Social Engineering

Question 1

The art of manipulating people into divulging confidential information or performing actions that compromise security.

Answer 1

Social Engineering

Question 2

It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

Answer 2

Social Engineering

Question 3

A cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institutions to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

Answer 3

Phishing

Question 4

A fake email from “your bank” asking you to reset your password via a malicious link.

Answer 4

Phishing

Question 5

A technique that manipulated victims into divulging information. A pretext is a made-up scenario developed by threat actors for the purpose of stealing a victim’s personal data.

Answer 5

Pretexting

Question 6

A scammer posing as IT support asks for your login details to “fix an issue”.

Answer 6

Pretexting

Question 7

A type of phishing attack that also leverages personal communication to gain access to a user’s device or personal information.

Answer 7

Whaling

Question 8

Baiting scams can be in the form of tempting ads or online promotions, such as free game or movie downloads, music streaming or phone upgrades.

Answer 8

Whaling

Question 9

A cyberattack that originate offline. In this attack, a thief persuades a courier to pick up or drop off a package in the wrong location, deliver an incorrect package or deliver a package to the wrong recipient.

Answer 9

Diversion Theft

Question 10

This attack type often involves spoofing, which is a technique used by cybercriminals to disguise themselves as a known or trusted source.

Answer 10

Diversion Theft

Question 11

A social engineering tactic where the attacker poses as a trustworthy executive who is authorized to deal with financial matters within the organization.

Answer 11

Business Email Compromise

Question 12

A scammer spoofs an executive’s email to impersonate them and fraudulently instruct subordinated to transfer funds or change banking details.

Answer 12

Business Email Compromise

Question 13

A social engineering attack conducted specifically through SMS messages. In this attack, scammers attempt to lure the user into clicking on a link which directs them to a malicious site. Once on the site, the victim is then prompted to download malicious software and content.

Answer 13

Smishing/SMS-Phishing

Question 14

A scammer spoofs an executive’s email to impersonate them and fraudulently instruct subordinates to transfer funds or change banking details.

Answer 14

Smishing/SMS-Phishing

Question 15

This attack involves the attacker requesting sensitive information from the victim in exchange for a desirable service.

Answer 15

Quid Pro Quo

Question 16

For example, an attacker may pose as an IT support technician, call a user to address a common issue like slow network speeds, and trick them into sharing login credentials, which are then used to access sensitive data or sold on the dark web.

Answer 16

Quid Pro Quo

Question 17

A social engineering technique that specifically targets individuals looking for love on online dating websites or social media. The criminal befriends the victim by creating a fictional persona and setting up a fake online profile.

Answer 17

Honeytrap

Question 18

also known as piggybacking, is a physical breach whereby an attacker gains access to a physical facility by asking the person entering ahead of them to hold the door or grant them access.

Answer 18

Tailgating

Question 19

can also include allowing an unauthorized person to borrow an employee’s laptop or other device so that the user can install malware.

Answer 19

Tailgating

Question 20

A Psychological Principles behind the social environment

No social engineering attacks would be possible if the attackers were not able to first build trust with their targets.

Answer 20

1 Programming the Trust Algorithm

Question 21

A Psychological Principles behind the social environment

People tend to assign immediate trust to authoritative figures and not doubt their intention. Social engineers will impersonate company executives, lawyers or technicians. The attackers have already investigated which authoritative figures are suitable for each of their victims.

Answer 21

2 Persons or Organizations with Authority

Question 22

A Psychological Principles behind the social environment

People are more willing to do something or trust a situation or interpersonal dynamic when they observe other people doing it first. They also put a lot of weight into other people’s endorsements.

Answer 22

3 Social Proof

Question 23

A Psychological Principles behind the social environment

People associate consistent behaviours with people that are reliable, intelligent, trustworthy, and other highly praised traits. Due to this social norm, people tend to care a lot about appearing consistent.

