32 Questions
True or false: Eavesdropping involves the process of openly listening to private conversations?
False
True or false: Baiting involves leaving a malware-infected physical device in a place where it will be found by a victim, who will then unknowingly install malware on their organization's computer system?
True
True or false: Tailgating involves an unauthorized person convincing an authorized employee to let them into the facility by getting the authorized employee to swipe their own access badge?
False
True or false: Piggybacking involves an attacker attempting to follow an employee through an access control point without their knowledge?
True
Social engineering involves exploiting human psychology for unauthorized access to systems, data, or physical spaces.
True
Impersonation is a social engineering technique that involves pretending to be someone else, including brand impersonation, typo-squatting, and watering hole attacks.
True
Vishing, Smishing, and Spear Phishing are all types of Influence Campaigns used in social engineering attacks.
False
Diversion Theft, Hoaxes, and Shoulder Surfing are examples of Other Social Engineering Attacks.
True
Phishing is a form of cyber attack that involves sending fraudulent emails to convince individuals to reveal personal information
True
Whaling is a form of phishing that targets high-profile individuals like CEOs or CFOs
True
Typosquatting is also known as URL hijacking or cybersquatting
True
Watering hole attacks involve compromising a specific website or service that a target is known to use
True
Pretexting involves giving some amount of true information to the victim to elicit more information from them
True
Brand impersonation is a less specific form of impersonation compared to impersonation attacks
False
Social engineers use scarcity as a motivational trigger by creating a sense of urgency or time-sensitivity
False
Urgency is a motivational trigger that drives individuals to act swiftly or prioritize certain actions
True
Spear phishing is a less targeted form of phishing compared to whaling
False
Most people are willing to comply with requests if they believe it is coming from someone in a position of authority
True
Fear-based attacks are generally focused on convincing the victim that something bad will happen if they don't comply
True
To protect against brand impersonation, organizations should regularly monitor their brand's online presence to detect fraudulent activities
True
Business Email Compromise (BEC) involves attackers tricking victims into sharing personal or financial information over the phone.
False
Vishing is a voice phishing technique.
True
Smishing involves the use of emails to deceive individuals into providing their personal information.
False
Regular user security awareness training is not considered an effective prevention measure for phishing attacks.
False
Identity fraud and identity theft involve the unauthorized use of another person's personal information for financial gain.
True
Influence campaigns are coordinated efforts to shape public perception or behavior towards a cause, individual, or group.
True
Diversion theft involves searching through trash for valuable information.
False
Shoulder surfing is a social engineering attack that involves creating distractions to steal valuable items or information.
False
Fact checking and critical thinking skills are important prevention measures against misinformation and disinformation spreading.
True
Dumpster diving is a technique used in diversion theft.
False
Hoaxes are often paired with phishing attacks.
True
Clean desk and clean desktop policies are considered effective prevention measures against social engineering attacks.
True
Study Notes
- Business Email Compromise (BEC) is a sophisticated phishing attack targeting businesses, utilizing one of their internal email accounts to facilitate unauthorized fund transfers, payment redirection, or sensitive information theft.
- Vishing is a voice phishing technique where attackers trick victims into sharing personal or financial information over the phone.
- Smishing involves the use of text messages to deceive individuals into providing their personal information.
- Preventing phishing attacks:
- Regular user security awareness training
- Education on various phishing techniques
- Use of anti-phishing tools
- Suspicion towards urgent requests
- Examination of URLs and email addresses
- Reporting and investigation of suspicious emails
- Fraud and scams:
- Fraud is criminal deception intended for financial or personal gain.
- Identity fraud and identity theft involve the unauthorized use of another person's personal information for deception or financial gain.
- Differences between identity fraud and identity theft:
- Identity fraud: attacker charges items to the victim's card
- Identity theft: attacker assumes the victim's identity
- Influence campaigns:
- Coordinated efforts to shape public perception or behavior towards a cause, individual, or group.
- Misinformation and disinformation spreading can harm institutions, fuel social divisions, and influence election outcomes.
- Other social engineering attacks:
- Diversion theft: manipulating situations or creating distractions to steal valuable items or information.
- Hoaxes: malicious deception spread through communication channels, often paired with phishing attacks.
- Shoulder surfing: looking over someone's shoulder to steal information.
- Dumpster diving: searching through trash for valuable information.
- Prevention measures:
- Being aware of surroundings when providing sensitive information.
- Use of clean desk and clean desktop policies.
- Fact checking and critical thinking skills when encountering potential hoaxes.
Learn about Business Email Compromise (BEC), a sophisticated type of phishing attack targeting businesses. This study note covers how attackers take over legitimate email accounts to conduct unauthorized fund transfers, redirect payments, or steal sensitive information.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
