Phishing Techniques Quiz

Questions and Answers

PDF Questions PDF Answers

What is the primary goal of phishing attacks?

To improve computer security

To sell personal information legally

To steal money or sensitive information (correct)

To spread malware for research

Which of the following best describes spear phishing?

Phishing attacks that exploit software vulnerabilities

Phishing attacks directed at random users

Phishing that uses cloned emails to deceive victims

Phishing attempts focused on specific individuals or companies (correct)

What is a common tactic used in link manipulation during phishing attacks?

Creating links that are too long to read

Using hyperlinks that lead to secure websites

Embedding links in images for authenticity

Spoofing link previews to show different URLs (correct)

Which element does NOT typically make an email more convincing in a phishing attack?

A misspelled URL in the link

Voice phishing, also known as vishing, primarily targets which type of information?

Credit card numbers and personal financial information

Which type of phishing attack involves replacing an attachment or link in a previously delivered email?

Clone phishing

What is one of the reasons why spear phishing is considered the most successful form of phishing?

They are directed at specific targets based on gathered personal information.

Which of these is NOT a method used by cybercriminals in phishing attacks?

Offering financial rewards for participation

What is a key indicator of a phishing email related to the sender's address?

The sender's address uses an unverified domain.

Why is the absence of a 'To:' line relevant in identifying phishing emails?

It implies that the email is a mass-targeted phishing attack.

What action can help confirm the legitimacy of a hyperlink in an email?

Hovering over the link to see the actual URL.

Which of the following tactics is commonly used in social engineering attacks on social media?

Crafting messages based on user profiles and interests.

What is a potential risk when clicking on suspicious links in emails or social media?

Your login information may be stolen.

What characteristic of phishing emails can often be generic?

The email signature lacks specific details.

What should a user do when receiving an unfamiliar email about account issues?

Verify the sender's email domain.

Which sign indicates a phishing attempt on social media?

Links prompting to log in again on unfamiliar pages.

What is the first step to identifying a phishing email from a familiar entity?

Check if the item mentioned in the email is something you've purchased or sold.

Which indicator is NOT commonly associated with phishing emails?

Legitimate domain in the sender's email address.

How can hovering over a link in an email assist in identifying a phishing attempt?

It reveals the genuine website address behind the link.

What should you look for in the email address to assess its authenticity?

Matching the domain with a known, reputable website.

What characteristic of the sender's address can indicate a phishing attempt?

A generic name associated with the email address.

What is a common tactic used by cybercriminals in phishing emails to grab attention?

Employing all caps in the subject line.

Why is it important to check for hidden recipients in the To: and Cc: lines of an email?

It reveals if the email is directed to multiple recipients, indicating a potential mass phishing attack.

What is the significance of the phrase 'hover your mouse over the link' in the context of email security?

It reveals the actual destination of the hyperlink.

What is a key indicator that an email may be a phishing attempt?

The signature is generic, such as 'Webmail Administrator'.

What action should you take if you suspect an email is a phishing attempt?

Forward the email to the appropriate security team.

How can you verify if a link in an email is legitimate?

By checking if it has a 'https://' address and a lock icon.

What should you never do in response to a phishing email?

Provide personal information in response.

Which of the following is a recommended precaution to protect yourself from phishing emails?

Being cautious about unexpected attachments in emails.

What linguistic characteristic might indicate a phishing email?

Presence of spelling errors and poor grammar.

Which are common red flags of a phishing phone call?

The caller has a sense of urgency in their tone.

What should you do if you receive an unexpected email attachment from someone you know?

Call the sender to confirm they sent it.

What should you not do when you receive a call claiming you've won a valuable prize?

Trust the caller without checking their legitimacy.

Which of the following is a recommended tip to avoid falling victim to phishing calls?

Look up the phone number to see if others have reported it.

Which scenario represents a common tactic used by phishing callers?

Offering a free bonus for a product purchase.

What is a common violation made by scammers when asking for payments?

Requesting payment for taxes on a 'free' prize.

Before conducting business with an unfamiliar company, you should:

Request the salesperson's business license number.

What should you do if you suspect a call is a phishing attempt?

Look up the number to check if it was previously reported.

What statement correctly reflects the advice given for handling unfamiliar companies?

Legitimate companies will always provide credentials willingly.

Which of these actions is advised against when dealing with phishing calls?

Confirming details they ask about your identity.

Study Notes

### Phishing

• Phishing is the practice of attempting to steal money or personal information through deceptive emails, websites or phone calls.
• Cybercriminals can install malware on your computer, trick you into revealing sensitive information, or steal data directly.

