What are 4 of the most used social engineering techniques used by attackers:

Answer 4

Impersonation - assume identity of another individual
Brand Impersonation - imitating a company or brand
Typo Squatting - create and faking a website name - url
Watering Hole Attacks - where a website or service is compromised that their target attack is known to use.

Question 5

Another way Social Engineers try to attack is using________ like as a Bank official, IT Support, and Law Enforcement calling and then asking for them to give like printer info and IP address info.

Answer 5

Pre-Texting

Question 6

What are some of the types of phishing attacks that Social Engineers use:

Answer 6

Phishing - like spray and pray approach
Vishing
Smishing
Spear Phishing - target users
Whaling
Business Email Compromise

Question 7

Manipulating a situation or creating a distraction to steal valuable items or information is known as__________ _______ attack. An example would be utilizing a DNS spoofing attack that redirects you to a fake website.

Answer 7

Diversion Theft

Question 8

A Malicious deception that is often spread through social media, email, or other communication channels. they are often paired with phishing and impersonation attacks.

Answer 8

Hoaxes

Question 9

Looking over someone’s shoulder to gather personal information, you can actually use high-powered cameras or closed-circuit television cameras, is known as:

Answer 9

Shoulder Surfing

Question 10

Searching through trash trying to find personal information, or if an attacker is able to access your computer and can see your “Trash”folder these attacks are called virtual or digital ___________ _____________.

Answer 10

Dumpster Diving

Question 11

The process of secretly listening to private messages, like when you’re on the phone or conference call. Maybe wire tapping, or intercepting network traffic. they could take the form of an adversary in the middle or on-path attack. The perp intercepts the communication without the parties knowing.

Answer 11

Eavesdropping

Question 12

Planting a malware-infected device for a victim to find and unintentionally introduce malware to their org’s system. like leaving a USB drive left somewhere that someone picks up and pops it in their computer.

Answer 12

Baiting

Question 13

this is when an attacker tricks and authorized employee into using their access badge to grant them entry into the facility because they supposedly lost or left their badge somewhere.

Answer 13

Piggybacking

Question 14

this is when an attacker attempts to follow an an employee through something like a turnstile, control vestibule or some type of access point without that person knowing.

Answer 14

Tailgating

Question 15

Six types of motivational triggers are:

Answer 15

Authority - Like claiming to be the IRS
urgency - pushing so you will ignore normal sec procedures
social proof - getting likes on your website so people trust
scarcity - making you believe time is limited / short supply.
likability - trying to be accepted / liked by others
Fear - making you afraid of someone, dangerous, painful

Question 16

This Type of Phishing is used by Cybercriminals who are more tightly focused on a specific group of individuals or organizations that has a higher success rate at deceiving people

Answer 16

Spear Phishing

Question 17

this is a form of Spear fishing that targets high-profile individuals, like CEO’s or CFO’s

Answer 17

Whaling

Question 18

this is an advanced phishing attack that leverages internal email accounts within a company to manipulate employees into carrying out malicious actions for the attacker

Answer 18

Business Email Compromise ( BEC )

Question 19

what is a phone based attack in which the attacker deceives victims into divulging personal or financial information

Answer 19

Vishing ( voice Phishing )

Question 20

what is a type of attack that uses text messages to deceive individuals into sharing their personal information

Answer 20

Smishing ( SMS Phishing )

Question 21

What is a vital tool called that is used for educating individuals about phishing risks and how to recognize potential phishing attempts in user security awareness training? they also offer remedial training for users who fell victim to simulated phishing emails

Answer 21

Anti-phishing Campaign

Question 22

some common characteristics of phishing emails include:

Answer 22

Generic Greetings
Spelling and grammar mistakes
spoofed email addresses

Question 23

What is the name of a free program that creates a fake phishing campaign by Trend Micro:

Answer 23

Phish Insight

Question 24

What is the wrongful or criminal deception intended to result in financial or personal gain or steal from you called:

Answer 24

Fraud

Question 25

What is the use by one person of another person’s personal information, without authorization, to commit a crime or to deceive or defraud that other person or a third person called? Like trying to get your birthdate, credit card info, or SS number. Example would be: An attacker takes the victims credit card number and makes charges on it.

Answer 25

Identity fraud

Question 26

What is it called when an attacker tries to fully assume the identity of their victim?

Answer 26

Identity theft

Question 27

What is a scam called in which a person is tricked into paying for a fake invoice for a service or product that they did not order

Answer 27

Invoice Scam

Question 28

When an invoice scam sent directly to an organization this can be considered:

Answer 28

spear Phishing

Question 29

In Cybersecurity, the main focus is on _________ __________ campaigns by high-level actors such as nation-states and hacktivists.

Answer 29

malicious influence

Question 30

Inaccurate information shared unintentionally is known as:

Answer 30

Misinformation

Question 31

The Intentional spread of false information to deceive or mislead someone is known as:

Answer 31

Disinformation

Question 32

Some _______ campaigns can also serve an attackers financial interests.

Answer 32

influence