Social Engineering

Question 1

What is the first type of motivational trigger used by social engineers?

Answer 1

Authority

Most people comply with requests from those they perceive as authority figures.

Question 2

What does the urgency trigger in social engineering refer to?

Answer 2

A compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly

This trigger causes people to prioritize certain actions due to perceived time constraints.

Question 3

Define social proof in the context of social engineering.

Answer 3

A psychological phenomenon where individuals look to the behaviors and actions of others to determine their own decisions

This often occurs in situations where individuals are uncertain about how to act.

Question 4

What psychological pressure is associated with the scarcity trigger?

Answer 4

The feeling that a product, opportunity, or resource is limited or in short supply

This trigger can lead individuals to act quickly to secure what they perceive as scarce.

Question 5

How does likability function as a motivational trigger in social engineering?

Answer 5

Most people want to interact with people they like

Social engineers may leverage sexual attraction, pretend to be a friend, or highlight common interests.

Question 6

What is the focus of fear as a motivational trigger in social engineering attacks?

Answer 6

Threatening individuals with negative consequences if they do not comply

This approach often includes warnings of bad things happening if instructions are not followed.

Question 7

What is impersonation in the context of cyber attacks?

Answer 7

An attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data

Attackers collect information about the organization to earn the trust of their targeted users.

Question 8

What is required for an impersonation attack to be effective?

Answer 8

The attacker must collect information about the organization to earn the trust of targeted users

Attackers provide details to make their lies and impersonation more believable.

Question 9

Define brand impersonation.

Answer 9

A specific form of impersonation where an attacker pretends to represent a legitimate company or brand

Attackers use the brand’s logos, language, and information to create deceptive communications or websites.

Question 10

What is typosquatting?

Answer 10

A form of cyber attack where an attacker registers a domain name similar to a popular website but with common typographical errors

Also known as URL hijacking or cybersquatting.

Question 11

Explain what a watering hole attack is.

Answer 11

A targeted form of cyber attack where attackers compromise a specific website or service that their target is known to use

The term is a metaphor for a naturally occurring phenomenon, where the ‘watering hole’ is usually a trusted website or online service.

Question 12

True or False: Typosquatting is also referred to as brand impersonation.

Answer 12

False

Typosquatting is also known as URL hijacking or cybersquatting.

Question 13

Fill in the blank: _______ is a form of impersonation where an attacker pretends to represent a legitimate company.

Answer 13

[brand impersonation]

Question 14

List the four main forms of impersonation used by attackers.

Answer 14

• Impersonation
• Brand Impersonation
• Typosquatting
• Watering Hole Attacks

Question 15

What is pretexting?

Answer 15

Gives some amount of information that seems true so that the victim will give more information

Pretexting is often used in social engineering attacks to manipulate individuals into divulging confidential information.

Question 16

What is phishing?

Answer 16

Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information, such as passwords and credit card numbers

Phishing is one of the most common cyber attack methods.

Question 17

What is spear phishing?

Answer 17

More targeted form of phishing that is used by cybercriminals who are more tightly focused on a specific group of individuals or organizations

Spear phishing typically has a higher success rate compared to general phishing.

Question 18

What is whaling in the context of phishing attacks?

Answer 18

Form of spear phishing that targets high-profile individuals, like CEOs or CFOs

Whaling is aimed at obtaining sensitive information from key decision-makers.

Question 19

What is the primary goal of whaling attacks?

Answer 19

To compromise an executive’s account for subsequent attacks within their organization

The rewards for successful whaling can be significantly higher due to the access gained.

Question 20

What is Business Email Compromise (BEC)?

Answer 20

Sophisticated type of phishing attack that usually targets businesses by using one of their internal email accounts to get other employees to perform malicious actions

BEC attacks often exploit trust within the organization.

Question 21

What is vishing?

Answer 21

Attacker tricks their victims into sharing personal or financial information over the phone

Vishing is a form of social engineering that exploits human psychology.

Question 22

What is smishing?

Answer 22

Involves the use of text messages to trick individuals into providing their personal information

Smishing combines SMS technology with phishing tactics.

Question 23

What is an Anti-phishing Campaign?

Answer 23

An essential user security awareness training tool to educate individuals about phishing risks and identifying potential phishing attempts

This campaign is designed to improve user awareness and reduce the likelihood of falling victim to actual phishing attacks.

Question 24

What should an Anti-phishing Campaign offer to users who fell victim to simulated phishing emails?

Answer 24

Remedial training

This training aims to reinforce learning and help users recognize and avoid real phishing attempts in the future.

Question 25

What is a common indicator of phishing attacks that involves time sensitivity?

