Social Engineering Flashcards

1
Q

What is the first type of motivational trigger used by social engineers?

A

Authority

Most people comply with requests from those they perceive as authority figures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does the urgency trigger in social engineering refer to?

A

A compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly

This trigger causes people to prioritize certain actions due to perceived time constraints.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define social proof in the context of social engineering.

A

A psychological phenomenon where individuals look to the behaviors and actions of others to determine their own decisions

This often occurs in situations where individuals are uncertain about how to act.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What psychological pressure is associated with the scarcity trigger?

A

The feeling that a product, opportunity, or resource is limited or in short supply

This trigger can lead individuals to act quickly to secure what they perceive as scarce.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How does likability function as a motivational trigger in social engineering?

A

Most people want to interact with people they like

Social engineers may leverage sexual attraction, pretend to be a friend, or highlight common interests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the focus of fear as a motivational trigger in social engineering attacks?

A

Threatening individuals with negative consequences if they do not comply

This approach often includes warnings of bad things happening if instructions are not followed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is impersonation in the context of cyber attacks?

A

An attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data

Attackers collect information about the organization to earn the trust of their targeted users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is required for an impersonation attack to be effective?

A

The attacker must collect information about the organization to earn the trust of targeted users

Attackers provide details to make their lies and impersonation more believable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define brand impersonation.

A

A specific form of impersonation where an attacker pretends to represent a legitimate company or brand

Attackers use the brand’s logos, language, and information to create deceptive communications or websites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is typosquatting?

A

A form of cyber attack where an attacker registers a domain name similar to a popular website but with common typographical errors

Also known as URL hijacking or cybersquatting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Explain what a watering hole attack is.

A

A targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use

The term is a metaphor for a naturally occurring phenomenon, where the ‘watering hole’ is usually a trusted website or online service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

True or False: Typosquatting is also referred to as brand impersonation.

A

False

Typosquatting is also known as URL hijacking or cybersquatting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Fill in the blank: _______ is a form of impersonation where an attacker pretends to represent a legitimate company.

A

[brand impersonation]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

List the four main forms of impersonation used by attackers.

A
  • Impersonation
  • Brand Impersonation
  • Typosquatting
  • Watering Hole Attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is pretexting?

A

Gives some amount of information that seems true so that the victim will give more information

Pretexting is often used in social engineering attacks to manipulate individuals into divulging confidential information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is phishing?

A

Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information, such as passwords and credit card numbers

Phishing is one of the most common cyber attack methods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is spear phishing?

A

More targeted form of phishing that is used by cybercriminals who are more tightly focused on a specific group of individuals or organizations

Spear phishing typically has a higher success rate compared to general phishing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is whaling in the context of phishing attacks?

A

Form of spear phishing that targets high-profile individuals, like CEOs or CFOs

Whaling is aimed at obtaining sensitive information from key decision-makers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the primary goal of whaling attacks?

A

To compromise an executive’s account for subsequent attacks within their organization

The rewards for successful whaling can be significantly higher due to the access gained.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is Business Email Compromise (BEC)?

A

Sophisticated type of phishing attack that usually targets businesses by using one of their internal email accounts to get other employees to perform malicious actions

BEC attacks often exploit trust within the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is vishing?

A

Attacker tricks their victims into sharing personal or financial information over the phone

Vishing is a form of social engineering that exploits human psychology.

22
Q

What is smishing?

A

Involves the use of text messages to trick individuals into providing their personal information

Smishing combines SMS technology with phishing tactics.

23
Q

What is an Anti-phishing Campaign?

A

An essential user security awareness training tool to educate individuals about phishing risks and identifying potential phishing attempts

This campaign is designed to improve user awareness and reduce the likelihood of falling victim to actual phishing attacks.

24
Q

What should an Anti-phishing Campaign offer to users who fell victim to simulated phishing emails?

A

Remedial training

This training aims to reinforce learning and help users recognize and avoid real phishing attempts in the future.

25
Q

What is a common indicator of phishing attacks that involves time sensitivity?

