Social Engineering

Phishing

-EMAIL attempts which look LEGITIMATE, can be link to website -> makes User reveal Secret Information.

Spear Phishing Attack

-GROUP of people are Phished! Phishing attacks that target large groups of people. the perpetrators find out as much information about an individual as possible to improve their chances that phishing techniques will be able to obtain sensitive, personal information

A fraudulent EMAIL requesting its recipient to reveal sensitive information (e.g. username and password) used later by an attacker for the purpose of identity theft is an example of: (Select 2 answers)

-Phishing -Social Engineering

Types of Social Engineering

-Phishing -Spear Phising -Whaling -Tailgating -Dumpster Diving -Impersonation -Vishing -Quid pro quo

Whaling

-Phishing targets CEO, high Executives.

Social Engineering

-Tricking People to reveal Confidential Information (Usernames, Password, Bank info, Hospital info..) -can be thru Email, Phone, In person, etc

In computer security, the term "Dumpster diving" is used to describe a practice of sifting through trash for discarded documents containing sensitive data. Found documents containing names and surnames of the employees along with the information about positions held in the company and other data can be used to facilitate social engineering attacks. Having the documents shredded or incinerated before disposal makes dumpster diving less effective and mitigates the risk of social engineering attacks. T/F

True

Shoulder surfing

Watching an authorized user enter a security code on a keypad.

Phishing scams targeting people holding high positions in an organization or business are known as:

Whaling

Tailgating

When an unauthorized individual enters a restricted-access building by following an authorized user.

impersonation

an act of pretending to be another person for the purpose of entertainment or fraud

An unauthorized practice of obtaining confidential information by manipulating people into disclosing sensitive data is referred to as:

social engineering

What is tailgating?

Gaining unauthorized access to restricted areas by following another person

Which social engineering attack relies on identity theft?

Impersonation

Dumpster diving

Involves digging through trash receptacles to find computer manuals, printouts, or password lists that have been thrown away

A social engineering technique whereby attackers under disguise of a legitimate request attempt to gain access to confidential information they shouldn't have access to is commonly referred to as:

Phishing

Vishing

Phone Phishing

A situation in which an unauthorized person can view someone's display or keyboard to learn their password or other confidential information is referred to as:

Shoulder Surfing

Phishing scams targeting a specific group of people are referred to as:

Spear Phishing