Answer 23

4 Consistency

Question 24

A Psychological Principles behind the social environment

When people are similar to us, we tend to perceive them as belonging to “our tribe”. Psychological studies have shown that when people appear to be or think like we do, we automatically assign some other psychological characteristics to them.

Answer 24

5 Liking

Question 25

A Psychological Principles behind the social environment Items that are limited or scarce, are frequently perceived as more valuable and more attractive. This creates desire. But it also creates a sense of urgency. Combined, they make people more than willing to take more than a few shortcuts on the critical thinking processes.

Answer 25

A Psychological Principles behind the social environment #6 Scarcity

Question 26

A Psychological Principles behind the social environment Time pressure is a motivating factor connected to the one of scarcity, not in terms of making an actions desirable, but in terms of giving someone a very short amount of time to fulfill a request. The time pressure is often big enough to make one skip essential critical thinking and analytical processes while acting on a request.

Answer 26

#7 Urgency/Time Pressure

Question 27

A Psychological Principles behind the social environment Attackers keep using old and tried cover stories that have proven to be consistently successful, because these stories involve the exploitation of the psychological principles mentioned. One common attack scenario is the vishing (phone-based) attack, where the attackers call employees and pretend to be IT support staffers, Then they proceed to explain their cover story. For example, they may say that they are running some critical system upgrades and that they need an employee’s username and password in order to proceed.

Answer 27

#8 Incorporating Psychological Pressure into Attack Scenarios

Question 28

is defined as intelligence produced by collecting, evaluating and analyzing publicly available information with the purpose of answering a specific intelligence question.

Answer 28

Open-Source Intelligence (OSINT)

Question 29

It can be found from various sources such as: o Public Records o Images/Videos o Websites o Social Media Platform o News Media o Libraries

Answer 29

Open-Source Intelligence (OSINT)

Question 30

Who uses OSINT?

Answer 30

o Government o Investigate Journalist o Law Firms o Private Investigators o Social Engineers o Military

Question 31

5 Stages of the Intelligence Cycle

Answer 31

Preparation Collection Processing Analysis and Production Dissemination

Question 32

A stage of the Intelligence Needs and requirements of the requests are assessed, such as determining the objectives of the tasking and identifying the best sources to use to find the information for which you are looking.

Answer 32

Preparation

Question 33

A stage of the Intelligence The primary and most important step in collecting data and information from as many relevant sources as possible.

Answer 33

Collection

Question 34

A stage of the Intelligence The collected data and information are organized or collated.

Answer 34

Processing

Question 35

A stage of the Intelligence The interpretation of the collected information to make sense of what was collected, i.e. identifying patterns or a timeline of travel history. Produce a report to answer the intelligence question, draw, conclusions, and recommend next steps.

Answer 35

Analysis and Production

Question 36

A stage of the Intelligence The presentation and delivery of open-source findings, i.e. written reports, timelines, recommendations, etc. Answer the interquestion for stakeholders.

Answer 36

Dissemination

Question 37

No communication or engagement with individuals online, which includes commenting, messaging, friending, and/or following.

Answer 37

Passive OSINT

Question 38

open-source research is considered engagement and can be looked upon as an undercover operations for some organizations.

Answer 38

Active OSINT

Question 39

Common OSINT Techniques

Answer 39

1. Search Engines 2. Social Media 3. Public Records 4. News Sources 5. Web Scraping 6. Data Analysis Tools

Question 40

is a social engineering tactic where attackers pretend to be someone else — such as a trusted individual, organization, or authority figure — to gain the victim’s trust and manipulate them into revealing sensitive information, performing actions, or providing access to systems.

Answer 40

Impersonation

Question 41

How impersation are used?

Answer 41

- stealing credentials - financial frauds - spreading malware - gaining unauthorized access - manipulating victims - identity theft

Question 42

Common Phishing Kits Technique

Answer 42

1. Email Spoofing 2. Caller ID Spoofing 3. Social Media Impersonation 4. Executive Impersonation (CEO Fraud) 5. Vendor or Supplier Impersonation 6. Authority Impersonation 7. IT Support Impersonation

Question 43

is one of the most common cyber threats to organizations, and phishing kits are a significant reason for this.

