1_1_1 Section 1 – Attacks, Threats, and Vulnerabilities - Social Engineering - Phishing

Questions and Answers

What is the main purpose of phishing emails?

• To entertain recipients with clever content
• To provide helpful links to recipients
• To promote fake products
• To gather personal information by mimicking trustworthy sources (correct)

How do phishing emails often deceive recipients?

• By using social engineering and spoofing techniques (correct)
• By promoting legitimate services
• By displaying the correct URL in the address bar
• By sending emails from unknown sources

What is one way to identify a phishing attempt?

• By receiving multiple emails from different service providers
• By recognizing that the URL in the address bar matches the claimed sender
• By clicking on all provided links to check their validity
• By observing unusual graphics on the webpage (correct)

What is a common feature of phishing emails when they ask recipients to click a link?

The links will bring up a webpage that resembles the actual service provider's page (A)

How can the true identity of a sender be verified in an email?

By validating the sender's email address separately (B)

What should recipients do when encountering suspicious links in emails?

Validate any link before clicking on it (A)

What is one of the main recommendations to avoid falling for phishing attacks?

Typing the website directly in the browser's address bar (A)

What is a common technique used by attackers to make phishing pages look legitimate?

Adding typos or slight misspellings to domain names (B)

What is an example of a phishing technique mentioned in the text?

Creating pretexting scenarios to deceive recipients (C)

What is pharming, as described in the text?

Redirecting users from legitimate websites to attacker-controlled sites (D)

How do attackers make malicious websites appear legitimate according to the text?

Creating domain names with subtle spelling mistakes (A)

What danger is associated with falling for a pharming attack?

Unknowingly providing personal information to attackers (B)

What is the purpose of pretexting in phishing attacks?

Creating deceptive scenarios to trick individuals into giving up information (A)

How does typing a website directly in the browser's address bar help prevent phishing attacks?

It bypasses potentially malicious links. (A)

What could be a consequence of falling for a phishing attack involving pretexting?

Unknowingly providing personal details to attackers. (C)

How can attackers make illegitimate websites look convincing according to the text?

Including spelling errors and typos in domain names. (B)

What is the term for performing a phishing attack over a voice line?

Vishing (C)

In phishing attacks done over text messages, what is the term used to describe this method?

Smishing (B)

What type of phishing attack targets a specific person or group of individuals?

Spear phishing (A)

Where can many phishing scam examples be found according to the text?

Reddit (A)

In a whaling attack, who is often targeted due to their access to corporate bank accounts?

The CEO (C)

What is the goal of attackers in a whaling attack?

Transfer money to personal accounts (C)

What is the term used for a very directed phishing attack aimed at a specific person or group?

Spear phishing (B)

What is the primary goal of a phishing email?

To gather personal information from the recipient (B)

Why is it mentioned that attackers cannot alter the address bar in a phishing email?

To emphasize the importance of checking the URL in emails (D)

What visual cue can often reveal a phishing attempt when viewing a fake login page?

Mismatched or poorly designed graphics (B)

Why is it important for recipients to validate links in emails?

To prevent falling victim to phishing attacks (D)

What aspect of phishing pages can often seem 'not quite right' to the recipient?

Subtle differences compared to legitimate sites (D)

Why do attackers often combine social engineering with spoofing in phishing attacks?

To improve the chances of tricking recipients into sharing information (A)

What type of phishing attack involves going after a very specific person or group of people?

Whaling (D)

How do attackers gather information before performing a spear phishing attack?

By performing reconnaissance steps (C)

What is the term for a phishing attack conducted over SMS or text messages?

Smishing (D)

Which type of attack involves the attacker using phone numbers that appear local but can be from anywhere?

Vishing (D)

What is the main goal of attackers in a whaling attack?

Gain access to corporate bank accounts (D)

How can attackers make phishing attacks more believable in spear phishing and whaling scenarios?

By gathering open-source information about the victims (B)

In spear phishing, what is the purpose of gathering personal information about the victim?

To create a believable pretext for the attack (D)

What distinguishes a vishing attack from other types of phishing methods?

It is done over voice lines through phone calls (C)

What technique is commonly used by attackers in smishing attacks?

Spoofing phone numbers (C)

What is one common feature of smishing attacks?

Using text messages with enticing links (B)

What is one way attackers make phishing emails deceptive?

By generating emails with poor grammar and spelling errors (D)

What is a key aspect of pharming attacks discussed in the text?

It redirects users to the attacker's website even when they type the correct URL (D)

What is one common characteristic of phishing emails as mentioned in the text?

Creating a sense of urgency or emergency to prompt action (D)

How do attackers utilize typosquatting in phishing attacks?

By creating fake domains closely resembling legitimate ones (C)

What is an example of pretexting as described in the text?

Claiming to be from a trusted organization to gather personal details (B)

How do phishing attackers attempt to deceive individuals using pharming attacks?

By redirecting users to fake websites that appear genuine (B)

What is a common method attackers use to make phishing websites appear legitimate?

'Spoofing' the domain name to closely resemble the real one (B)

How can a user mistakenly end up on an attacker's website in a pharming attack?

By typing the correct URL but falling for pretexting scams (B)

How do attackers try to make phishing emails seem believable?

Creating scenarios that instill panic or urgency in recipients (A)

What do attackers achieve through typosquatting in phishing attacks?

Tricking users into visiting fake domains similar to legitimate ones (B)