Social Engineering

Question 1

Phishing

Answer 1

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in a digital communication.

Question 2

Smishing

Answer 2

SMS phishing

Question 3

Vishing

Answer 3

Vishing is a social engineering attack that attempts to trick victims into giving up sensitive information over the phone.

Question 4

Spear phishing

Answer 4

Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons.

Question 5

Whaling

Answer 5

A whaling attack is a method used by cybercriminals to masquerade as a senior player at an organization and directly target senior or other important individuals at an organization, with the aim of stealing money or sensitive information or gaining access to their computer systems for criminal purposes.

Question 6

Dumpster diving

Answer 6

Dumpster Diving is investigating a person or business’s trash to find information that can be used to attack a computer network. Dumpster divers locate financial statements, government records, medical bills, résumés, and the like simply through exploring the victim’s rubbish.

Question 7

Shoulder surfing

Answer 7

Shoulder surfing occurs when someone watches over your shoulder to nab valuable information such as your password, ATM PIN, or credit card number, as you key it into an electronic device.

Question 8

Social Engineering

Answer 8

Authority, Intimidation, Consensus, Scarcity, Familiarity, Trust, Urgency

Question 9

Pharming

Answer 9

Pharming is a cyberattack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.

ipconfig /displaydns
C:\Windows\System32\drivers\etc\hosts

Question 10

Spam

Answer 10

Spam email is unsolicited and unwanted junk email sent out in bulk to an indiscriminate recipient list. Typically, spam is sent for commercial purposes. It can be sent in massive volume by botnets, networks of infected computers.

Question 11

Spim

Answer 11

Spam over internet messengers

Question 12

Tailgating, Piggybacking

Answer 12

In these types of attacks, someone without the proper authentication follows an authenticated employee into a restricted area. The attacker might impersonate a delivery driver and wait outside a building to get things started.

Question 13

Man traps

Answer 13

A mantrap, air lock, sally port or access control vestibule is a physical security access control system comprising a small space with two sets of interlocking doors, such that the first set of doors must close before the second set opens.

Question 14

Prepending attack

Answer 14

Adding and extension or phrase to email header to fool user, adding information to manipulate user, suggesting topics via conversation to try to get information.

Question 15

Identity Fraud

Answer 15

When a stolen identity is used, identity theft.

Question 16

Invoice Scams

Answer 16

Companies look legitimate and try to get you to pay fake invoices.

Question 17

Credential / Password Harvesting

Answer 17

Credential harvesting, also known as password harvesting, is the process of gathering valid usernames, passwords, private emails, and email addresses through infrastructure breaches.

Question 18

Reconnaissance

Answer 18

Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities. … In a computer security context, reconnaissance is usually a preliminary step toward a further attack seeking to exploit the target system.

Question 19

Hoax

Answer 19

A fraud.

Question 20

Impersonnation

Answer 20

An impersonation attack is a form of fraud in which attackers pose as a known or trusted person to dupe an employee into transferring money to a fraudulent account, sharing sensitive information (such as intellectual property, financial data or payroll information), or revealing login credentials that attackers can used to hack into a company’s computer network.

Question 21

Watering Hole Attack

Answer 21

A watering hole attack is a targeted attack designed to compromise users within a specific industry or group of users by infecting websites they typically visit and luring them to a malicious site. The end goal is to infect the users computer and gain access to the organizations network.

Question 22

Typo Squatting

Answer 22

Typosquatting, also known as URL hijacking, is a form of cybersquatting (sitting on sites under someone else’s brand or copyright) that targets Internet users who incorrectly type a website address into their web browser (e.g., “Gooogle.com” instead of “Google.com”).

Question 23

Pretexting

Answer 23

Pretexting is form of social engineering in which an attacker tries to convince a victim to give up valuable information or access to a service or system. The distinguishing feature of this kind of attack is that the scam artists comes up with a story — or pretext — in order to fool the victim.

Question 24

Influence Campaign

Answer 24

Traditionally focused on social media and other online centric mediums to turn public opinion in the direction of their choosing; part of hybrid warfare.