Threats, Attacks and Vulnerabilities - Common Attack Types

Question 1

A form of spear phishing that attempts to target high-level executives.

Answer 1

Whaling

Question 2

A phishing attack that attempts to target specific groups of users, or even a single user.

Answer 2

Spear phishing

Question 3

The practice of sending email to users with the purpose of tricking them into revealing personal information or clicking on a link.

Answer 3

Phishing

Question 4

A Trojan that masquerades as a free antivirus program.

Answer 4

Rogueware (or scareware)

Question 5

The practice of using social tactics to trick users into giving up information or performing actions they wouldn’t normally take.

Answer 5

Social Engineering

Question 6

A social engineering tactic whose goal is to convince an authorised user to provide some information or help the attacker defeat a security control.

Answer 6

Impersonation

Question 7

Looking over the shoulder of someone to gain information.

Answer 7

Shoulder surfing

Question 8

A message, often circulated through email, that tells of impending doom from a virus or other security threat that simply doesn’t exist.

Answer 8

Hoax

Question 9

The practice of one person following closely behind another without showing credentials.

Answer 9

Tailgating

Question 10

An effective tactic used to prevent tailgating.

Answer 10

Mantrap

Question 11

The practice of searching through trash or recycling containers to gain information from discarded documents.

Answer 11

Dumpster diving

Question 12

A type of attack used to discover which web sites a group of people are likely to visit and then infects those web sites with malware that can infect the visitors.

Answer 12

Watering hole attacks

Question 13

Unwanted or unsolicited email.

Answer 13

Spam

Question 14

The use of a phone system to trick users into giving up personal and financial information.

Answer 14

Vishing