Answer 25

Urgency ## Footnote Phishing attacks often create a sense of urgency to trick victims into acting quickly.

Question 26

What type of request is commonly associated with phishing attacks?

Answer 26

Unusual Requests ## Footnote Phishing attempts frequently involve requests that are not typical for the recipient.

Question 27

What is a key indicator of phishing that involves discrepancies in web addresses?

Answer 27

Mismatched URLs ## Footnote Phishing emails may contain URLs that do not match the legitimate website addresses.

Question 28

What type of email addresses are often found in phishing attempts?

Answer 28

Strange Email Addresses ## Footnote Phishing emails may originate from addresses that appear suspicious or unfamiliar.

Question 29

What is a common language issue found in phishing emails?

Answer 29

Poor Spelling or Grammar ## Footnote Many phishing attempts are characterized by noticeable spelling and grammatical errors.

Question 30

What is the primary focus of mitigation in cybersecurity?

Answer 30

To reduce the impact of potential threats and attacks ## Footnote Mitigation strategies involve various actions to minimize risks.

Question 31

What is a key action to take when encountering suspicious messages?

Answer 31

Report suspicious messages to protect your organization from potential phishing attacks ## Footnote Reporting helps in early detection and prevention of phishing attacks.

Question 32

What should organizations do after analyzing a phishing threat?

Answer 32

Inform all users about the threat ## Footnote User awareness is crucial for preventing further incidents.

Question 33

What action should be taken if a phishing email was opened?

Answer 33

Conduct a quick investigation and triage the user’s system ## Footnote This helps in identifying and mitigating any potential damage.

Question 34

What should an organization do after a successful phishing attack?

Answer 34

Revise its security measures ## Footnote Continuous improvement in security protocols is essential for preventing future attacks.

Question 35

Fill in the blank: To protect against phishing, organizations should _______ suspicious messages.

Answer 35

report ## Footnote Reporting is a proactive measure against phishing threats.

Question 36

True or False: Informing users about phishing threats is unnecessary if an attack has occurred.

Answer 36

False ## Footnote User education is vital in preventing future incidents.

Question 37

What is identity fraud?

Answer 37

In identity fraud, the attacker takes the victim’s credit card number and charges items to the card ## Footnote Identity fraud specifically involves financial transactions using stolen credit card information.

Question 38

What is identity theft?

Answer 38

In identity theft, the attacker tries to fully assume the identity of their victim ## Footnote Identity theft can involve various forms of identity misrepresentation beyond financial fraud.

Question 39

Define scams.

Answer 39

Fraudulent or deceptive act or operation ## Footnote Scams can take many forms, including phishing, Ponzi schemes, and more.

Question 40

What are influence campaigns?

Answer 40

Coordinated efforts to affect public perception or behavior towards a particular cause, individual, or group ## Footnote Influence campaigns can utilize various media platforms to reach their audience.

Question 41

What is the purpose of influence campaigns?

Answer 41

They are a powerful tool for shaping public opinion and behavior ## Footnote Influence campaigns can be used for political, social, or commercial purposes.

Question 42

What do influence campaigns foster?

Answer 42

Misinformation and disinformation ## Footnote These campaigns can lead to confusion and misinformed public discourse.

Question 43

Define misinformation.

Answer 43

False or inaccurate information shared without harmful intent ## Footnote Misinformation can spread unintentionally, often through social media.

Question 44

Define disinformation.

Answer 44

Involves the deliberate creation and sharing of false information with the intent to deceive or mislead ## Footnote Disinformation is often used in propaganda and strategic communication.

Question 45

What is diversion theft?

Answer 45

Involves manipulating a situation or creating a distraction to steal valuable items or information ## Footnote This technique often relies on misdirection to facilitate theft.

Question 46

Define hoaxes in the context of cybersecurity.

Answer 46

Malicious deception that is often spread through social media, email, or other communication channels ## Footnote Hoaxes can lead to misinformation and potential security breaches.

Question 47

What is shoulder surfing?

Answer 47

Involves looking over someone's shoulder to gather personal information ## Footnote This technique is commonly used in public spaces to obtain sensitive data.

Question 48

Describe dumpster diving.

Answer 48

Involves searching through trash to find valuable information ## Footnote This practice can uncover sensitive documents, personal data, and other confidential materials.

Question 49

What does eavesdropping entail?

Answer 49

Involves the process of secretly listening to private conversations ## Footnote Eavesdropping can occur through various means, including electronic devices.

Question 50

What is baiting in cybersecurity?

Answer 50

Involves leaving a malware-infected physical device, like a USB drive, in a place where it will be found by a victim ## Footnote The victim may unknowingly install malware on their organization's computer system by using the device.