Section 6: Social Engineering and Ransomware Overview

Questions and Answers

What primary tactic do social engineering attacks exploit?

• Malware embedded in software
• Human psychological manipulation (correct)
• Advanced technological vulnerabilities
• Weaknesses in network infrastructure

Which of the following is NOT a method of social engineering?

• Phishing
• Wifihacking (correct)
• Vishing
• Pretexting

What psychological concept underpins social engineering techniques?

• Decision fatigue
• Reinforcement theory
• Social norms
• Cognitive biases (correct)

What type of social engineering involves deception through phone calls?

Vishing (D)

Why might individuals fall victim to social engineering attacks?

Lack of cybersecurity training (D)

In social engineering, what type of communication is usually employed to create urgency?

Urgent or threatening language (B)

What do attackers aim to achieve through pretexting?

Gathering personal information through impersonation (C)

What is the most effective immediate action to take if a ransomware attack is suspected?

Remove the malware and disconnect the workstation. (C)

Which of the following statements about paying a ransom is accurate?

Paying the ransom may encourage further attacks by hackers. (C)

What is considered the best defense against ransomware?

Using an antivirus and maintaining offline backups. (D)

Which of the following statements is NOT a valid consideration regarding ransom payments?

There are no ethical concerns related to paying ransoms. (C)

What precaution should you take when receiving a suspicious email about a password change?

Contact the IT department to verify the message. (A)

What technology has evolved into a common source for scams?

Caller ID (A)

Which scenario exemplifies Caller ID spoofing?

A call displays the IRS number while the caller is a scammer (D)

What common action do scammers often request in the context of the Internal Revenue Service scam?

Providing credit card details immediately (A)

What makes email sender spoofing particularly easy?

Availability of specific tools for spoofing (A)

How does basic Caller ID spoofing operate?

It alters the number when reaching the receiver's provider (D)

Which of the following is NOT a form of spoofing discussed?

Website spoofing (B)

What could happen if a receiver tries to call back a spoofed Caller ID number?

They will likely reach the actual owner of that number (C)

What is a common method by which email spoofing can occur?

Modifying the 'From' address in an email (A)

What psychological strategy do scammers often leverage through Caller ID spoofing?

Impersonating known institutions to gain trust (C)

What should you do first if you receive a suspicious notification or email?

Stop and examine the content before taking action. (A)

What is a common indicator of a fake email sender?

A warning notification from your email service. (A)

What is the purpose of checking the email's 'Show Original' feature?

To obtain the actual details of the sender. (A)

If an email claims to be from UOB but the sender's IP address is traced to the Czech Republic, what does this suggest?

The email is likely a scam attempting to impersonate UOB. (D)

Why is it advisable to write a web link manually instead of clicking on it?

To avoid potential redirection to a fake website. (A)

Which of the following is NOT mentioned as a warning sign of a scam?

Receiving unsolicited calls from unfamiliar numbers. (A)

What aspect of human behavior does social engineering primarily exploit?

Psychological impulses and reactions. (C)

What should you do if a website claims you are its exact 1,000,000th visitor?

Ignore it as it is likely a scam. (D)

What technique is suggested for verifying an IP address found in an email?

Searching the IP address on tracking websites. (B)

Which indicator is NOT typically associated with identifying a phishing email?

Request for both online ID and password (A)

What is a primary function of ransomware in cybersecurity threats?

To encrypt files and demand payment for decryption (A)

Which of the following methods is NOT a way that ransomware can be delivered to a user's system?

Direct downloads from official sites (C)

What should a user do to protect themselves from social engineering scams?

Stay calm and avoid panicking (B)

What characteristic would signal that a website may be involved in a phishing attempt?

The site only requests the online ID and not the password (A)

Which of the following describes crypto-ransomware specifically?

It encrypts certain file types and demands ransom for decryption (B)

What might indicate that you are in a 'secure area' on a suspicious website?

You see an unclear sign-in prompt (A)

Which action is least likely to lead to ransomware infection?

Downloading an email attachment from a trusted source (C)

What is a common misconception about ransomware?

It demands payment through cryptocurrencies only (D)

Identifying which feature is critical for avoiding falling victim to malicious websites?

Recognizing unusual URL structures (C)

What immediate action should be taken upon receiving a suspicious notification or email?

Stop and carefully assess the content before proceeding. (C)

What method can help determine the legitimacy of a sender in an email?

Checking the email details by using 'Show Original.' (C)

Why is it recommended to write the web link manually instead of clicking on it?

