Social Engineering Techniques

Question 1

Which of the following social engineering techniques has less of a chance of arousing suspicion and getting caught? (Select all that apply.)

Authority; Intimidation; Familiarity; Liking

Answer 1

Familiarity and Liking

Question 2

A user contacted customer support via the company’s WhatsApp link on a website. A few days later, the user received a lot of advertisements from outside of the country, using the same messaging service. Which of the following best describes the type of attack the user is experiencing?

SPIM; Whaling; Spear phishing; Spam

Answer 2

SPIM

SPIM is spam (or mass unsolicited messages) but over instant messaging or Internet messaging services, such as WhatsApp, Facebook Messenger, Skype, or Telegram.

Question 3

What is a Pharming attack?

Answer 3

A user visits the company web page but is redirected to the attacker’s fake website.

Question 4

If an attacker purchases a fake domain that has a similar name of a real domain, and then uses the fake domain to send the legitimate company forged notices by email, which of the following attacks did the malicious user perform?

Domain hijacking; Kiting; Tasting; Typosquatting

Answer 4

Typosquatting

Typosquatting relies on users navigating to misspelled domains. An attacker registers a domain name with a common misspelling of an existing domain. Users who misspell a URL in the web browser arrive at the attacker’s website.

Question 5

____ is a type of hijacking attack where the attacker steals a domain name by altering its registration information and then transferring the domain name to another entity

Answer 5

Domain hijacking

Question 6

____ is the act of continually registering, deleting, and reregistering a name within the five-day grace period without having to pay for it.

Answer 6

Kiting

Question 7

_____ is a Domain Name Server (DNS) exploit that involves registering a domain temporarily to see how many hits it generates within the five-day grace period.

Answer 7

Tasting

Question 8

_______ refers to stealing a password or PIN (or other secure information) by watching the user type it, either in close proximity or remotely.

Answer 8

Shoulder surfing

Question 9

If a user leaves a workstation unattended while logged on, an attacker can physically gain access to the system (often described as a _____

Answer 9

lunchtime attack

Question 10

A ______ relies on the circumstance that a group of targets may use an unsecure third-party website, which the attacker has compromised.

Answer 10

watering hole attack

Question 11

______ is a passive means of redirecting users from a legitimate website to a malicious one by corrupting the way the victim’s computer performs Internet name resolution.

Answer 11

Pharming

Question 12

____ is spam (or mass unsolicited messages) but over instant messaging or Internet messaging services, such as WhatsApp, Facebook Messenger, Skype, or Telegram.

Answer 12

SPIM