1.1 Compare and contrast different types of social engineering techniques

Question 1

Social Engineering

Answer 1

The attempt to use psychological methods to manipulate individuals into providing their personal information or gaining access to systems.

Question 2

Phishing

Answer 2

The attempt to obtain personal information by pretending to be a trustworthy entity.

Question 3

Smishing

Answer 3

Also known as SMS phishing, it is the use of phishing methods through text messaging.

Question 4

Vishing

Answer 4

Also known as voice phishing, it is the use of phishing methods through the telephone.

Question 5

SPAM

Answer 5

Irrelevant or unsolicited messages sent to a large number of internet users.

Question 6

Spam over Internet Messaging (SPIM)

Answer 6

The delivery of spam through the use of instant messaging instead of through email

Question 7

Spear Phishing

Answer 7

A targeted version of phishing. It goes after a specific individual or group.

Question 8

Dumpster Diving

Answer 8

The attempt to extract sensitive information, such as discarded equipment and documents by searching from the garbage.

Question 9

Shoulder Surfing

Answer 9

Involves looking over someone’s shoulder to obtain information.

Question 10

Pharming

Answer 10

Does not require the user to be tricked into clicking a link. Instead, it redirects victims from a legitimate site to a fake website.

Question 11

Tailgating

Answer 11

It involves piggybacking or following closely behind someone who has authorized physical access in an environment

Question 12

Eliciting Information

Answer 12

A technique to obtain information from others without asking them directly or arousing their suspicion through casual conversation.

Question 13

Whaling

Answer 13

Similar to spear phishing but goes after high-profile targets, such as an executive within a company.

Question 14

Prepending

Answer 14

Adding something malicious to the beginning of what is assumed to be a safe file or application.

Question 15

Identity Fraud

Answer 15

Stealing an individual’s identity and using their personal information without authorization to deceive or commit a crime.

Question 16

Invoice Scams

Answer 16

When a scammer sends your business an invoice for goods or services that you did not agree to purchase. Then the scammer sends you a bill.

Question 17

Credential Harvesting

Answer 17

Phishing campaigns that involves capturing usernames and passwords.

Question 18

Reconnaissance

Answer 18

When a hacker covertly gathers information about a system or organization.

Question 19

Hoax

Answer 19

A fake threat

Question 20

Impersonation

Answer 20

Acting like another person. The thief will pretend to be a person known to the victim and steal information from the victim through trickery.

Answer 21

like spear phishing. However, instead of using email, the attacker attacks a site that the target frequently visits.

Question 22

Typo squatting

Answer 22

Also known as URL hijacking, relies on typographic errors users make on the Internet. It can be as simple as accidentally typing www.gooogle.com instead of www.google.com.

Question 22

Pretexting

Answer 22

Where the attacker creates a scenario that convinces the victim to trust him or to give up personal information.