Compare and contrast different types of social engineering techniques.

Question 1

SOCIAL ENGINEERING

Answer 1

an attempt by an attacker to convince someone to provide info (like a password) or
perform an action they wouldn’t normally perform (such as clicking on a malicious link)
Social engineers often try to gain access to the IT infrastructure or the physical facility

Question 2

PHISHING

Answer 2

commonly used to try to trick users into giving up personal information (such as user
accounts and passwords), click a malicious link, or open a malicious attachmen

Question 3

SPEAR PHISIHING

Answer 3

Targets specific groups of users

Question 4

WHALING

Answer 4

targets high-level executives

Question 5

VISHING

Answer 5

voice phishing (phone based)

Question 6

SMISHING

Answer 6

uses sms(text) messaging on mobile

Question 7

SPAM

Answer 7

Unsolicited email, generally
considered an irritant

Question 8

SPIM

Answer 8

SPAM over instant messaging, also
generally considered an irritant

Question 9

DUMPSTER DIVING

Answer 9

Gathering important details (intelligence) from
things that people have thrown out in their TRASH.

Question 10

TAILGATING

Answer 10

when an unauthorized individual might
follow you in through that open door
without badging in themselves.

Question 11

ELICITING INFORMATION

Answer 11

strategic use of casual conversation
to extract information without the
arousing suspicion of the target

Question 12

SHOULDER SURFING

Answer 12

a criminal practice where thieves
steal your personal data by spying
over your shoulder

Question 13

PHARMING

Answer 13

an online scam similar to phishing, where
a website’s traffic is manipulated, and
confidential information is stolen.

Question 14

IDENTITY FRAUD

Answer 14

use of another person’s personal information,
without authorization, to commit a crime or to
deceive or defraud that person or other 3rd party

Question 15

PRENPENDING

Answer 15

Prepending is adding words or phrases like “SAFE”
to a malicious file or suggesting topics via social
engineering to uncover information of interest.

Question 16

INVOICE SCAMS

Answer 16

fake invoices with a goal of receiving money or
by prompting a victim to put their credentials
into a fake login screen

Question 17

CREDENTIAL HARVESTING

Answer 17

attackers trying to gain access to your
usernames and passwords that might be
stored on your local computer

Question 18

HOAXES

Answer 18

Intentional falsehoods coming in a variety of forms ranging from virus
hoaxes to FAKE NEWS. Social media plays a prominent role in hoaxes today

Question 19

WATERING HOLE ATTACK

Answer 19

Attack strategy in which an attacker guesses or observes which websites an
organization often uses and infects one or more of them with malware

Question 20

TYPOSQUATTING

Answer 20

a form of cybersquatting (sitting on
sites under someone else’s brand or
copyright) targeting users who type
an INCORRECT WEBSITE ADDRESS

Question 21

PRETEXTING

Answer 21

an attacker tries to convince a victim to give up
information of value, or access to a service or system. LYING

Question 22

HYBRID WARFARE

Answer 22

Attack using a mixture of conventional and unconventional
methods and resources to carry out the campaign

Question 23

INFLUCENCE CAMPAIGNS

Answer 23

A social engineering attack intended to manipulate
the thoughts and minds of large groups of people

Question 24

PRINCIPLES OF SOCAIL ENGINEERING

Answer 24

Authority - position
Intimidation - negative outcomes
Consensus - peer
Scarcity - quantity
Familiarity -liking
Trust - knowledge and experience
Urgency - Time sensitiv
Urgency