Answer 43

Phishing

Question 44

is a set of tools that enables attackers to create convincing fake websites or emails that trick users into divulging sensitive information.

Answer 44

phishing kit

Question 45

What are the types of phishing kits?

Answer 45

- basic phishing kits - spear phishing kits - clone phishing kits - mobile phishing kits - credential harvesting kits - malware integrated phishing kits - evasion kits - multi-platforms phishing kits - open-source phishing kits

Question 46

A type of Phishing Kits Simple kits designed for beginners, often including pre-made templates and scripts.

Answer 46

Basic Phishing Kits

Question 47

A type of Phishing Kits More sophisticated kits with additional features like evasion techniques and automation.

Answer 47

Advanced Phishing Kits

Question 48

A type of Phishing Kits Tailored for targeted attacks specific individuals or organizations.

Answer 48

Spear Phishing Kits

Question 49

A type of Phishing Kits Kits that replicate legitimate emails or websites to trick users.

Answer 49

Clone Phishing Kits

Question 50

A type of Phishing Kits Designed to target mobile users through SMS (smishing) or fake mobile apps

Answer 50

Mobile Phishing Kits

Question 51

A type of Phishing Kits Focused on stealing login credentials through fake forms or pages.

Answer 51

Credential Harvesting Kits

Question 52

A type of Phishing Kits Kits that combine phishing with malware delivery.

Answer 52

Malware-Integrated Phishing Kits

Question 53

A type of Phishing Kits Designed to bypass security measures like firewalls, email or antivirus software.

Answer 53

Evasion Kits

Question 54

A type of Phishing Kits Kits that target multiple platforms (e.g., email, Social media, SMS)

Answer 54

Multi-Platform Phishing Kits

Question 55

A type of Phishing Kits Free dark or low-cost kits available on platforms like GitHub or web forums.

Answer 55

Open-SOurce Phishing Kits

Question 56

COMMON PHISHING KITS TECHNIQUES

Answer 56

1.Email Spoofing 2.Website Cloning 3.Link Manipulation 4. Attachment-Based Phishing 5.Spear Phishing 6. Smishing (SMS Phishing) 7. Vishing (Voice Phishing) 8. Prestexting 9. Quid Pro Quo 5.Spear Phishing 10. Social Media Phishing 11. Pop-Up Phishing 12. Watering Hole Attacks 13. Business Email Compromise (BEC) 14. Credential Harvesting 15. Evasion Techniques

Question 57

is the process of distributing malicious software (malware) to a victim’s device or network.

Answer 57

Malware delivery

Question 58

it often relies on social engineering tactics to trick users into downloading or executing the malicious payload.

Answer 58

Malware delivery

Question 59

COMMON MALWARE DELIVERY TECHNIQUES

Answer 59

1.Phishing Emails 2.Malicious Websites 3.Social Media and Messaging Apps 4.USB Drives and Removable Media 5.Software Bunding 6.Remote Desktop Protocol (RDP) Exploits 7. Malvertising 8. File Sharing and P2P Networks 9. Impersonation and Trust Exploitation 10. Watering Hole Attacks 11. Supply Chain Attacks 12. Exploiting Vulnerabilities

Question 60

Conduct regular awareness programs to educate employees and individuals about social engineering tactics, red flags, and best practices

Answer 60

Education & Training

Question 61

requires users to provide two or more forms of verification (e.g., password + SMS code or biometric scan) to access accounts or systems

Answer 61

Multi-Factor AUthentication

Question 62

Establish clear guidelines for handling sensitive information, such as verifying requests for data or payments and reporting suspicious activity.

Answer 62

Policies and Procedures

Question 63

A predefined set of steps to follow if a social engineering attack is suspected or detected.

Answer 63

Incident Response Plan