Social Engineering

Question 1

What’s the difference between Impersonation and Pretexting?

Answer 1

Impersonation is pretending to be someone else. Pretexting is creating a believable story to get information.

冒充（Impersonation）是扮演他人身份，预设情景（Pretexting）是编造可信故事引诱你说出信息。

Question 2

What is Brand Impersonation?

Answer 2

It’s when an attacker pretends to be a trusted brand using logos and language to trick users.

品牌冒充是攻击者伪装成知名品牌，通过Logo和文字骗取用户信任。

Question 3

What is Typosquatting?

Answer 3

It’s registering misspelled versions of real websites to trap users.

拼写劫持是注册拼写错误的网址，引诱用户访问并进行欺骗。

Question 4

What is a Watering Hole Attack?

Answer 4

It’s infecting websites that a target group visits, so when they visit, they get infected.

水坑攻击是攻击目标常访问的网站，让他们在毫不知情的情况下被感染。

Question 5

How to defend against Impersonation?

Answer 5

Provide regular security awareness training and verify identities.

定期开展安全培训，并在遇到可疑身份时进行验证。

Question 6

What is Phishing?

Answer 6

Sending fake emails to trick people into revealing personal info or clicking malicious links.

钓鱼攻击是通过伪造邮件诱骗用户泄露信息或点击恶意链接。

Question 7

What is Spear Phishing?

Answer 7

A targeted phishing attack aimed at a specific person or group with customized content.

定向钓鱼是专门针对某个人或组织定制的诈骗邮件，伪装性更强。

Question 8

What is Whaling?

Answer 8

A phishing attack targeting executives like CEOs or CFOs.

捕鲸攻击是专门针对公司高层（如CEO/CFO）的钓鱼攻击，目的是骗取高价值信息或资金。

Question 9

What is BEC (Business Email Compromise)?

Answer 9

Using hacked or spoofed business emails to trick employees into transferring money or sharing data.

商业邮件诈骗是通过伪造或接管企业邮箱实施欺骗，诱导员工进行资金转账或泄密。

Question 10

What is Vishing?

Answer 10

Voice phishing – tricking people over the phone into giving out sensitive info.

语音钓鱼是通过电话骗取用户敏感信息的一种攻击方式。

Question 11

What is Smishing?

Answer 11

SMS phishing – using text messages to lure users into clicking malicious links or giving info.

短信钓鱼是通过短信诱导用户点击恶意链接或提供个人信息。