Mod 2 Common Attacks

Question 1

Phishing

Answer 1

A technique that uses digital communication to trick people into revealing sensitive data or deploying malicious software.

Question 2

Business Email Compromise (BEC)

Answer 2

A phishing attack where a threat actor impersonates a known source to make a seemingly legitimate request for information, often with the goal of obtaining a financial advantage.

Question 3

Spear Phishing

Answer 3

A targeted phishing attack that focuses on a specific user or group of users, often using personalized information to make the attack more believable.

Question 4

Whaling

Answer 4

A type of spear phishing that specifically targets high-profile individuals, such as company executives, to gain access to sensitive data.

Question 5

Vishing

Answer 5

A phishing attack that uses voice communication, such as phone calls, to trick users into revealing sensitive information.

Question 6

Smishing

Answer 6

A phishing attack that uses text messages to trick users into revealing sensitive information.

Question 7

Malware

Answer 7

Software designed to harm devices or networks.

Question 8

Virus

Answer 8

Malicious code that infects a device and can cause damage to data and software.

Question 9

Worm

Answer 9

A type of malware that can self-replicate and spread across systems on its own.

Question 10

Ransomware

Answer 10

A type of malware that encrypts an organization’s data and demands payment to restore access.

Question 11

Social Media Phishing

Answer 11

A social engineering attack where a threat actor collects information about their target from social media and then uses that information to launch an attack.

Question 11

Spyware

Answer 11

Malware that gathers and sells information without consent.

Question 12

Social Engineering

Answer 12

A manipulation technique that exploits human error to gain private information, access, or valuables.

Question 13

Watering Hole Attack

Answer 13

A social engineering attack where a threat actor infects a website that is frequently visited by a specific group of users.

Question 14

USB Baiting

Answer 14

A social engineering attack where a threat actor leaves a malware-infected USB stick in a location where it is likely to be found and used by an unsuspecting victim.

Question 15

Physical Social Engineering

Answer 15

A social engineering attack where a threat actor impersonates an employee, customer, or vendor to gain unauthorized access to a physical location.

Question 16

Authority

Answer 16

A social engineering tactic that exploits people’s tendency to respect and follow authority figures.

Question 17

Intimidation

Answer 17

A social engineering tactic that uses bullying tactics to persuade and intimidate victims into doing what they are told.

Question 18

Consensus/Social Proof

Answer 18

A social engineering tactic that uses the principle of social proof to persuade people to do something because they believe that others are doing it.

Question 19

Scarcity

Answer 19

A social engineering tactic that implies that goods or services are in limited supply to create a sense of urgency.

Question 20

Familiarity

Answer 20

A social engineering tactic that establishes a fake emotional connection with users that can be exploited.

Question 21

Trust

Answer 21

A social engineering tactic that establishes an emotional relationship with users over time to gain their trust and personal information.