Chapter 1 - Social Engineering Techniques

Question 1

what is social engineering?

Answer 1

an attack against a user that involves a form of social interaction.

Question 2

phishing attack

Answer 2

an attacker attempts to obtain sensitive information through a trusted entity such as email or instant messaging

Question 3

smishing attack

Answer 3

is an attack done by text message (SMS phishing)

Question 4

vishing attack

Answer 4

a phishing attack that is done over the phone or voicemail to obtain personal information

Question 5

SPAM

Answer 5

unsolicited email sent in bulk

Question 6

typosquatting

Answer 6

a type of URL hijacking- https://yutube.com

Question 7

Pretexting

Answer 7

the attacker creates a false narrative to influence the victim to give up some type of information

Question 8

Prepending

Answer 8

adding to the beginning of text-https://yyoutube.com

Question 9

pharming

Answer 9

misdirecting users to a fake website made to look real

Question 10

what is the difference between pharming and phishing?

Answer 10

pharming- harvest large groups of people

phishing- collect access to credentials

Question 11

Reconnaissance

Answer 11

a military term that is used to gather information on the victim

Question 12

spear phishing

Answer 12

used to target a specific person or group of people

Question 13

Whaling attack

Answer 13

the attacker’s target is a high value person such as a CEO or CFO

Question 14

Impersonation

Answer 14

attackers pretending to be someone they aren’t

Question 15

Eliciting information

Answer 15

extracting information from the victim
example: help desk

Question 16

identity fraud

Answer 16

using a victim’s personal or financial information without permission. (pretending to be you)

Question 17

credit card fraud

Answer 17

an account is opened in your name or credit card information is being used

Question 18

bank fraud

Answer 18

attacker gains access to your account or opens a new account

Question 19

loan fraud

Answer 19

victims information is used for a loan or lease

Question 20

government benefits fraud

Answer 20

attacker obtains benefits on victims behalf

Question 21

dumpster diving

Answer 21

going through a targets trash to find valuable information

Question 22

shoulder surfing

Answer 22

obtaining personal information by looking over the victim’s shoulders

Question 23

Computer hoax

Answer 23

A threat that doesn’t actually exist; a fake warning

Question 24

watering hole attack

Answer 24

involves the infecting of a target website with malware that victims commonly visit

Question 25

What is SPIM?

Answer 25

Spam Over Instant Messaging

Question 26

Influence Campaigns

Answer 26

is used to sway public opinion on political and social issues

Question 27

hybrid warfare

Answer 27

a military strategy that is use to change the way people think in another country

Question 28

cyberwarfare

Answer 28

is used to attack an entity with technology

Question 29

Tailgating

Answer 29

using an authorized person to gain unauthorized access to a building

Question 30

invoice scams

Answer 30

attacker uses a fake invoice in an attempt to get a company to pay for things

Question 31

credential harvesting

Answer 31

the collection of login credentials

Question 32

authority

Answer 32

the power or right to give orders, make decisions, and enforce obedience.

Question 33

intimidation

Answer 33

to frighten or threaten someone, usually in order to persuade the person to do something he or she does not wish to do

Question 34

Consensus/Social proof

Answer 34

to convince based on what’s normally expected; a general agreement

Question 35

Scarcity

Answer 35

when something needs to be done in a certain amount of time

Question 36

Urgency

Answer 36

when something needs to be done immediately

Question 37

Familiarity

Answer 37

to have close acquaintance with or knowledge of something.

Question 38

Trust

Answer 38

someone who is safe and reliable ;to believe that someone is good and honest and will not harm you.