1_1_1 Section 1 – Attacks, Threats, and Vulnerabilities - Social Engineering - Phishing

Questions and Answers

What is the main purpose of phishing emails?

To entertain recipients with clever content

To provide helpful links to recipients

To promote fake products

To gather personal information by mimicking trustworthy sources (correct)

How do phishing emails often deceive recipients?

By using social engineering and spoofing techniques (correct)

By promoting legitimate services

By displaying the correct URL in the address bar

By sending emails from unknown sources

What is one way to identify a phishing attempt?

By receiving multiple emails from different service providers

By recognizing that the URL in the address bar matches the claimed sender

By clicking on all provided links to check their validity

By observing unusual graphics on the webpage (correct)

What is a common feature of phishing emails when they ask recipients to click a link?

The links will bring up a webpage that resembles the actual service provider's page

How can the true identity of a sender be verified in an email?

By validating the sender's email address separately

What should recipients do when encountering suspicious links in emails?

Validate any link before clicking on it

What is one of the main recommendations to avoid falling for phishing attacks?

Typing the website directly in the browser's address bar

What is a common technique used by attackers to make phishing pages look legitimate?

Adding typos or slight misspellings to domain names

What is an example of a phishing technique mentioned in the text?

Creating pretexting scenarios to deceive recipients

What is pharming, as described in the text?

Redirecting users from legitimate websites to attacker-controlled sites

How do attackers make malicious websites appear legitimate according to the text?

Creating domain names with subtle spelling mistakes

What danger is associated with falling for a pharming attack?

Unknowingly providing personal information to attackers

What is the purpose of pretexting in phishing attacks?

Creating deceptive scenarios to trick individuals into giving up information

How does typing a website directly in the browser's address bar help prevent phishing attacks?

It bypasses potentially malicious links.

What could be a consequence of falling for a phishing attack involving pretexting?

Unknowingly providing personal details to attackers.

How can attackers make illegitimate websites look convincing according to the text?

Including spelling errors and typos in domain names.

What is the term for performing a phishing attack over a voice line?

Vishing

In phishing attacks done over text messages, what is the term used to describe this method?

Smishing

What type of phishing attack targets a specific person or group of individuals?

Spear phishing

Where can many phishing scam examples be found according to the text?

Reddit

In a whaling attack, who is often targeted due to their access to corporate bank accounts?

The CEO

What is the goal of attackers in a whaling attack?

Transfer money to personal accounts

What is the term used for a very directed phishing attack aimed at a specific person or group?

Spear phishing

What is the primary goal of a phishing email?

To gather personal information from the recipient

Why is it mentioned that attackers cannot alter the address bar in a phishing email?

To emphasize the importance of checking the URL in emails

What visual cue can often reveal a phishing attempt when viewing a fake login page?

Mismatched or poorly designed graphics

Why is it important for recipients to validate links in emails?

To prevent falling victim to phishing attacks

What aspect of phishing pages can often seem 'not quite right' to the recipient?

Subtle differences compared to legitimate sites

Why do attackers often combine social engineering with spoofing in phishing attacks?

To improve the chances of tricking recipients into sharing information

What type of phishing attack involves going after a very specific person or group of people?

Whaling

How do attackers gather information before performing a spear phishing attack?

By performing reconnaissance steps

What is the term for a phishing attack conducted over SMS or text messages?

Smishing

Which type of attack involves the attacker using phone numbers that appear local but can be from anywhere?

Vishing

What is the main goal of attackers in a whaling attack?

Gain access to corporate bank accounts

How can attackers make phishing attacks more believable in spear phishing and whaling scenarios?

By gathering open-source information about the victims

In spear phishing, what is the purpose of gathering personal information about the victim?

To create a believable pretext for the attack

What distinguishes a vishing attack from other types of phishing methods?

It is done over voice lines through phone calls

What technique is commonly used by attackers in smishing attacks?

Spoofing phone numbers

What is one common feature of smishing attacks?

Using text messages with enticing links

What is one way attackers make phishing emails deceptive?

By generating emails with poor grammar and spelling errors

What is a key aspect of pharming attacks discussed in the text?

It redirects users to the attacker's website even when they type the correct URL

What is one common characteristic of phishing emails as mentioned in the text?

Creating a sense of urgency or emergency to prompt action

How do attackers utilize typosquatting in phishing attacks?

By creating fake domains closely resembling legitimate ones

What is an example of pretexting as described in the text?

Claiming to be from a trusted organization to gather personal details

How do phishing attackers attempt to deceive individuals using pharming attacks?

By redirecting users to fake websites that appear genuine

What is a common method attackers use to make phishing websites appear legitimate?

'Spoofing' the domain name to closely resemble the real one

How can a user mistakenly end up on an attacker's website in a pharming attack?

By typing the correct URL but falling for pretexting scams

How do attackers try to make phishing emails seem believable?

Creating scenarios that instill panic or urgency in recipients

What do attackers achieve through typosquatting in phishing attacks?

Tricking users into visiting fake domains similar to legitimate ones