Social engineering

Question 1

Define Social engineering

Answer 1

Art of convincing people to reveal confidential information

Question 2

Steps of social engineering

Answer 2

Research - Gather info on target org
Select target - Choose indiv target
build Relationship - Earn target trust
Exploit - Extract information from target

Question 3

What is the term for Stealing someone’s information to pose as that person?

Answer 3

Identity theft

Question 4

What foss tool can perform credential harvesting and attacks like website attack vectors, mass mailer attack, sms spoofing, QRCode generator, WAP attack…

Answer 4

Social-Engineer Toolkit (SET)

Question 5

What is the term for pretending to be someone else to learn needed information

Answer 5

Impersonation aka masquerading

Question 6

What is the term for secretly listening to other peoples communication without consent.

Answer 6

Eavesdropping

Question 7

What is the term for observing victims when they’re using devices such as ATMs, computers, kiosks…

Answer 7

Shoulder surfing

Question 8

What is the term for collecting information from the target’s trash bins

Answer 8

Dumpster diving

Question 9

What is the method that is initiated by the victim that’s tricked into contacting the attacker herself where an attacker poses as an authority figure usually by creating a problem then offering a solution.

Answer 9

Reverse social engineering

Question 10

What is the term for convincing authorized personnel to let attacker into a secured area which differs from tailgating as it includes consent of the personal.

Answer 10

Piggybacking

Question 11

Gaining access to restricted areas by following another person where the countermeasure is using man traps as because they only allow single person at a time.

Answer 11

Tailgating

Question 12

Use of the telephone to perform the attack (voice and phishing)

Answer 12

Vishing

Question 13

Attack where the attacker sends a link to a malicious website to collect information.

E.g. someone calls, asks to fill a form, and says it’s a company survey and it’ll help company a lot.

Answer 13

Phishing

Question 14

A very targeted attack on a high value victim called “Whale” (big fish).
Usually targets high-level executives

Answer 14

Whaling

Question 15

Using specialized phishing content for a specific person or group of people.
Generate higher response rate as it’s more personalized

Answer 15

Spear Phishing

Question 16

Redirect a website’s traffic to a malicious one through DNS poisoning, host file modification, etc.

Answer 16

Pharming

Question 17

Name 2 Anti-phishing tools

Answer 17

Netcraft: maintains malicious site blacklists against phishing

PhishTank: website containing phishing websites

Question 18

Sending malicious links through SMS messages and urge their targets to act

Answer 18

SMShishing or smishing