Chapter 1 Social Engineering Techniques

Question 1

Social Engineering

Answer 1

An attack against a user and typically involves some form of social interaction.

Question 2

Phishing

Answer 2

A type of social engineering in which an attacker attempts to obtain sensitive information by pretending a trusted entity.

Question 3

Smishing

Answer 3

• A version of Phishing Attack that uses Short Message Service (SMS).
• The attacks sends the user a link to click which begins the nex phase of the attack.

Question 4

Vishing

Answer 4

• Attackers using voice simulated technology to obtain information over voice communication.

Question 5

SPAM

Answer 5

• Bulk of unsolicited emails.
• One should always consider the source before clicking any links or directly responding.

Question 6

SPIM (Spam over Instant Message)

Answer 6

• Spam message delivered via an instant message.
• Purpose is getting an unsuspecting user to click malicious content or links to initiate an attack.

Question 7

Spear Phising

Answer 7

Targets a specific person or group of people with something in common.

Question 8

Dumpster Diving

Answer 8

Going through the victim’s trash in hopes of finding valuable information that be used in a penetration attempt.

Question 9

Shoulder Surfing

Answer 9

The attacker directly observes the individual entering sensitive information on a form, keyboard, or keypad.

Question 10

Pharming

Answer 10

Consists of misdirecting users to fake websites made to look official.

Question 11

Tailgating

Answer 11

The simple tactic of following closely behind a person who has just used their own access card or pin to gain physical access to a room or building.

Question 12

Eliciting Information

Answer 12

Posing as a trusted entity, an attacker can get a password reset, information about some system, or other useful information.

Question 13

Whaling

Answer 13

Where the target is a high value person, such as a CEO or CFO.

Question 14

Prepending

Answer 14

The act of supplying information that another will act upon.

Question 15

Identity Fraud

Answer 15

• The use of fake credentials to achieve an end
• Can be done online
• Works when the person is expecting the person

Question 16

Invoice Scams

Answer 16

• An attack to get the company to pay for things it has not ordered.

Question 17

Credentials Harvesting

Answer 17

• Involves the collection of credential information such as user IDs, passwords, etc
• The objective is to obtain credentials.

Question 18

Reconnaissance

Answer 18

• An adversary will examine the systems they intend to attack.
• This is performed via online research or directly manipulating people to gain information.