Social Engineering Techniques

Question 1

What is Phishing?

Answer 1

Hacker getting user to provide their secure information (usually through fake email links)

Question 2

What is Smishing?

Answer 2

Type of Phishing that uses SMS messages

Question 3

What is Vishing?

Answer 3

Type as Phishing but uses VOICE / VOIP

Question 4

What is Spear Phishing?

Answer 4

Type of phishing where the hacker attacks a specific person/ user

Question 5

What is Whaling?

Answer 5

Type of spear phishing where the hacker goes against a the highest possible target (CEO, CIO, CFO, ect….) to get more sensitive data

Question 6

How do you fight Phishing?

Answer 6

primarily done through user training to identify fake emails and URLs and not to provide any sensitive data

Question 7

What is web ripper?

Answer 7

Software that allows user to download entire websites, usually used by hackers to create phishing websites

Question 8

What is Shoulder Surfing and how do you fight it?

Answer 8

Hacker looking over a users shoulder to steal data. You fight it by user training and providing ways to limit viewing angles (privacy screens)

Question 9

What is dumpster Diving and how do you fight it?

Answer 9

Hackers going through an organizations trash to find sensitive information. You fight it by either the shredding or preferably burning documents.

Question 10

What is the main concept of social engeenering?

Answer 10

To gather data directly from users

Question 11

What different techniques do social engeers employ use to get data out of users

Answer 11

Authority, Intimidation, Consensus, Scarcity, Familiarity, Trust, and Urgency

Question 12

What is Authority relating to Social Engineering?

Answer 12

When a hacker tries to get information out of user by trying to get users to think they have the Authority to get it (EX. Someone pretending to be in IT, HR, or Accounting).

Question 13

What is Intimidation relating to Social Engineering?

Answer 13

When a hacker scares users into giving them data

Question 14

What is Consensus relating to Social Engineering?

Answer 14

When a hacker tries to convince users to give data by using herd mentality

Question 15

What is Scarcity relating to Social Engineering?

Answer 15

When a hacker tries to convince users to give data by saying something is scarce or in limited supply

Question 16

What is Familiarity relating to Social Engineering?

Answer 16

When a hacker tries to convince users to give data by becoming familiar or “friends” with a user

Question 17

What is Trust relating to Social Engineering?

Answer 17

When a hacker builds trust with a user to gather data

Question 18

What is Urgency relating to Social Engineering

Answer 18

When a hacker tries to gather data by creating and or claiming an urgency situations.

Question 19

What is Pharming?

Answer 19

When a hacker redirects web traffic by manipulating DNS server or DNS Cache (Host File)

Question 20

Where is the Location of the Host File?

Answer 20

C:\Windows\System32\Drivers\etc\hosts

Question 21

How do you protect your organization from Pharming?

Answer 21

Fight by securing DNS Server/ Settings and using Anti Malware

Question 22

What is Spam?

Answer 22

unsolicited messages/ emails`

Question 23

How do you fight spam?

Answer 23

fight by only giving your email/ phone number to only repeatable people/ organizations, Use software spam filters such as Barracuda

Question 24

What is SPIM?

Answer 24

Spam that comes over Instant Messenger

Question 25

What percentage of emails is classified as Spam

Answer 25

48% of all email traffic is classified as spam

Question 26

What is Tailgating?

Answer 26

Unauthorized Person/user who follows Authenticated users into secure locations

Question 27

What is Piggy Backing

Answer 27

User holding door for Unauthorized users

Question 28

How do you fight Tailgating/ Piggy backing?

Answer 28

Fight by using Man Traps (Double Door System) and User Training, Some regulations make Man Traps Mandatory

Question 29

What is prepending social engineer attack?

Answer 29

Attacker prepends information to a URL to go to a phishing website. Usually through email links.

Question 30

What is is Identity fraud?

Answer 30

Attacker steals your identity and pretends to be you and uses your identity

Question 31

How do you fight identity theft?

Answer 31

Fight by monitoring credit score, and not giving out personal information

Question 32

What is an invoice Scam?

Answer 32

When attackers send fake invoices to companies trying to collect

Question 33

How do you fight invoice scams?

Answer 33

Keeping track of bills and vendors

Question 34

What is Credential Harvesting?

Answer 34

Large scale phishing for passwords

Question 35

What is Reconasince

Answer 35

when an attacker researches a company (usually for spear phishing)

Question 36

What is a Hoax engineer attack?

Answer 36

When an attacker wants you to believe something is happening that is not (fraud)

Question 37

What is Impersonation

Answer 37

When an attacker pretends to be someone within the company. Usually coincides with Reconnaissance

Question 38

What is a watering hole attack?

Answer 38

Attacker will injects code in websites or applications that your company/ organization uses.

Question 39

How do you fight Watering Hole Attacks?

Answer 39

User training to identify legit sites

Question 40

What is Typo Squatting Attacks?

Answer 40

It is when an attacker registers domain names with similar names as other sites (IE gooogle.com, Yaho.com)

Question 41

How do you protect customers from possible squatting attacks?

Answer 41

you can fight my registering domain names similar to your company domain

Question 42

What is Pretexting?

Answer 42

When attackers use lying to accomplish a social engineer attack

Question 43

What is an influence campaign?

Answer 43

influence a group of people, usually done through social media

Question 44

What is Hybrid Warfare?

Answer 44

it is an influence campaign that is used in Warfare.