Social Engineering

Question 1

What is Social Engineering?

Answer 1

Manipulative strategy exploiting human psychology for unauthorized access to systems, data, or physical spaces

Social engineering relies on psychological manipulation to trick individuals into divulging confidential information.

Question 2

Name the six main types of motivational triggers used by social engineers.

Answer 2

• Authority
• Urgency
• Social Proof
• Scarcity
• Likability
• Fear

These triggers exploit human psychology to manipulate individuals into compliance.

Question 3

What is Impersonation in the context of social engineering?

Answer 3

Attack where an adversary assumes the identity of another person to gain unauthorized access to resources or steal sensitive data

Impersonation can include brand impersonation, typo-squatting, and watering hole attacks.

Question 4

List the types of phishing attacks.

Answer 4

• Phishing
• Vishing
• Smishing
• Spear Phishing
• Whaling
• Business Email Compromise

These attacks aim to deceive individuals into revealing personal information.

Question 5

What is Vishing?

Answer 5

Attacker tricks their victims into sharing personal or financial information over the phone

Vishing is a form of voice phishing.

Question 6

What does Smishing involve?

Answer 6

Involves the use of text messages to trick individuals into providing their personal information

Smishing is a type of phishing attack conducted via SMS.

Question 7

True or false: Phishing attacks only occur through email.

Answer 7

FALSE

Phishing can occur through various channels, including phone calls (vishing) and text messages (smishing).

Question 8

What is Business Email Compromise (BEC)?

Answer 8

Sophisticated type of phishing attack targeting businesses using internal email accounts to conduct unauthorized actions

BEC can lead to unauthorized fund transfers or theft of sensitive information.

Question 9

What is Typosquatting?

Answer 9

Form of cyber attack where an attacker registers a domain name similar to a popular website with typographical errors

Organizations can combat typosquatting by registering common misspellings of their domain names.

Question 10

What are shoulder surfing and how can it be prevented?

Answer 10

Involves looking over someone’s shoulder to gather personal information; prevent by being aware of surroundings

High-powered cameras can also be used for shoulder surfing.

Question 11

What is the difference between identity fraud and identity theft?

Answer 11

• Identity Fraud: Use of another person’s personal information without authorization to commit a crime
• Identity Theft: Attempt to fully assume the identity of the victim

Both involve deception but differ in the extent of identity assumption.

Question 12

What is Diversion Theft?

Answer 12

Involves manipulating a situation or creating a distraction to steal valuable items or information

Diversion theft can occur in various settings, including retail and corporate environments.

Question 13

What is the purpose of influence campaigns?

Answer 13

Coordinated efforts to affect public perception or behavior towards a particular cause, individual, or group

Influence campaigns can spread misinformation and disinformation.

Question 14

What is baiting?

Answer 14

Involves leaving a malware-infected physical device in a place where it will be found by a victim

The goal is for the victim to unknowingly install malware on their organization’s computer system.

Question 15

What are the consequences of Impersonation attacks?

Answer 15

• Unauthorized access
• Disruption of services
• Complete system takeover

Organizations must provide security awareness training to mitigate these attacks.

Question 16

What is pretexting?

Answer 16

Creating a fabricated scenario to manipulate targets into providing information

Mitigation involves training employees not to fill in the gaps for callers.

Question 17

What are some common indicators of phishing attacks?

Answer 17

• Urgency
• Unusual Requests
• Mismatched URLs
• Strange Email Addresses
• Poor Spelling or Grammar

Recognizing these indicators can help individuals avoid falling victim to phishing.