1_1_9 Section 1 – Attacks, Threats, and Vulnerabilities - Social Engineering - Other Social Engineering Attacks

Questions and Answers

What is tailgating in the context of office security?

Using a badge to gain access

Unauthorized individual following someone through a secure door (correct)

Following safety guidelines in the office

Bringing food into the office

What is the main motivation for someone to engage in tailgating?

Gaining unauthorized access to the building (correct)

Accidentally entering the building

Trying to socialize with colleagues

Getting free food from inside the building

How does Johnny Long demonstrate tailgating in his book, No Tech Hacking?

Using third-party clothing to blend in and gain access (correct)

Pretending to be a vendor inside the building

Hacking computer systems remotely

Creating a distraction to enter the building

What is a common tactic used by individuals engaging in tailgating at the office?

Pretending to be on a break in the smoking section

How do some individuals exploit the kindness of others to gain entry through a secure door?

By supplying food or treats and getting someone to hold the door open

Why is preventing tailgating important in an office environment?

To ensure the last line of defense before sensitive areas

What is the purpose of a visitor badge in most organizations?

To identify individuals who are allowed inside the building

What does the sign 'no tailgating, or one scan, one person' near a locked door signify?

Only one person should enter after a single badge scan

What is a common tactic used in an invoice scam?

Spoofing email addresses of high-level authorities

Why might an accounting department pay a fake invoice without proper verification?

The invoice looks legitimate and is from a familiar source

What is a credential harvesting attack focused on acquiring?

Usernames and passwords

How might an attacker execute a credential harvesting attack through email?

Sending a Microsoft Word document with malicious macros

Why is it crucial for users to have antivirus and anti-malware software?

To detect and stop credential harvesting attacks

What is the main goal of someone engaging in tailgating in an office environment?

To gain unauthorized access to the inside by following someone through a secured door

How might a person using tailgating blend in to gain unauthorized access?

Pretending to be a delivery person from a known vendor

What social engineering aspect is associated with tailgating?

Deceiving employees to hold the door open for them

In Johnny Long's book, how does he demonstrate gaining access through tailgating?

By using clothing from a third-party vendor to blend in

What is a common ruse used by individuals engaging in tailgating to gain entry?

Claiming to be an IT technician fixing a computer issue

What tactic might an individual use while tailgating to ensure someone holds the door open for them?

Offering to share their food or treats with others

What is a common tactic used in a credential harvesting attack?

Tricking the victim into opening a malicious Microsoft Word document

What is the primary purpose of a visitor badge in most organizations?

To identify individuals who are not regular members of the organization

How might an attacker gain access to usernames and passwords through a credential harvesting attack?

Extracting stored credentials using a malicious script

What is the danger of an attacker successfully executing a credential harvesting attack?

Stealing sensitive information without the victim's knowledge

Why do some attackers prefer sending a scam invoice with a spoofed address?

To trick the accounting department into making payments without verification

How does an attacker often attempt to trick users into executing a script that extracts credentials?

By sending emails with malicious Microsoft Word document attachments

What is the significance of organizations having policies related to visitor badges?

To prevent tailgating through secure doors

How does clicking on a link in a scam invoice email benefit an attacker?

Acquiring credit card or bank account details

What is the purpose of signs like 'no tailgating, or one scan, one person' near locked doors?

To remind individuals not to hold the door for others behind them

What is the potential consequence of an accounting department paying a fraudulent invoice without proper verification?

Erosion of trust between employees and management in the organization