To guarantee the link will not lead to a scam. (C)

If an email appears to be from a reputable organization but the sender's IP address is traced to an unexpected location, what is the likely conclusion?

The email may be spoofed or fraudulent. (C)

When evaluating a suspicious Facebook page, which of the following could indicate it is fake?

An unusual number of likes. (A), The page lacks user interaction. (D)

What is a common strategy used by scammers to create urgency in their communication?

Claim that action is required to secure a limited-time offer. (B)

Which of the following is NOT a suggested action for avoiding social engineering scams?

Trusting unsolicited messages from unknown sources. (B)

What does receiving a notification that you are the 'exact 1,000,000th visitor' typically suggest?

A probable scam attempt. (C)

What is a crucial consideration when analyzing the links provided in suspicious emails?

Fake websites may mimic legitimate ones, so caution is needed. (B)

What psychological aspect do social engineering attacks primarily exploit?

Trust and the tendency to help others. (C)

Flashcards

What is social engineering?

Social engineering is a type of cyber attack that uses psychological manipulation to trick people into sharing sensitive information or performing actions that compromise their security.

What are cognitive biases?

Cognitive biases are mental shortcuts or patterns of thinking that can lead to errors in judgment. Attackers exploit these biases to make their social engineering tactics more effective.

What is phishing?

Phishing is a common social engineering technique where attackers send fake emails or messages that appear to be from legitimate sources, aiming to steal personal information or access to systems.

What is vishing?

Vishing is a type of phishing attack that uses phone calls to deceive victims. Attackers often impersonate legitimate organizations or individuals to gain information or access.

What is pretexting?

Pretexting is a form of social engineering where attackers create a false scenario or story to gain access to information or systems. They impersonate someone they're not to trick their targets.

What are social engineering methodologies?

Social engineering methodologies are the strategies and techniques that attackers use to manipulate people. These methodologies can include phishing, vishing, and pretexting, each exploiting different psychological vulnerabilities.

How do social engineers target victims?

Attackers can target individuals directly or exploit vulnerabilities within an organization. They might impersonate trusted figures, exploit fear, or create a sense of urgency to manipulate victims into acting against their best interests.

Caller ID Spoofing

A technique where the caller ID displayed on a recipient's phone shows a false number, often belonging to someone else, making the call appear legitimate.

The Internal Revenue Service Scam

A type of scam where criminals impersonate the IRS, calling people claiming they owe taxes or penalties and demanding immediate payment.

Email Spoofing

A way to deceive email recipients by making an email appear to be sent from a legitimate source, like a bank or a government agency.

Spoofing

A type of attack where criminals impersonate a trustworthy entity to gain access to sensitive information like passwords or credit card details.

How is email spoofing carried out?

Attackers can modify the sender's address in emails to make it appear as though the email is coming from a trusted source, even though it's not.

What is the goal of spoofing?

A way for malicious actors to get access to sensitive information, often by pretending to be someone they are not.

Phishing Email

An email sent to trick the recipient into providing sensitive information, like bank details, by making it look like it's from a legitimate source.

Social Engineering Techniques

Techniques used to deceive people into giving away personal information through fake phone calls or emails.

Spoofing as a Social Engineering Technique

A type of social engineering attack where attackers use fake phone calls or emails to deceive victims into giving away sensitive information.

Don't Panic!

When you receive an email, notification, warning, or call, stop before acting. Take a moment to look at your screen and pay attention to what's there.

Check for Email Warnings

Many email services have warnings for potentially fake email senders; look out for these.

Verify Website Links

Always check the website link in an email. It might appear to be from the original website, but could lead to a fake website.

Show Original: Get IP Address

By clicking "Show Original" in the top right corner of an email, you can see detailed information about the sender, including their actual IP address.

Track the IP Address

Use websites like https://domainbigdata.com to check the legitimacy of an IP address. If a company claims to be from a specific location, but their IP address is from a different country, it could be a scam.

Pay Attention to Visual Clues

Pay attention to the details of a Facebook page or website. If something seems off, it might be a scam. For example, if a website claims you're their 1,000,000th visitor, it's a red flag.

Social Engineering: Impersonation

Sometimes, attackers use social engineering techniques, such as phishing, to impersonate trusted individuals or organizations to gain access to sensitive information.

Exploiting Fear and Urgency

Attackers may use social engineering to exploit fear or create a sense of urgency, forcing victims to make hasty decisions that compromise their security.