A

Urgency

Phishing attacks often create a sense of urgency to trick victims into acting quickly.

26
Q

What type of request is commonly associated with phishing attacks?

A

Unusual Requests

Phishing attempts frequently involve requests that are not typical for the recipient.

27
Q

What is a key indicator of phishing that involves discrepancies in web addresses?

A

Mismatched URLs

Phishing emails may contain URLs that do not match the legitimate website addresses.

28
Q

What type of email addresses are often found in phishing attempts?

A

Strange Email Addresses

Phishing emails may originate from addresses that appear suspicious or unfamiliar.

29
Q

What is a common language issue found in phishing emails?

A

Poor Spelling or Grammar

Many phishing attempts are characterized by noticeable spelling and grammatical errors.

30
Q

What is the primary focus of mitigation in cybersecurity?

A

To reduce the impact of potential threats and attacks

Mitigation strategies involve various actions to minimize risks.

31
Q

What is a key action to take when encountering suspicious messages?

A

Report suspicious messages to protect your organization from potential phishing attacks

Reporting helps in early detection and prevention of phishing attacks.

32
Q

What should organizations do after analyzing a phishing threat?

A

Inform all users about the threat

User awareness is crucial for preventing further incidents.

33
Q

What action should be taken if a phishing email was opened?

A

Conduct a quick investigation and triage the user’s system

This helps in identifying and mitigating any potential damage.

34
Q

What should an organization do after a successful phishing attack?

A

Revise its security measures

Continuous improvement in security protocols is essential for preventing future attacks.

35
Q

Fill in the blank: To protect against phishing, organizations should _______ suspicious messages.

A

report

Reporting is a proactive measure against phishing threats.

36
Q

True or False: Informing users about phishing threats is unnecessary if an attack has occurred.

A

False

User education is vital in preventing future incidents.

37
Q

What is identity fraud?

A

In identity fraud, the attacker takes the victim’s credit card number and charges items to the card

Identity fraud specifically involves financial transactions using stolen credit card information.

38
Q

What is identity theft?

A

In identity theft, the attacker tries to fully assume the identity of their victim

Identity theft can involve various forms of identity misrepresentation beyond financial fraud.

39
Q

Define scams.

A

Fraudulent or deceptive act or operation

Scams can take many forms, including phishing, Ponzi schemes, and more.

40
Q

What are influence campaigns?

A

Coordinated efforts to affect public perception or behavior towards a particular cause, individual, or group

Influence campaigns can utilize various media platforms to reach their audience.

41
Q

What is the purpose of influence campaigns?

A

They are a powerful tool for shaping public opinion and behavior

Influence campaigns can be used for political, social, or commercial purposes.

42
Q

What do influence campaigns foster?

A

Misinformation and disinformation

These campaigns can lead to confusion and misinformed public discourse.

43
Q

Define misinformation.

A

False or inaccurate information shared without harmful intent

Misinformation can spread unintentionally, often through social media.

44
Q

Define disinformation.

A

Involves the deliberate creation and sharing of false information with the intent to deceive or mislead

Disinformation is often used in propaganda and strategic communication.

45
Q

What is diversion theft?

A

Involves manipulating a situation or creating a distraction to steal valuable items or information

This technique often relies on misdirection to facilitate theft.

46
Q

Define hoaxes in the context of cybersecurity.

A

Malicious deception that is often spread through social media, email, or other communication channels

Hoaxes can lead to misinformation and potential security breaches.

47
Q

What is shoulder surfing?

A

Involves looking over someone’s shoulder to gather personal information

This technique is commonly used in public spaces to obtain sensitive data.

48
Q

Describe dumpster diving.

A

Involves searching through trash to find valuable information

This practice can uncover sensitive documents, personal data, and other confidential materials.

49
Q

What does eavesdropping entail?

A

Involves the process of secretly listening to private conversations

Eavesdropping can occur through various means, including electronic devices.

50
Q

What is baiting in cybersecurity?

A

Involves leaving a malware-infected physical device, like a USB drive, in a place where it will be found by a victim

The victim may unknowingly install malware on their organization’s computer system by using the device.