1_1_2 Section 1 – Attacks, Threats, and Vulnerabilities - Social Engineering - Impersonation

Questions and Answers

What is the typical first step in an impersonation attack?

• Starting with a pretext (correct)
• Creating an actor
• Revealing the attacker's identity
• Developing a story

In the context of impersonation attacks, what is the role of Wendy in the described scenario?

• Computer technician
• Botnet operator
• Microsoft representative
• Impersonating individual (correct)

What is the main aim of the attacker in the scenario involving the US Treasury impersonation?

• To offer genuine assistance
• To obtain money fraudulently (correct)
• To execute an enforcement action
• To provide grammar lessons

What purpose does the 0% interest rate offer serve in the context of impersonation attacks?

Luring victims with false benefits (D)

Which element is crucial in setting up the scenario for an impersonation attack?

Pretext that contains lies (C)

What is the primary motive behind an attacker pretending to offer an urgent check-up call for a computer?

To gain unauthorized access or money fraudulently (C)

What is the term used to describe when an attacker pretends to be someone they are not?

Impersonation (D)

How does an attacker often choose who to impersonate during a scam?

Based on information gathered through reconnaissance (D)

What technique involves an attacker trying to confuse a victim by using a lot of technical terms?

Technical jargon overload (B)

Which type of attack involves the impersonation happening over the phone instead of email or text messages?

Smishing (B)

What is a common goal of attackers in gathering personal information from victims?

To commit identity fraud and other malicious activities (B)

Why is it important to avoid sharing personal details over the phone with unknown callers?

To prevent identity theft and fraud (D)

What is one common way attackers use personal information obtained through scams?

To open credit cards or make purchases in the victim's name (D)

Why is it mentioned that no one will ever ask for your password during technical support calls?

Because passwords are not needed for legitimate technical support assistance (B)

What is a common tactic used by attackers to gain a victim's trust before eliciting information?

Mentioning personal details about the victim to show credibility (D)

What is the purpose of a pretext in an impersonation attack?

To set up the scenario for the attack with a lie (C)

In the context of impersonation attacks, what is the significance of the attacker being referred to as an 'actor'?

They are pretending to be someone else to gain access or information (D)

What is the intended outcome of an impersonation attack that involves offering 0% interest rates on credit card accounts?

To defraud the victim by obtaining sensitive financial information (C)

What is the ultimate goal of an attacker who impersonates a representative from Microsoft Windows in a scam call?

To convince the victim that their computer has problems that need fixing (C)

How does an attacker typically gain access to a victim's computer in an impersonation scam involving 'urgent check-up calls'?

By convincing the victim to download malicious software (C)

Why do attackers often create elaborate stories during impersonation attacks?

To make their lies seem more convincing and manipulative (B)

What is the main reason attackers perform impersonation during scams?

To gather personal information (D)

Why do attackers often impersonate individuals of higher rank in an organization during scams?

To establish a sense of urgency (D)

In voice phishing (vishing), attackers aim to elicit information primarily through which medium?

Phone calls (D)

What psychological method do attackers commonly use to gather information from end users?

Social engineering techniques (A)

Why is it important for individuals to verify the identity of callers during suspicious phone calls?

To avoid falling for impersonation scams (A)

How do attackers use personal details obtained through scams, as mentioned in the text?

To open credit card accounts in the victim's name (D)

What is the term for the method where attackers get victims to provide sensitive information willingly?

Elicitation (C)

Why do attackers often research individuals before impersonating them during scams?

To gather personal information about the victim (C)

What is the primary goal of an attacker when using voice phishing (vishing) as mentioned in the text?

To elicit sensitive information from the victim (A)

What action should individuals take if they suspect they are being targeted by an impersonation scam according to the text?

Hang up and call back using a verified number (C)