Social Engineering: Manipulation

Social engineering attempts to manipulate people into giving up their valuable information or performing actions that harm their security.

Psychology of Social Engineering

Social engineering tactics rely on exploiting human psychology. Attackers may use psychological manipulation to deceive victims into making decisions that compromise their security.

What is Ransomware?

Ransomware is a type of malicious software that encrypts a victim's data, making it inaccessible unless they pay a ransom to the attackers. It is a serious threat to individuals and businesses alike.

What should you do if you suspect a ransomware attack?

It's crucial to act quickly. Removing the malware early can prevent it from encrypting all your files. Turn off the device and disconnect it from the network to stop it spreading.

How do you avoid ransomware?

Avoidance is the best defense against ransomware. Strong antivirus software and regular backups are essential.

Should you pay the ransom?

Paying the ransom is not guaranteed to work. Hackers might not decrypt your data, and it could incentivize more attacks. In some cases, it could also be illegal.

What is a fake bank alert?

An email designed to appear legitimate, but actually aims to steal your personal information or system access.

What is a phishing website?

A malicious website that is designed to look like a legitimate site, but is actually used to steal your information.

How does ransomware spread?

A type of malware that can be downloaded accidentally when visiting a malicious website, or through attachments in spam emails.

What is malvertising?

A type of advertising that uses deceptive tactics to lure users into visiting malicious websites and downloading malware.

What is an exploit kit?

An exploit kit is a collection of tools that hackers use to exploit vulnerabilities in a computer system to break in, spread malware, or steal data.

Study Notes

Social Engineering and Ransomware

• Many cyber security breaches are caused by human behavior, not technical vulnerabilities.
• This presentation covers how hackers exploit human weaknesses.
• Safe WiFi network use is critical to avoid attacks.
• Vishing, clickjacking, spoofing, and phishing are social engineering techniques.
• Ransomware is a type of malware that prevents or limits access to systems, often by encrypting files.

Social Engineering

• Social engineering manipulates people into performing actions or divulging confidential information.
• It's based on cognitive biases (human decision-making errors).
• Techniques include phishing, vishing, pretexting, and clickjacking.
• Phishing involves sending deceptive emails to gain sensitive information.
• Vishing uses phone calls to impersonate legitimate entities.
• Pretexting involves impersonating another person to gain information.
• Clickjacking tricks users into clicking on something different from what they intend.

Ransomware

• Ransomware prevents access to systems, often by encrypting files.
• Most ransomware is crypto-ransomware.
• Users are forced to pay a ransom for the decryption key.
• Ransomware can be downloaded from malicious websites and emails with attachments.
• Ransomware can spread through malvertisements (malicious advertisements).

Avoiding Social Engineering Scams

• Don't panic when receiving notifications, emails, warnings, or calls.
• Examine the website links provided in emails to ensure authenticity.
• Check details like sender's email address and domains.
• Check for fake websites and logos.

Spoofing

• Caller ID and email spoofing deceive users into providing credentials.
• Phone numbers can be spoofed to make calls appear to come from a different source.
• This can be used in scams requesting payment.

Email Spoofing

• Spoofing is as easy as faking physical mail.
• The "From" address in an email can be easily altered to make the email look legitimate.

Ransomware Defense

• Immediately remove malware if suspected.
• Disconnect and shut down systems to prevent spread.
• Use antivirus and maintain offline backups to avoid data loss.
• Do not pay the ransom. There is no guarantee the data will be recovered, and it might encourage more attacks.

Social Engineering and Ransomware Quiz Questions/Answers

• Question 1: What step in verifying an email from the IT department isn't advised?

  • Answer: Don't click on the link, instead call the IT department.

• Question 2: How to verify a bank email asking for identification?

  • Answer: Verify the domain, check for the bank logo, and manually access the online banking account.

• Question 3: Description of a phishing scam?

  • Answer: A phishing scam involves a request for personal information, initiated by an outside entity, and not an existing customer relationship.

• Question 4: Which characterizes a phishing scam?

  • Answer: Personal information request, initiated by an outside entity, and not an existing customer relationship

• Question 5: What communication entities can be spoofed?

  • Answer: Any communication entity: phone numbers, voices, email addresses.

• Question 6: When a bank email with a link is received?

  • Answer: Do not enter the link, and instead access their real official website to verify the request

• Question 7: True statement about ransomware?

  • Answer: Paying the ransom is not a reliable option for data recovery.