1.1 Social Engineering Techniques

Question 1

What is it called when somebody attains a password or sensitive information by discretely observing it being entered, often using phone cameras, binoculars, or a telescope?

Answer 1

Shoulder Surfing

Question 2

Phishing that uses phone calls as a vector

Answer 2

Vishing

Question 3

This tactic involves spoofing an ip or MAC address, masquerading as a legitimate entity, or spoofing phone, email, and SMS communication in order to attain information

Answer 3

Impersonation

Question 4

This form of warfare involves traditional forms of warfare as well as the incorporation of the cyber realm in a non-traditional way.

Answer 4

Hybrid Warfare

Question 5

What is it called when spam is carried out over an instant messenger service?

Answer 5

SPIM

Question 6

Phishing targeting an important figure or C-Team person in an organization

Answer 6

Whaling

Question 7

This type of attack uses DNS poisoning to redirect web traffic to a spoofed website in order to install malware

Answer 7

Pharming

Question 8

This attack type often targets companies who outsource, perform wire xfers, or use suppliers from abroad by creating phony invoices, using C-Team fraud, compromising their email accounts, or impersonating an attorney or trusted person.

Answer 8

Business email compromise (BEC)

Question 9

What kind of information can be attained from Dumpster Diving?

Answer 9

Credit card info
Receipts
IP Address Lists
Important Names
Addresses

Question 10

What is the goal of an attacker who uses impersonation to gather data an a person in order to attempt further cyber attacks?

Answer 10

Eliciting Information

Question 11

Phishing that uses SMS as a vector

Answer 11

Smishing

Question 12

What is the best way to mitigate and prevent Social Engineering attacks?

Answer 12

Proper employee training and awareness

Question 13

What is a web server called that has been compromised and is being used to target web traffic in order to deploy malware or collect data?

Answer 13

Watering Hole

Question 14

This type of attack involves somebody closely following an authorized person into a physical area secured by a badge reader or keypad

Answer 14

Tailgating

Question 15

This type of campaign, also known as a misinformation operation, involves collecting tactical information, determining key stakeholders, and launching propaganda campaigns, often to gain a competitive advantage

Answer 15

Influence Campaigns

Question 16

What kind of information will an attacker gather when performing reconnaisance for a phishing attack?

Answer 16

Workplace

Bank info

Financial Transactions

Family and friends

Question 17

What do you call a threat that doesn’t actually exist but could be elicited as being true, resulting the in the waste of organization resources and time?

Answer 17

Hoax

Question 18

Phishing that targets a specific person or group of people within an organization

Answer 18

Spear Phishing

Question 19

What are some of the biggest reasons that social engineering is an effective attack vector?

Answer 19

Lack of initial and continual employee training
Weak or out-of-date AUPs
Poor perimeter controls

Question 20

A user types www.gooogle.com into their address bar and get redirected to a malicious website that freezes up their browser and warns that their computer has been infected. What type of attack is this?

Answer 20

Typosquatting
URL Hijacking
Sting Site
Fake URL

Question 21

Unsolicited email, Trackback, negative SEO attacks, spiders, and malware warnings are all categories of what type of attack?

Answer 21

Spam

Question 22

This type of scam involves a false email from a seemingly reputable entity or a high-level manager requesting a payment and may even include a link to a “pay” website.

Answer 22

Invoice Scam