Section 29 Social Engineering

Question 1

Manipulates a user into revealing confidential information that are detrimental to that user or the security of our systems.

Answer 1

Social Engineering

Question 2

A person who works for or with your organization but has ulterior motives.

Answer 2

Insider Threat

Question 3

An attempt to fraudulently obtain information from a user (usually by email).

Answer 3

Phishing

Question 4

An attempt to fraudulently obtain information from a user, usually by email that targets a specific individual.

Answer 4

Spear phishing

Question 5

A form of spear phishing that directly targets the CEO, CFO, CIO, CSO, or other high value targets in an organization.

Answer 5

Whaling

Question 6

Phishing conducted over text messaging (SMS)

Answer 6

Smishing

Question 7

Phishing conducted over voice and phone calls

Answer 7

Vishing

Question 8

Phishing attempt to trick a user to access a different or fake website (usually by modifying hosts file).

Answer 8

Pharming

Question 9

People are more willing to comply with a request when they think it is coming from someone in authority.

Answer 9

Authority

Question 10

People are usually in a rush these days and urgency takes advantages of this fact.

Answer 10

Urgency

Question 11

People are more likely to click on a link through social media or based on seeing others have already clicked on it.

Answer 11

Social Proof

Question 12

Technique that relies on the fear of missing out on a good deal that is only offered in limited quantities or a lmited time.

Answer 12

Scarcity

Question 13

A technique where the social engineer attempts to find common ground and shared interests with their target.

Answer 13

Likeability

Question 14

The use of threats or demands to intimidate someone into helping you in the attack.

Answer 14

Fear

Question 15

When a thief attempts to take responsibility for a shipment of diverting the delivery to a nearby location.

Answer 15

Diversion Theft

Question 16

When a person uses direct observation to obtain authentication information.

Answer 16

Shoulder Surfing

Question 17

When an unauthorized person tags along with an authorized user to gain entry to a restricted area.

Answer 17

Piggy Backing

Question 18

When an attacker figures out where users like to go, and places malware to gain access to your organization.

Answer 18

Watering Hole Attack

Question 19

The wrongful or criminal deception intended to result in financial or personal gain.

Answer 19

Fraud

Question 20

The use by one person of another person’s personal information, without authorization, to commit a crime or to deceive or defraud that other person or a third person.

Answer 20

Identity Fraud

Question 21

A technical method used in social engineering to trick users into entering their username and passwords by adding an invisible string before the weblink they click.

Answer 21

Prepending

Question 22

Policy where all employees must put away everything from their desk a the end of the day into locked drawers and cabinets.

Answer 22

Clean Desk Policy