2.3 Malware Detection, Removal and Prevention

Question 1

Define social engineering

Answer 1

Any attempt to manipulate users to reveal confidential information or perform actions detrimental to a system’s security

Question 2

Phishing

Answer 2

A social engineering attack where the malicious actor communicates with he victim from a supposedly reputable source to lure the victim into divulging sensitive information

Question 3

What can the response rate be up to for generic phishing campaigns?

Answer 3

60-70% (with good grammar)
30-40% (with bad grammar)

Question 4

Spearphishing

Answer 4

A more targeted version of phishing using mainly the same techniques

Question 5

Whaling

Answer 5

Focused on key executives within an organisation or other key leaders, executives and managers in the company

Question 6

What is the most effective form of phishing in a pentest?

Answer 6

Whaling

Question 7

Smishing

Answer 7

Phishing over SMS

Question 8

Vishing

Answer 8

Message being communicated to the target using the voice functions of a telephone

Question 9

BEC

Answer 9

An attacker takes over or impersonates a high-level executive’s email account

Question 10

Pharming

Answer 10

Tricking users into divulging private information by redirecting a victim to a website controlled by the attacker of pentester

Question 11

How can attackers execute pharming?

Answer 11

Redirects, popups, URL masking, background processes