Types of Phishing Attacks

• Social Engineering: Cybercriminals use publicly available personal information on social media (Name, Date of Birth, Location, Job, Hobbies, etc.) to create convincing phishing attacks.
• Link Manipulation: Attackers use deceptive techniques to make links in emails appear legitimate. Common tricks include misspelling URLs, using subdomains, and hiding the true destination of the link.
• Spear Phishing: Targeted attacks directed at specific individuals or companies, often leveraging social engineering to increase the success rate. It accounts for 91% of phishing attacks.
• Clone Phishing: Cybercriminals copy legitimate emails containing attachments or links and replace them with malicious versions, sending them from spoofed email addresses to trick recipients.
• Voice Phishing (Vishing): Attackers use social engineering over the phone to gain access to personal and financial information from unsuspecting individuals.

### Examples of Phishing Attacks

• Spear Phishing Example: Cybercriminals use social engineering to target individual users, often by creating a message mimicking a known organization like eBay. The message asks for user action, but the embedded button leads to a website designed to steal eBay credentials.
• Clone Phishing Example: Attackers create an almost identical copy of a legitimate PayPal email, changing the link or attachment with a malicious version. They rely on user familiarity with PayPal's appearance and email address to trick the recipient.
• Link Manipulation Example: Attackers leverage the recipient's trust in Valdosta.edu by using a subject line that creates a sense of urgency. They use a subject line and email address that appear to be from IT, including a link that seems to lead to the Valdosta.edu website. However, the link redirects to a malicious site designed to steal credentials or install malware.
• Social Engineering Examples: Cybercriminals use social media to target individuals with personalized messages based on their likes and interests, often with links designed to steal accounts and spread further phishing attacks. They can also use mass phishing attacks on social media, posing as legitimate users to trick recipients into clicking links and providing login credentials.

### Tell-tale Signs of a Phishing Email

• Invalid email address: Email addresses that do not belong to the organization being impersonated (e.g., Vaderbilt.edu instead of valdosta.edu)
• Missing "To" and "Cc": Emails without these fields could indicate a mass-targeted phishing attack.
• Generic Signatures: Non-personalized signatures can raise suspicion.
• Suspicious Link: It is crucial to hover over a link in an email to see the actual destination, which can expose attempts to redirect to malicious websites.

### Protecting Yourself from Phishing Emails

• Never share passwords or other sensitive information via email.
• Be cautious about opening attachments or downloading files from emails, even from known senders.
• If you receive unexpected attachments, call the sender to confirm legitimacy.
• Never enter personal information in pop-up windows.
• Always hover over links to check the actual destination.
• Look for "https://" and a lock icon in the address bar before entering sensitive data on websites.
• Watch out for spelling and grammatical errors in emails.

What to do if you suspect a phishing email

• Do not click any links or open attachments.
• Forward the suspicious email to [email protected] for analysis.
• If you have received an unexpected attachment from a known sender, call them immediately to confirm authenticity.

### Phishing Phone Calls (Vishing)

• Common Vishing tactics:
  • Claims of special selection for promotions or offers.
  • Free bonus offers with purchase.
  • Winning prizes in lottery.
  • Investment opportunities promising low risk and high returns.
  • Urgency to make a decision.
  • Claims of trust or authority.
  • Pressure to avoid verification.
  • Offers to add shipping and handling costs to credit cards.

### Protecting Yourself from Vishing Attacks

• Don't buy from unfamiliar companies.
• Research unfamiliar companies with consumer protection agencies, Better Business Bureau, or government resources.
• Obtain complete contact information (name, business identity, phone number, address, license number) before transacting business.
• Don't pay for "free prizes." This can be a violation of federal law.
• Never share credit card numbers, bank account details, or other sensitive information with unknown callers.
• Be cautious of offers to help recover lost money for a fee.

What to Do if You Suspect a Vishing Call

• Look up the phone number on Google and check websites like 800notes.com, callercenter.com, and callercomplaints.com for information on reported scams.
• Don't feel pressure to make immediate decisions.
• Protect your credit card, bank account, and Social Security numbers by not sharing them with unknown callers.
• Obtain all information in writing before agreeing to any purchases.
• Be wary of offers to help recover lost money for a fee.

Description

Test your knowledge on the various types of phishing attacks and their techniques. This quiz covers social engineering, link manipulation, spear phishing, and more. Learn how to identify and protect yourself from these cyber threats.