Social Engineering Techniques

Question 1

Phishing

Answer 1

social engineering technique where attacker tricks user into responding to something (ex. email) to instance a malware-based attack

Question 2

Smishing

Answer 2

phishing via text message

Question 3

Vishing

Answer 3

phishing via phone calls

Question 4

Spam

Answer 4

unwanted and unsolicited digital mail sent out in bulk

Question 5

Spim

Answer 5

spam over instant messaging

Question 6

Spear Phishing

Answer 6

targeted phishing

Question 7

Dumpster Diving

Answer 7

act of going through the garbage at an organization in order to find sensitive information that could possibly compromise a network and its resources

Question 8

Shoulder Surfing

Answer 8

act of looking over a persons shoulder to gather sensitive information from an individuals device/desk (can include looking through windows w/ binoculars)

Question 9

Pharming

Answer 9

the use of malicious code to direct victims to spoofed websites in an attempt to steal their credentials and data

Question 10

Tailgating

Answer 10

following closely behind someone to gain unauthorized access to a physical building or location

Question 11

Eliciting Information

Answer 11

the act of casual conversation to extract information from a victim w/out giving the impression that they are being interrogated

Question 12

Whaling

Answer 12

targeting a higher up w/ a phishing attack (ex. CEO)

Question 13

Prepending

Answer 13

?

Question 14

Identity Fraud

Answer 14

the act of stealing someones identity and pretending to be them

Question 15

Invoice Scams

Answer 15

scams over the phone that attempt to gain sensitive/personal information

Question 16

Credential Harvesting

Answer 16

act of stealing or obtaining a persons login information (credentials) to attack a system

Question 17

Reconnaissance

Answer 17

act of gathering information about an intended victim/target to prepare for an attack

Question 18

Hoax

Answer 18

faking an event or alert in order to obtain information from a target victim

Question 19

Impersonation

Answer 19

pretending to be someone else in order to obtain sensitive/personal information from someone

Question 20

Watering Hole Attack

Answer 20

infecting a website w/ malware that users usually trust and use (specifically, one an organization may use)

Question 21

Typosquatting (URL Hijacking)

Answer 21

act of using purposely misspelled domains (ones that are commonly misspelled) for malicious purposes (ex. gooogle.com or favebook.com)

Question 22

Pretexting

Answer 22

?

Question 23

Influence campaigns and the two types

Answer 23

large scale campaigns that attempt to shift public opinion (hybrid warfare and social media)

Question 24

Hybrid warfare

Answer 24

influence campaign that…

Question 25

Social media

Answer 25

influence campaign that…

Question 26

Principles and the seven types

Answer 26

reasons for attack effectiveness. Authority, intimidation, consensus, scarcity, familiarity, trust, urgency.

Question 27

Authority

Answer 27

(principle) pretending to be someone in power to pressure a response or action from a victim (ex. CEO)

Question 28

Intimidation

Answer 28

(principle) threatening or blackmailing someone into giving up information

Question 29

Consensus

Answer 29

(principle) when an attackers claims that an action is normal or generally accepted

Question 30

Scarcity

Answer 30

(principle) focuses on the fact that people are more likely to find value in things that are less available

Question 31

Familiarity

Answer 31

(principle) creating a sense of familiarity w/ a user to take advantage of them

Question 32

Trust

Answer 32

(principle) creating a bond to gain the users trust in order to take advantage of them

Question 33

Urgency

Answer 33

(principle) claiming that something is urgent and that the intended target needs to “act fast” to pressure them to perform an action